chef 16.1.0-universal-mingw32 → 16.3.38-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (424) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -7
  3. data/README.md +3 -3
  4. data/Rakefile +4 -3
  5. data/chef-universal-mingw32.gemspec +2 -2
  6. data/chef.gemspec +7 -6
  7. data/distro/powershell/chef/chef.psm1 +3 -3
  8. data/distro/templates/powershell/chef/chef.psm1.erb +3 -3
  9. data/lib/chef/application.rb +12 -0
  10. data/lib/chef/application/apply.rb +2 -1
  11. data/lib/chef/application/base.rb +1 -1
  12. data/lib/chef/application/client.rb +1 -1
  13. data/lib/chef/application/windows_service_manager.rb +1 -1
  14. data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
  15. data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
  16. data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
  17. data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
  18. data/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb +1 -1
  19. data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
  20. data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
  21. data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
  22. data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
  23. data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +2 -2
  24. data/lib/chef/chef_fs/path_utils.rb +4 -4
  25. data/lib/chef/client.rb +3 -3
  26. data/lib/chef/cookbook/chefignore.rb +1 -1
  27. data/lib/chef/cookbook/file_system_file_vendor.rb +1 -1
  28. data/lib/chef/cookbook/metadata.rb +2 -2
  29. data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
  30. data/lib/chef/cookbook/syntax_check.rb +1 -2
  31. data/lib/chef/cookbook_loader.rb +16 -30
  32. data/lib/chef/cookbook_manifest.rb +1 -1
  33. data/lib/chef/cookbook_site_streaming_uploader.rb +1 -1
  34. data/lib/chef/cookbook_version.rb +4 -4
  35. data/lib/chef/data_bag.rb +5 -6
  36. data/lib/chef/data_collector.rb +1 -1
  37. data/lib/chef/data_collector/error_handlers.rb +1 -1
  38. data/lib/chef/decorator/lazy_array.rb +2 -2
  39. data/lib/chef/deprecated.rb +12 -0
  40. data/lib/chef/digester.rb +5 -4
  41. data/lib/chef/dsl/declare_resource.rb +1 -1
  42. data/lib/chef/dsl/platform_introspection.rb +2 -0
  43. data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
  44. data/lib/chef/encrypted_data_bag_item/encryptor.rb +1 -1
  45. data/lib/chef/environment.rb +1 -2
  46. data/lib/chef/exceptions.rb +3 -0
  47. data/lib/chef/file_access_control.rb +1 -1
  48. data/lib/chef/file_access_control/windows.rb +2 -2
  49. data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
  50. data/lib/chef/formatters/base.rb +1 -1
  51. data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +1 -1
  52. data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +3 -3
  53. data/lib/chef/http.rb +19 -4
  54. data/lib/chef/http/authenticator.rb +1 -1
  55. data/lib/chef/http/decompressor.rb +1 -1
  56. data/lib/chef/http/http_request.rb +1 -1
  57. data/lib/chef/http/json_output.rb +1 -1
  58. data/lib/chef/http/ssl_policies.rb +18 -0
  59. data/lib/chef/json_compat.rb +1 -1
  60. data/lib/chef/key.rb +1 -1
  61. data/lib/chef/knife.rb +6 -6
  62. data/lib/chef/knife/bootstrap.rb +24 -24
  63. data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
  64. data/lib/chef/knife/bootstrap/client_builder.rb +1 -1
  65. data/lib/chef/knife/bootstrap/templates/chef-full.erb +9 -9
  66. data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +3 -1
  67. data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
  68. data/lib/chef/knife/client_bulk_delete.rb +1 -1
  69. data/lib/chef/knife/config_get.rb +2 -1
  70. data/lib/chef/knife/config_list_profiles.rb +4 -1
  71. data/lib/chef/knife/config_use_profile.rb +15 -5
  72. data/lib/chef/knife/configure.rb +1 -1
  73. data/lib/chef/knife/cookbook_delete.rb +1 -1
  74. data/lib/chef/knife/cookbook_upload.rb +6 -14
  75. data/lib/chef/knife/core/bootstrap_context.rb +1 -1
  76. data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
  77. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  78. data/lib/chef/knife/core/hashed_command_loader.rb +2 -1
  79. data/lib/chef/knife/core/node_presenter.rb +1 -1
  80. data/lib/chef/knife/core/status_presenter.rb +1 -1
  81. data/lib/chef/knife/core/subcommand_loader.rb +21 -2
  82. data/lib/chef/knife/core/ui.rb +8 -2
  83. data/lib/chef/knife/core/windows_bootstrap_context.rb +18 -4
  84. data/lib/chef/knife/data_bag_create.rb +1 -1
  85. data/lib/chef/knife/key_create_base.rb +1 -1
  86. data/lib/chef/knife/key_edit_base.rb +1 -1
  87. data/lib/chef/knife/node_bulk_delete.rb +1 -1
  88. data/lib/chef/knife/node_run_list_remove.rb +1 -1
  89. data/lib/chef/knife/rehash.rb +3 -21
  90. data/lib/chef/knife/role_bulk_delete.rb +1 -1
  91. data/lib/chef/knife/ssh.rb +7 -3
  92. data/lib/chef/knife/supermarket_share.rb +1 -1
  93. data/lib/chef/knife/supermarket_unshare.rb +1 -1
  94. data/lib/chef/log.rb +8 -3
  95. data/lib/chef/mixin/api_version_request_handling.rb +1 -1
  96. data/lib/chef/mixin/checksum.rb +0 -1
  97. data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
  98. data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
  99. data/lib/chef/mixin/openssl_helper.rb +31 -9
  100. data/lib/chef/mixin/path_sanity.rb +5 -4
  101. data/lib/chef/mixin/properties.rb +2 -2
  102. data/lib/chef/mixin/securable.rb +2 -2
  103. data/lib/chef/mixin/shell_out.rb +4 -188
  104. data/lib/chef/mixin/template.rb +1 -0
  105. data/lib/chef/mixin/which.rb +6 -3
  106. data/lib/chef/mixins.rb +1 -0
  107. data/lib/chef/node.rb +36 -12
  108. data/lib/chef/node/attribute.rb +2 -2
  109. data/lib/chef/node/immutable_collections.rb +1 -1
  110. data/lib/chef/node_map.rb +21 -18
  111. data/lib/chef/platform/service_helpers.rb +31 -28
  112. data/lib/chef/policy_builder/policyfile.rb +1 -1
  113. data/lib/chef/powershell.rb +1 -1
  114. data/lib/chef/property.rb +2 -2
  115. data/lib/chef/provider.rb +3 -3
  116. data/lib/chef/provider/batch.rb +3 -10
  117. data/lib/chef/provider/cron.rb +2 -14
  118. data/lib/chef/provider/directory.rb +1 -1
  119. data/lib/chef/provider/execute.rb +2 -1
  120. data/lib/chef/provider/file.rb +1 -1
  121. data/lib/chef/provider/git.rb +12 -4
  122. data/lib/chef/provider/group/dscl.rb +2 -2
  123. data/lib/chef/provider/group/windows.rb +1 -1
  124. data/lib/chef/provider/ifconfig.rb +7 -7
  125. data/lib/chef/provider/mount/aix.rb +1 -1
  126. data/lib/chef/provider/mount/solaris.rb +0 -1
  127. data/lib/chef/provider/mount/windows.rb +2 -2
  128. data/lib/chef/provider/noop.rb +1 -1
  129. data/lib/chef/provider/package/chocolatey.rb +1 -1
  130. data/lib/chef/provider/package/dpkg.rb +1 -1
  131. data/lib/chef/provider/package/openbsd.rb +1 -1
  132. data/lib/chef/provider/package/portage.rb +3 -2
  133. data/lib/chef/provider/package/powershell.rb +6 -2
  134. data/lib/chef/provider/package/rubygems.rb +3 -3
  135. data/lib/chef/provider/package/snap.rb +97 -29
  136. data/lib/chef/provider/package/windows.rb +11 -6
  137. data/lib/chef/provider/package/windows/msi.rb +3 -3
  138. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
  139. data/lib/chef/provider/package/yum.rb +1 -1
  140. data/lib/chef/provider/package/yum/yum_cache.rb +1 -1
  141. data/lib/chef/provider/package/zypper.rb +0 -1
  142. data/lib/chef/provider/powershell_script.rb +10 -14
  143. data/lib/chef/provider/remote_directory.rb +2 -2
  144. data/lib/chef/provider/remote_file/http.rb +4 -1
  145. data/lib/chef/provider/script.rb +4 -75
  146. data/lib/chef/provider/service.rb +2 -2
  147. data/lib/chef/provider/service/arch.rb +2 -2
  148. data/lib/chef/provider/service/debian.rb +2 -2
  149. data/lib/chef/provider/service/openbsd.rb +4 -4
  150. data/lib/chef/provider/service/redhat.rb +1 -1
  151. data/lib/chef/provider/service/upstart.rb +1 -1
  152. data/lib/chef/provider/service/windows.rb +1 -1
  153. data/lib/chef/provider/subversion.rb +2 -2
  154. data/lib/chef/provider/user/aix.rb +1 -1
  155. data/lib/chef/provider/user/dscl.rb +6 -6
  156. data/lib/chef/provider/user/linux.rb +3 -3
  157. data/lib/chef/provider/user/mac.rb +15 -11
  158. data/lib/chef/provider/windows_script.rb +87 -25
  159. data/lib/chef/provider/windows_task.rb +4 -2
  160. data/lib/chef/provider/yum_repository.rb +1 -1
  161. data/lib/chef/provider/zypper_repository.rb +31 -11
  162. data/lib/chef/resource.rb +27 -14
  163. data/lib/chef/resource/alternatives.rb +1 -1
  164. data/lib/chef/resource/apt_package.rb +1 -1
  165. data/lib/chef/resource/archive_file.rb +28 -8
  166. data/lib/chef/resource/bash.rb +0 -1
  167. data/lib/chef/resource/batch.rb +4 -2
  168. data/lib/chef/resource/build_essential.rb +2 -2
  169. data/lib/chef/resource/chef_client_scheduled_task.rb +14 -2
  170. data/lib/chef/resource/chef_gem.rb +57 -21
  171. data/lib/chef/resource/chef_handler.rb +2 -2
  172. data/lib/chef/resource/chef_vault_secret.rb +1 -1
  173. data/lib/chef/resource/chocolatey_feature.rb +1 -2
  174. data/lib/chef/resource/cron/_cron_shared.rb +98 -0
  175. data/lib/chef/resource/cron/cron.rb +46 -0
  176. data/lib/chef/resource/{cron_d.rb → cron/cron_d.rb} +7 -87
  177. data/lib/chef/resource/cron_access.rb +13 -5
  178. data/lib/chef/resource/csh.rb +0 -1
  179. data/lib/chef/resource/dmg_package.rb +2 -2
  180. data/lib/chef/resource/execute.rb +480 -10
  181. data/lib/chef/resource/file.rb +10 -8
  182. data/lib/chef/resource/freebsd_package.rb +1 -1
  183. data/lib/chef/resource/gem_package.rb +35 -2
  184. data/lib/chef/resource/helpers/cron_validations.rb +6 -3
  185. data/lib/chef/resource/homebrew_package.rb +30 -1
  186. data/lib/chef/resource/homebrew_update.rb +107 -0
  187. data/lib/chef/resource/hostname.rb +7 -20
  188. data/lib/chef/resource/kernel_module.rb +14 -1
  189. data/lib/chef/resource/launchd.rb +1 -1
  190. data/lib/chef/resource/locale.rb +3 -3
  191. data/lib/chef/resource/lwrp_base.rb +1 -0
  192. data/lib/chef/resource/macos_userdefaults.rb +176 -56
  193. data/lib/chef/resource/mount.rb +1 -1
  194. data/lib/chef/resource/openssl_x509_certificate.rb +11 -14
  195. data/lib/chef/resource/openssl_x509_crl.rb +1 -2
  196. data/lib/chef/resource/perl.rb +0 -1
  197. data/lib/chef/resource/plist.rb +23 -4
  198. data/lib/chef/resource/powershell_script.rb +4 -2
  199. data/lib/chef/resource/python.rb +0 -1
  200. data/lib/chef/resource/remote_file.rb +26 -10
  201. data/lib/chef/resource/ruby.rb +0 -1
  202. data/lib/chef/resource/scm/git.rb +1 -1
  203. data/lib/chef/resource/service.rb +2 -2
  204. data/lib/chef/resource/ssh_known_hosts_entry.rb +16 -1
  205. data/lib/chef/resource/sudo.rb +30 -3
  206. data/lib/chef/resource/swap_file.rb +17 -0
  207. data/lib/chef/resource/template.rb +1 -1
  208. data/lib/chef/resource/timezone.rb +15 -0
  209. data/lib/chef/resource/user_ulimit.rb +1 -1
  210. data/lib/chef/resource/windows_ad_join.rb +30 -1
  211. data/lib/chef/resource/windows_audit_policy.rb +227 -0
  212. data/lib/chef/resource/windows_auto_run.rb +11 -0
  213. data/lib/chef/resource/windows_certificate.rb +27 -1
  214. data/lib/chef/resource/windows_dfs_server.rb +1 -1
  215. data/lib/chef/resource/windows_dns_record.rb +17 -0
  216. data/lib/chef/resource/windows_firewall_profile.rb +197 -0
  217. data/lib/chef/resource/windows_font.rb +3 -3
  218. data/lib/chef/resource/windows_package.rb +1 -1
  219. data/lib/chef/resource/windows_pagefile.rb +2 -2
  220. data/lib/chef/resource/windows_script.rb +2 -16
  221. data/lib/chef/resource/windows_security_policy.rb +67 -36
  222. data/lib/chef/resource/windows_shortcut.rb +1 -2
  223. data/lib/chef/resource/windows_task.rb +10 -10
  224. data/lib/chef/resource/windows_user_privilege.rb +33 -10
  225. data/lib/chef/resource/yum_repository.rb +9 -9
  226. data/lib/chef/resource_inspector.rb +11 -4
  227. data/lib/chef/resources.rb +5 -2
  228. data/lib/chef/role.rb +1 -2
  229. data/lib/chef/run_context/cookbook_compiler.rb +1 -1
  230. data/lib/chef/search/query.rb +1 -1
  231. data/lib/chef/shell/ext.rb +1 -1
  232. data/lib/chef/shell/shell_session.rb +2 -0
  233. data/lib/chef/util/diff.rb +2 -3
  234. data/lib/chef/util/windows/net_user.rb +1 -1
  235. data/lib/chef/util/windows/volume.rb +1 -1
  236. data/lib/chef/version.rb +2 -2
  237. data/lib/chef/win32/api.rb +2 -2
  238. data/lib/chef/win32/api/error.rb +3 -1
  239. data/lib/chef/win32/api/file.rb +1 -1
  240. data/lib/chef/win32/api/net.rb +1 -0
  241. data/lib/chef/win32/file.rb +1 -1
  242. data/lib/chef/win32/mutex.rb +1 -1
  243. data/lib/chef/win32/net.rb +1 -0
  244. data/lib/chef/win32/registry.rb +3 -4
  245. data/lib/chef/win32/security.rb +1 -1
  246. data/lib/chef/win32/security/sid.rb +4 -4
  247. data/spec/data/lwrp/providers/buck_passer.rb +1 -1
  248. data/spec/data/lwrp/providers/buck_passer_2.rb +1 -1
  249. data/spec/data/lwrp/providers/embedded_resource_accesses_providers_scope.rb +1 -1
  250. data/spec/functional/knife/configure_spec.rb +1 -1
  251. data/spec/functional/knife/ssh_spec.rb +5 -16
  252. data/spec/functional/resource/aix_service_spec.rb +9 -2
  253. data/spec/functional/resource/aixinit_service_spec.rb +1 -2
  254. data/spec/functional/resource/apt_package_spec.rb +0 -1
  255. data/spec/functional/resource/bash_spec.rb +3 -2
  256. data/spec/functional/resource/bff_spec.rb +1 -1
  257. data/spec/functional/resource/chocolatey_package_spec.rb +4 -0
  258. data/spec/functional/resource/cron_spec.rb +20 -2
  259. data/spec/functional/resource/dnf_package_spec.rb +6 -3
  260. data/spec/functional/resource/execute_spec.rb +1 -1
  261. data/spec/functional/resource/git_spec.rb +29 -7
  262. data/spec/functional/resource/group_spec.rb +15 -3
  263. data/spec/functional/resource/ifconfig_spec.rb +9 -1
  264. data/spec/functional/resource/insserv_spec.rb +3 -3
  265. data/spec/functional/resource/link_spec.rb +2 -5
  266. data/spec/functional/resource/mount_spec.rb +9 -1
  267. data/spec/functional/resource/msu_package_spec.rb +9 -3
  268. data/spec/functional/resource/powershell_script_spec.rb +4 -4
  269. data/spec/functional/resource/remote_file_spec.rb +9 -15
  270. data/spec/functional/resource/rpm_spec.rb +1 -1
  271. data/spec/functional/resource/timezone_spec.rb +2 -0
  272. data/spec/functional/resource/windows_package_spec.rb +0 -1
  273. data/spec/functional/resource/windows_path_spec.rb +4 -0
  274. data/spec/functional/resource/windows_security_policy_spec.rb +0 -1
  275. data/spec/functional/resource/windows_service_spec.rb +4 -0
  276. data/spec/functional/resource/windows_task_spec.rb +16 -15
  277. data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
  278. data/spec/functional/resource/yum_package_spec.rb +4 -1
  279. data/spec/functional/resource/zypper_package_spec.rb +4 -1
  280. data/spec/functional/run_lock_spec.rb +2 -1
  281. data/spec/functional/shell_spec.rb +5 -6
  282. data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
  283. data/spec/functional/version_spec.rb +1 -1
  284. data/spec/functional/win32/crypto_spec.rb +1 -1
  285. data/spec/integration/knife/config_list_profiles_spec.rb +30 -2
  286. data/spec/integration/knife/config_use_profile_spec.rb +55 -2
  287. data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
  288. data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
  289. data/spec/integration/knife/environment_from_file_spec.rb +1 -1
  290. data/spec/integration/knife/node_from_file_spec.rb +1 -1
  291. data/spec/integration/knife/role_from_file_spec.rb +1 -1
  292. data/spec/integration/recipes/accumulator_spec.rb +1 -1
  293. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
  294. data/spec/integration/recipes/lwrp_spec.rb +1 -1
  295. data/spec/integration/recipes/notifies_spec.rb +1 -1
  296. data/spec/integration/recipes/notifying_block_spec.rb +1 -1
  297. data/spec/integration/recipes/recipe_dsl_spec.rb +5 -1
  298. data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
  299. data/spec/integration/recipes/resource_load_spec.rb +4 -2
  300. data/spec/integration/recipes/unified_mode_spec.rb +1 -1
  301. data/spec/integration/recipes/use_partial_spec.rb +1 -1
  302. data/spec/scripts/ssl-serve.rb +1 -1
  303. data/spec/spec_helper.rb +10 -4
  304. data/spec/support/chef_helpers.rb +2 -21
  305. data/spec/support/platform_helpers.rb +1 -3
  306. data/spec/support/platforms/win32/spec_service.rb +1 -1
  307. data/spec/support/shared/functional/execute_resource.rb +1 -1
  308. data/spec/support/shared/functional/file_resource.rb +0 -1
  309. data/spec/support/shared/functional/securable_resource.rb +1 -2
  310. data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
  311. data/spec/support/shared/functional/windows_script.rb +3 -3
  312. data/spec/support/shared/integration/knife_support.rb +2 -9
  313. data/spec/support/shared/unit/application_dot_d.rb +0 -1
  314. data/spec/support/shared/unit/execute_resource.rb +1 -1
  315. data/spec/support/shared/unit/provider/file.rb +12 -8
  316. data/spec/support/shared/unit/provider/useradd_based_user_provider.rb +4 -4
  317. data/spec/unit/application/solo_spec.rb +4 -2
  318. data/spec/unit/application_spec.rb +11 -2
  319. data/spec/unit/chef_fs/config_spec.rb +2 -2
  320. data/spec/unit/chef_fs/diff_spec.rb +8 -8
  321. data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
  322. data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
  323. data/spec/unit/client_spec.rb +4 -1
  324. data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
  325. data/spec/unit/cookbook/synchronizer_spec.rb +26 -24
  326. data/spec/unit/data_bag_spec.rb +6 -3
  327. data/spec/unit/data_collector_spec.rb +1 -1
  328. data/spec/unit/decorator_spec.rb +23 -23
  329. data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
  330. data/spec/unit/environment_spec.rb +5 -1
  331. data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
  332. data/spec/unit/guard_interpreter_spec.rb +1 -1
  333. data/spec/unit/http/api_versions_spec.rb +1 -1
  334. data/spec/unit/http/ssl_policies_spec.rb +20 -0
  335. data/spec/unit/json_compat_spec.rb +1 -1
  336. data/spec/unit/knife/bootstrap_spec.rb +5 -8
  337. data/spec/unit/knife/cookbook_download_spec.rb +2 -2
  338. data/spec/unit/knife/cookbook_show_spec.rb +6 -7
  339. data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
  340. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +7 -1
  341. data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
  342. data/spec/unit/log/syslog_spec.rb +6 -10
  343. data/spec/unit/log/winevt_spec.rb +21 -13
  344. data/spec/unit/lwrp_spec.rb +9 -6
  345. data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
  346. data/spec/unit/mixin/openssl_helper_spec.rb +4 -4
  347. data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
  348. data/spec/unit/mixin/powershell_out_spec.rb +2 -4
  349. data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
  350. data/spec/unit/mixin/securable_spec.rb +0 -1
  351. data/spec/unit/mixin/shell_out_spec.rb +25 -26
  352. data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
  353. data/spec/unit/mixin/unformatter_spec.rb +2 -2
  354. data/spec/unit/mixin/uris_spec.rb +1 -1
  355. data/spec/unit/mixin/user_context_spec.rb +1 -9
  356. data/spec/unit/mixin/which.rb +8 -0
  357. data/spec/unit/node/attribute_spec.rb +1 -1
  358. data/spec/unit/node_spec.rb +98 -11
  359. data/spec/unit/property_spec.rb +6 -6
  360. data/spec/unit/provider/batch_spec.rb +130 -0
  361. data/spec/unit/provider/cron/unix_spec.rb +1 -1
  362. data/spec/unit/provider/cron_spec.rb +9 -49
  363. data/spec/unit/provider/dsc_resource_spec.rb +22 -38
  364. data/spec/unit/provider/dsc_script_spec.rb +10 -10
  365. data/spec/unit/provider/execute_spec.rb +1 -8
  366. data/spec/unit/provider/git_spec.rb +3 -3
  367. data/spec/unit/provider/group/groupadd_spec.rb +1 -1
  368. data/spec/unit/provider/ifconfig_spec.rb +0 -1
  369. data/spec/unit/provider/mdadm_spec.rb +1 -3
  370. data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
  371. data/spec/unit/provider/package/openbsd_spec.rb +1 -1
  372. data/spec/unit/provider/package/pacman_spec.rb +17 -20
  373. data/spec/unit/provider/package/portage_spec.rb +2 -2
  374. data/spec/unit/provider/package/powershell_spec.rb +96 -87
  375. data/spec/unit/provider/package/rubygems_spec.rb +5 -10
  376. data/spec/unit/provider/package/smartos_spec.rb +1 -1
  377. data/spec/unit/provider/package/snap_spec.rb +1 -1
  378. data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
  379. data/spec/unit/provider/package/windows_spec.rb +30 -53
  380. data/spec/unit/provider/powershell_script_spec.rb +3 -45
  381. data/spec/unit/provider/script_spec.rb +20 -110
  382. data/spec/unit/provider/service/redhat_spec.rb +1 -1
  383. data/spec/unit/provider/service/windows_spec.rb +2 -6
  384. data/spec/unit/provider/systemd_unit_spec.rb +28 -24
  385. data/spec/unit/provider/user/dscl_spec.rb +2 -2
  386. data/spec/unit/provider/windows_env_spec.rb +5 -4
  387. data/spec/unit/provider/zypper_repository_spec.rb +60 -10
  388. data/spec/unit/provider_spec.rb +1 -0
  389. data/spec/unit/resource/archive_file_spec.rb +11 -2
  390. data/spec/unit/resource/chef_client_cron_spec.rb +23 -7
  391. data/spec/unit/resource/chef_client_scheduled_task_spec.rb +17 -7
  392. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +7 -4
  393. data/spec/unit/resource/cron_spec.rb +2 -2
  394. data/spec/unit/resource/execute_spec.rb +10 -0
  395. data/spec/unit/resource/file/verification_spec.rb +2 -1
  396. data/spec/unit/resource/helpers/cron_validations_spec.rb +5 -1
  397. data/spec/unit/resource/homebrew_update_spec.rb +30 -0
  398. data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
  399. data/spec/unit/resource/powershell_script_spec.rb +10 -15
  400. data/spec/unit/resource/timezone_spec.rb +1 -1
  401. data/spec/unit/resource/windows_audit_policy_spec.rb +64 -0
  402. data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
  403. data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
  404. data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
  405. data/spec/unit/resource/windows_package_spec.rb +1 -0
  406. data/spec/unit/resource/windows_task_spec.rb +1 -1
  407. data/spec/unit/resource/windows_uac_spec.rb +2 -2
  408. data/spec/unit/resource/yum_repository_spec.rb +21 -21
  409. data/spec/unit/resource_reporter_spec.rb +1 -1
  410. data/spec/unit/resource_spec.rb +84 -1
  411. data/spec/unit/role_spec.rb +23 -21
  412. data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
  413. data/spec/unit/run_lock_spec.rb +1 -1
  414. data/spec/unit/scan_access_control_spec.rb +1 -1
  415. data/spec/unit/util/backup_spec.rb +1 -1
  416. data/spec/unit/util/diff_spec.rb +1 -15
  417. data/spec/unit/util/dsc/configuration_generator_spec.rb +1 -1
  418. data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
  419. data/spec/unit/util/selinux_spec.rb +2 -1
  420. data/spec/unit/util/threaded_job_queue_spec.rb +9 -0
  421. data/spec/unit/win32/registry_spec.rb +1 -1
  422. data/spec/unit/win32/security_spec.rb +4 -3
  423. metadata +68 -40
  424. data/lib/chef/resource/cron.rb +0 -157
@@ -50,7 +50,7 @@ class Chef
50
50
  description: "The type of device: :device, :label, or :uuid",
51
51
  coerce: proc { |arg| arg.is_a?(String) ? arg.to_sym : arg },
52
52
  default: :device,
53
- equal_to: RUBY_PLATFORM =~ /solaris/i ? %i{ device } : %i{ device label uuid }
53
+ equal_to: RUBY_PLATFORM.match?(/solaris/i) ? %i{ device } : %i{ device label uuid }
54
54
 
55
55
  # @todo this should get refactored away: https://github.com/chef/chef/issues/7621
56
56
  property :mounted, [TrueClass, FalseClass], default: false, skip_docs: true
@@ -206,12 +206,11 @@ class Chef
206
206
  end
207
207
 
208
208
  def request
209
- request = if new_resource.csr_file.nil?
210
- gen_x509_request(subject, key)
211
- else
212
- OpenSSL::X509::Request.new ::File.read(new_resource.csr_file)
213
- end
214
- request
209
+ if new_resource.csr_file.nil?
210
+ gen_x509_request(subject, key)
211
+ else
212
+ OpenSSL::X509::Request.new ::File.read(new_resource.csr_file)
213
+ end
215
214
  end
216
215
 
217
216
  def subject
@@ -227,12 +226,11 @@ class Chef
227
226
  end
228
227
 
229
228
  def ca_private_key
230
- ca_private_key = if new_resource.csr_file.nil?
231
- key
232
- else
233
- OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
234
- end
235
- ca_private_key
229
+ if new_resource.csr_file.nil?
230
+ key
231
+ else
232
+ OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
233
+ end
236
234
  end
237
235
 
238
236
  def ca_info
@@ -258,8 +256,7 @@ class Chef
258
256
  end
259
257
 
260
258
  def cert
261
- cert = gen_x509_cert(request, extensions, ca_info, ca_private_key)
262
- cert
259
+ gen_x509_cert(request, extensions, ca_info, ca_private_key)
263
260
  end
264
261
  end
265
262
  end
@@ -113,8 +113,7 @@ class Chef
113
113
  end
114
114
 
115
115
  def ca_private_key
116
- ca_private_key = ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
117
- ca_private_key
116
+ ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
118
117
  end
119
118
 
120
119
  def crl
@@ -17,7 +17,6 @@
17
17
  #
18
18
 
19
19
  require_relative "script"
20
- require_relative "../provider/script"
21
20
 
22
21
  class Chef
23
22
  class Resource
@@ -28,14 +28,33 @@ class Chef
28
28
 
29
29
  description "Use the **plist** resource to set config values in plist files on macOS systems."
30
30
  introduced "16.0"
31
+ examples <<~DOC
32
+ **Show hidden files in finder**:
33
+
34
+ ```ruby
35
+ plist 'show hidden files' do
36
+ path '/Users/vagrant/Library/Preferences/com.apple.finder.plist'
37
+ entry 'AppleShowAllFiles'
38
+ value true
39
+ end
40
+ ```
41
+ DOC
42
+
43
+ property :path, String, name_property: true,
44
+ description: "The path on disk to the plist file."
31
45
 
32
- property :path, String, name_property: true
33
46
  property :entry, String
34
47
  property :value, [TrueClass, FalseClass, String, Integer, Float, Hash]
35
48
  property :encoding, String, default: "binary"
36
- property :owner, String, default: "root"
37
- property :group, String, default: "wheel"
38
- property :mode, [String, Integer]
49
+
50
+ property :owner, String, default: "root",
51
+ description: "The owner of the plist file."
52
+
53
+ property :group, String, default: "wheel",
54
+ description: "The group of the plist file."
55
+
56
+ property :mode, [String, Integer],
57
+ description: "The file mode of the plist file. Ex: '644'"
39
58
 
40
59
  PLISTBUDDY_EXECUTABLE = "/usr/libexec/PlistBuddy".freeze
41
60
  DEFAULTS_EXECUTABLE = "/usr/bin/defaults".freeze
@@ -48,8 +48,10 @@ class Chef
48
48
  " idempotent, as they are typically unique to the environment in which they are run. Use not_if"\
49
49
  " and only_if to guard this resource for idempotence."
50
50
 
51
- def initialize(name, run_context = nil)
52
- super(name, run_context, :powershell_script, "powershell.exe")
51
+ def initialize(*args)
52
+ super
53
+ @interpreter = "powershell.exe"
54
+ @default_guard_interpreter = resource_name
53
55
  @convert_boolean_return = false
54
56
  end
55
57
 
@@ -16,7 +16,6 @@
16
16
  #
17
17
 
18
18
  require_relative "script"
19
- require_relative "../provider/script"
20
19
 
21
20
  class Chef
22
21
  class Resource
@@ -22,6 +22,7 @@ require_relative "file"
22
22
  require_relative "../provider/remote_file"
23
23
  require_relative "../mixin/securable"
24
24
  require_relative "../mixin/uris"
25
+ require_relative "../dist"
25
26
 
26
27
  class Chef
27
28
  class Resource
@@ -31,7 +32,7 @@ class Chef
31
32
 
32
33
  provides :remote_file
33
34
 
34
- description "Use the **remote_file** resource to transfer a file from a remote location using file specificity. This resource is similar to the file resource."
35
+ description "Use the **remote_file** resource to transfer a file from a remote location using file specificity. This resource is similar to the **file** resource. Note: Fetching files from the `files/` directory in a cookbook should be done with the **cookbook_file** resource."
35
36
 
36
37
  def initialize(name, run_context = nil)
37
38
  super
@@ -72,7 +73,8 @@ class Chef
72
73
  end
73
74
  end
74
75
 
75
- property :checksum, String
76
+ property :checksum, String,
77
+ description: "Optional, see `use_conditional_get`. The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{Chef::Dist::PRODUCT} does not download it."
76
78
 
77
79
  # Disable or enable ETag and Last Modified conditional GET. Equivalent to
78
80
  # use_etag(true_or_false)
@@ -82,25 +84,39 @@ class Chef
82
84
  use_last_modified(true_or_false)
83
85
  end
84
86
 
85
- property :use_etag, [ TrueClass, FalseClass ], default: true
87
+ property :use_etag, [ TrueClass, FalseClass ], default: true,
88
+ description: "Enable ETag headers. Set to false to disable ETag headers. To use this setting, `use_conditional_get` must also be set to true."
86
89
 
87
90
  alias :use_etags :use_etag
88
91
 
89
- property :use_last_modified, [ TrueClass, FalseClass ], default: true
92
+ property :use_last_modified, [ TrueClass, FalseClass ], default: true,
93
+ description: "Enable `If-Modified-Since` headers. Set to `false` to disable `If-Modified-Since` headers. To use this setting, `use_conditional_get` must also be set to `true`."
90
94
 
91
- property :ftp_active_mode, [ TrueClass, FalseClass ], default: false
95
+ property :ftp_active_mode, [ TrueClass, FalseClass ], default: false,
96
+ description: "Whether #{Chef::Dist::PRODUCT} uses active or passive FTP. Set to `true` to use active FTP."
92
97
 
93
- property :headers, Hash, default: lazy { {} }
98
+ property :headers, Hash, default: lazy { {} },
99
+ description: "A Hash of custom HTTP headers."
94
100
 
95
101
  property :show_progress, [ TrueClass, FalseClass ], default: false
96
102
 
97
- property :remote_user, String
103
+ property :ssl_verify_mode, Symbol, equal_to: %i{verify_none verify_peer},
104
+ introduced: "16.2",
105
+ description: "Optional property to override SSL policy. If not specified, uses the SSL policy from `config.rb`."
98
106
 
99
- property :remote_domain, String
107
+ property :remote_user, String,
108
+ introduced: "13.4",
109
+ description: '**Windows only** The name of a user with access to the remote file specified by the source property. The user name may optionally be specified with a domain, such as: `domain\user` or `user@my.dns.domain.com` via Universal Principal Name (UPN) format. The domain may also be set using the `remote_domain` property. Note that this property is ignored if source is not a UNC path. If this property is specified, the `remote_password` property is required.'
100
110
 
101
- property :remote_password, String, sensitive: true
111
+ property :remote_domain, String,
112
+ introduced: "13.4",
113
+ description: "**Windows only** The domain of the user specified by the `remote_user` property. By default the resource will authenticate against the domain of the remote system, or as a local account if the remote system is not joined to a domain. If the remote system is not part of a domain, it is necessary to authenticate as a local user on the remote system by setting the domain to `.`, for example: remote_domain '.'. The domain may also be specified as part of the `remote_user` property."
102
114
 
103
- property :authentication, equal_to: %i{remote local}, default: :remote
115
+ property :remote_password, String, sensitive: true,
116
+ introduced: "13.4",
117
+ description: "**Windows only** The password of the user specified by the `remote_user` property. This property is required if `remote_user` is specified and may only be specified if `remote_user` is specified. The `sensitive` property for this resource will automatically be set to `true` if `remote_password` is specified."
118
+
119
+ property :authentication, Symbol, equal_to: %i{remote local}, default: :remote
104
120
 
105
121
  def after_created
106
122
  validate_identity_platform(remote_user, remote_password, remote_domain)
@@ -17,7 +17,6 @@
17
17
  #
18
18
 
19
19
  require_relative "script"
20
- require_relative "../provider/script"
21
20
 
22
21
  class Chef
23
22
  class Resource
@@ -53,7 +53,7 @@ class Chef
53
53
  description: "The path to the wrapper script used when running SSH with git. The `GIT_SSH` environment variable is set to this."
54
54
 
55
55
  property :checkout_branch, String,
56
- description: "Set this to use a local branch to avoid checking SHAs or tags to a detatched head state."
56
+ description: "Set this to use a local branch to avoid checking SHAs or tags to a detached head state."
57
57
 
58
58
  alias :branch :revision
59
59
  alias :reference :revision
@@ -25,8 +25,8 @@ require_relative "../dist"
25
25
  class Chef
26
26
  class Resource
27
27
  class Service < Chef::Resource
28
- include ChefUtils::DSL::Service
29
- extend ChefUtils::DSL::Service
28
+ include Chef::Platform::ServiceHelpers
29
+ extend Chef::Platform::ServiceHelpers
30
30
  unified_mode true
31
31
 
32
32
  provides :service, target_mode: true
@@ -29,6 +29,21 @@ class Chef
29
29
 
30
30
  description "Use the **ssh_known_hosts_entry** resource to add an entry for the specified host in /etc/ssh/ssh_known_hosts or a user's known hosts file if specified."
31
31
  introduced "14.3"
32
+ examples <<~DOC
33
+ **Add a single entry for github.com with the key auto detected**
34
+
35
+ ```ruby
36
+ ssh_known_hosts_entry 'github.com'
37
+ ```
38
+
39
+ **Add a single entry with your own provided key**
40
+
41
+ ```ruby
42
+ ssh_known_hosts_entry 'github.com' do
43
+ key 'node.example.com ssh-rsa ...'
44
+ end
45
+ ```
46
+ DOC
32
47
 
33
48
  property :host, String,
34
49
  description: "The host to add to the known hosts file.",
@@ -91,7 +106,7 @@ class Chef
91
106
 
92
107
  r = with_run_context :root do
93
108
  find_resource(:template, "update ssh known hosts file #{new_resource.file_location}") do
94
- source ::File.expand_path("../support/ssh_known_hosts.erb", __FILE__)
109
+ source ::File.expand_path("support/ssh_known_hosts.erb", __dir__)
95
110
  local true
96
111
  path new_resource.file_location
97
112
  owner new_resource.owner
@@ -34,6 +34,33 @@ class Chef
34
34
  " installation of the required sudo version. Chef-supported releases of Ubuntu, SuSE, Debian,"\
35
35
  " and RHEL (6+) all support this feature."
36
36
  introduced "14.0"
37
+ examples <<~DOC
38
+ **Grant a user sudo privileges for any command**
39
+
40
+ ```ruby
41
+ sudo 'admin' do
42
+ user 'admin'
43
+ end
44
+ ```
45
+
46
+ **Grant a user and groups sudo privileges for any command**
47
+
48
+ ```ruby
49
+ sudo 'admins' do
50
+ users 'bob'
51
+ groups 'sysadmins, superusers'
52
+ end
53
+ ```
54
+
55
+ **Grant passwordless sudo privileges for specific commands**
56
+
57
+ ```ruby
58
+ sudo 'passwordless-access' do
59
+ commands ['/bin/systemctl restart httpd', '/bin/systemctl restart mysql']
60
+ nopasswd true
61
+ end
62
+ ```
63
+ DOC
37
64
 
38
65
  # According to the sudo man pages sudo will ignore files in an include dir that have a `.` or `~`
39
66
  # We convert either to `__`
@@ -53,7 +80,7 @@ class Chef
53
80
  coerce: proc { |x| coerce_groups(x) }
54
81
 
55
82
  property :commands, Array,
56
- description: "An array of commands this sudoer can execute.",
83
+ description: "An array of full paths to commands this sudoer can execute.",
57
84
  default: ["ALL"]
58
85
 
59
86
  property :host, String,
@@ -112,7 +139,7 @@ class Chef
112
139
 
113
140
  # handle legacy cookbook property
114
141
  def after_created
115
- raise "The 'visudo_path' property from the sudo cookbook has been replaced with the 'visudo_binary' property. The path is now more intelligently determined and for most users specifying the path should no longer be necessary. If this resource still cannot determine the path to visudo then provide the full path to the binary with the 'visudo_binary' property." if visudo_path
142
+ raise "The 'visudo_path' property from the sudo cookbook has been replaced with the 'visudo_binary' property. The path is now more intelligently determined and for most users specifying the path should no longer be necessary. If this resource still cannot determine the path to visudo then provide the absolute path to the binary with the 'visudo_binary' property." if visudo_path
116
143
  end
117
144
 
118
145
  # VERY old legacy properties
@@ -172,7 +199,7 @@ class Chef
172
199
  end
173
200
  else
174
201
  template file_path do
175
- source ::File.expand_path("../support/sudoer.erb", __FILE__)
202
+ source ::File.expand_path("support/sudoer.erb", __dir__)
176
203
  local true
177
204
  mode "0440"
178
205
  variables sudoer: (new_resource.groups + new_resource.users).join(","),
@@ -26,6 +26,23 @@ class Chef
26
26
 
27
27
  description "Use the **swap_file** resource to create or delete swap files on Linux systems, and optionally to manage the swappiness configuration for a host."
28
28
  introduced "14.0"
29
+ examples <<~DOC
30
+ **Create a swap file**
31
+
32
+ ```ruby
33
+ swap_file '/dev/sda1' do
34
+ size 1024
35
+ end
36
+ ```
37
+
38
+ **Remove a swap file**
39
+
40
+ ```ruby
41
+ swap_file '/dev/sda1' do
42
+ action :remove
43
+ end
44
+ ```
45
+ DOC
29
46
 
30
47
  property :path, String,
31
48
  description: "The path where the swap file will be created on the system if it differs from the resource block's name.",
@@ -69,7 +69,7 @@ class Chef
69
69
 
70
70
  property :local, [ TrueClass, FalseClass ],
71
71
  default: false, desired_state: false,
72
- description: "Load a template from a local path. By default, the #{Chef::Dist::CLIENT} loads templates from a cookbooks /templates directory. When this property is set to true, use the source property to specify the path to a template on the local node."
72
+ description: "Load a template from a local path. By default, the #{Chef::Dist::CLIENT} loads templates from a cookbook's /templates directory. When this property is set to true, use the source property to specify the path to a template on the local node."
73
73
 
74
74
  # Declares a helper method to be defined in the template context when
75
75
  # rendering.
@@ -28,6 +28,21 @@ class Chef
28
28
 
29
29
  description "Use the **timezone** resource to change the system timezone on Windows, Linux, and macOS hosts. Timezones are specified in tz database format, with a complete list of available TZ values for Linux and macOS here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones and for Windows here: https://ss64.com/nt/timezones.html."
30
30
  introduced "14.6"
31
+ examples <<~DOC
32
+ **Set the timezone to UTC**
33
+
34
+ ```ruby
35
+ timezone 'UTC'
36
+ ```
37
+
38
+ **Set the timezone to UTC with a friendly resource name**
39
+
40
+ ```ruby
41
+ timezone 'Set the host's timezone to UTC' do
42
+ timezone 'UTC'
43
+ end
44
+ ```
45
+ DOC
31
46
 
32
47
  property :timezone, String,
33
48
  description: "An optional property to set the timezone value if it differs from the resource block's name.",
@@ -80,7 +80,7 @@ class Chef
80
80
 
81
81
  action :create do
82
82
  template "/etc/security/limits.d/#{new_resource.filename}" do
83
- source ::File.expand_path("../support/ulimit.erb", __FILE__)
83
+ source ::File.expand_path("support/ulimit.erb", __dir__)
84
84
  local true
85
85
  mode "0644"
86
86
  variables(
@@ -25,6 +25,35 @@ class Chef
25
25
 
26
26
  description "Use the **windows_ad_join** resource to join a Windows Active Directory domain."
27
27
  introduced "14.0"
28
+ examples <<~DOC
29
+ **Join a domain**
30
+
31
+ ```ruby
32
+ windows_ad_join 'ad.example.org' do
33
+ domain_user 'nick'
34
+ domain_password 'p@ssw0rd1'
35
+ end
36
+ ```
37
+
38
+ **Join a domain, as `win-workstation`**
39
+
40
+ ```ruby
41
+ windows_ad_join 'ad.example.org' do
42
+ domain_user 'nick'
43
+ domain_password 'p@ssw0rd1'
44
+ new_hostname 'win-workstation'
45
+ end
46
+ ```
47
+
48
+ **Leave the current domain and re-join the `local` workgroup**
49
+
50
+ ```ruby
51
+ windows_ad_join 'Leave domain' do
52
+ action :leave
53
+ workgroup 'local'
54
+ end
55
+ ```
56
+ DOC
28
57
 
29
58
  property :domain_name, String,
30
59
  description: "An optional property to set the FQDN of the Active Directory domain to join if it differs from the resource block's name.",
@@ -175,7 +204,7 @@ class Chef
175
204
  # links: https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname https://tools.ietf.org/html/rfc822
176
205
  # regex: https://rubular.com/r/isAWojpTMKzlnp
177
206
  def sanitize_usename
178
- if new_resource.domain_user =~ /@/
207
+ if /@/.match?(new_resource.domain_user)
179
208
  new_resource.domain_user
180
209
  else
181
210
  "#{new_resource.domain_user}@#{new_resource.domain_name}"
@@ -0,0 +1,227 @@
1
+ #
2
+ # Author:: Ross Moles (<rmoles@chef.io>)
3
+ # Author:: Rachel Rice (<rrice@chef.io>)
4
+ # Author:: Davin Taddeo (<davin@chef.io>)
5
+ # Copyright:: Copyright (c) Chef Software Inc.
6
+ #
7
+ # Licensed under the Apache License, Version 2.0 (the "License");
8
+ # you may not use this file except in compliance with the License.
9
+ # You may obtain a copy of the License at
10
+ #
11
+ # http://www.apache.org/licenses/LICENSE-2.0
12
+ #
13
+ # Unless required by applicable law or agreed to in writing, software
14
+ # distributed under the License is distributed on an "AS IS" BASIS,
15
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
+ # See the License for the specific language governing permissions and
17
+ # limitations under the License.
18
+ #
19
+
20
+ require_relative "../resource"
21
+
22
+ class Chef
23
+ class Resource
24
+ class WindowsAuditPolicy < Chef::Resource
25
+ WIN_AUDIT_SUBCATEGORIES = ["Account Lockout",
26
+ "Application Generated",
27
+ "Application Group Management",
28
+ "Audit Policy Change",
29
+ "Authentication Policy Change",
30
+ "Authorization Policy Change",
31
+ "Central Policy Staging",
32
+ "Certification Services",
33
+ "Computer Account Management",
34
+ "Credential Validation",
35
+ "DPAPI Activity",
36
+ "Detailed Directory Service Replication",
37
+ "Detailed File Share",
38
+ "Directory Service Access",
39
+ "Directory Service Changes",
40
+ "Directory Service Replication",
41
+ "Distribution Group Management",
42
+ "File Share",
43
+ "File System",
44
+ "Filtering Platform Connection",
45
+ "Filtering Platform Packet Drop",
46
+ "Filtering Platform Policy Change",
47
+ "Group Membership",
48
+ "Handle Manipulation",
49
+ "IPsec Driver",
50
+ "IPsec Extended Mode",
51
+ "IPsec Main Mode",
52
+ "IPsec Quick Mode",
53
+ "Kerberos Authentication Service",
54
+ "Kerberos Service Ticket Operations",
55
+ "Kernel Object",
56
+ "Logoff",
57
+ "Logon",
58
+ "MPSSVC Rule-Level Policy Change",
59
+ "Network Policy Server",
60
+ "Non Sensitive Privilege Use",
61
+ "Other Account Logon Events",
62
+ "Other Account Management Events",
63
+ "Other Logon/Logoff Events",
64
+ "Other Object Access Events",
65
+ "Other Policy Change Events",
66
+ "Other Privilege Use Events",
67
+ "Other System Events",
68
+ "Plug and Play Events",
69
+ "Process Creation",
70
+ "Process Termination",
71
+ "RPC Events",
72
+ "Registry",
73
+ "Removable Storage",
74
+ "SAM",
75
+ "Security Group Management",
76
+ "Security State Change",
77
+ "Security System Extension",
78
+ "Sensitive Privilege Use",
79
+ "Special Logon",
80
+ "System Integrity",
81
+ "Token Right Adjusted Events",
82
+ "User / Device Claims",
83
+ "User Account Management",
84
+ ].freeze
85
+ provides :windows_audit_policy
86
+
87
+ description "Use the **windows_audit_policy** resource to configure system level and per-user Windows advanced audit policy settings."
88
+ introduced "16.2"
89
+
90
+ examples <<~DOC
91
+ **Set Logon and Logoff policy to "Success and Failure"**:
92
+
93
+ ```ruby
94
+ windows_audit_policy "Set Audit Policy for 'Logon and Logoff' actions to 'Success and Failure'" do
95
+ subcategory %w(Logon Logoff)
96
+ success true
97
+ failure true
98
+ action :set
99
+ end
100
+ ```
101
+
102
+ **Set Credential Validation policy to "Success"**:
103
+
104
+ ```ruby
105
+ windows_audit_policy "Set Audit Policy for 'Credential Validation' actions to 'Success'" do
106
+ subcategory 'Credential Validation'
107
+ success true
108
+ failure false
109
+ action :set
110
+ end
111
+ ```
112
+
113
+ **Enable CrashOnAuditFail option**:
114
+
115
+ ```ruby
116
+ windows_audit_policy 'Enable CrashOnAuditFail option' do
117
+ crash_on_audit_fail true
118
+ action :set
119
+ end
120
+ ```
121
+ DOC
122
+
123
+ property :subcategory, [String, Array],
124
+ coerce: proc { |p| Array(p) },
125
+ description: "The audit policy subcategory, specified by GUID or name. Applied system-wide if no user is specified.",
126
+ callbacks: { "Subcategories entered should be actual advanced audit policy subcategories" => proc { |n| (Array(n) - WIN_AUDIT_SUBCATEGORIES).empty? } }
127
+
128
+ property :success, [true, false],
129
+ description: "Specify success auditing. By setting this property to true the resource will enable success for the category or sub category. Success is the default and is applied if neither success nor failure are specified."
130
+
131
+ property :failure, [true, false],
132
+ description: "Specify failure auditing. By setting this property to true the resource will enable failure for the category or sub category. Success is the default and is applied if neither success nor failure are specified."
133
+
134
+ property :include_user, String,
135
+ description: "The audit policy specified by the category or subcategory is applied per-user if specified. When a user is specified, include user. Include and exclude cannot be used at the same time."
136
+
137
+ property :exclude_user, String,
138
+ description: "The audit policy specified by the category or subcategory is applied per-user if specified. When a user is specified, exclude user. Include and exclude cannot be used at the same time."
139
+
140
+ property :crash_on_audit_fail, [true, false],
141
+ description: "Setting this audit policy option to true will cause the system to crash if the auditing system is unable to log events."
142
+
143
+ property :full_privilege_auditing, [true, false],
144
+ description: "Setting this audit policy option to true will force the audit of all privilege changes except SeAuditPrivilege. Setting this property may cause the logs to fill up more quickly."
145
+
146
+ property :audit_base_objects, [true, false],
147
+ description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of base objects such as mutexes."
148
+
149
+ property :audit_base_directories, [true, false],
150
+ description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of container objects such as directories."
151
+
152
+ def subcategory_configured?(sub_cat, success_value, failure_value)
153
+ setting = if success_value && failure_value
154
+ "Success and Failure$"
155
+ elsif success_value && !failure_value
156
+ "Success$"
157
+ elsif !success_value && failure_value
158
+ "(Failure$)&!(Success and Failure$)"
159
+ else
160
+ "No Auditing"
161
+ end
162
+ powershell_exec(<<-CODE).result
163
+ $auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
164
+ if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
165
+ CODE
166
+ end
167
+
168
+ def option_configured?(option_name, option_setting)
169
+ setting = option_setting ? "Enabled$" : "Disabled$"
170
+ powershell_exec(<<-CODE).result
171
+ $auditpol_config = auditpol /get /option:#{option_name}
172
+ if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
173
+ CODE
174
+ end
175
+
176
+ action :set do
177
+ unless new_resource.subcategory.nil?
178
+ new_resource.subcategory.each do |subcategory|
179
+ next if subcategory_configured?(subcategory, new_resource.success, new_resource.failure)
180
+
181
+ s_val = new_resource.success ? "enable" : "disable"
182
+ f_val = new_resource.failure ? "enable" : "disable"
183
+ converge_by "Update Audit Policy for \"#{subcategory}\" to Success:#{s_val} and Failure:#{f_val}" do
184
+ cmd = "auditpol /set "
185
+ cmd += "/user:\"#{new_resource.include_user}\" /include " if new_resource.include_user
186
+ cmd += "/user:\"#{new_resource.exclude_user}\" /exclude " if new_resource.exclude_user
187
+ cmd += "/subcategory:\"#{subcategory}\" /success:#{s_val} /failure:#{f_val}"
188
+ powershell_exec!(cmd)
189
+ end
190
+ end
191
+ end
192
+
193
+ if !new_resource.crash_on_audit_fail.nil? && option_configured?("CrashOnAuditFail", new_resource.crash_on_audit_fail)
194
+ val = new_resource.crash_on_audit_fail ? "Enable" : "Disable"
195
+ converge_by "Configure Audit: CrashOnAuditFail to #{val}" do
196
+ cmd = "auditpol /set /option:CrashOnAuditFail /value:#{val}"
197
+ powershell_exec!(cmd)
198
+ end
199
+ end
200
+
201
+ if !new_resource.full_privilege_auditing.nil? && option_configured?("FullPrivilegeAuditing", new_resource.full_privilege_auditing)
202
+ val = new_resource.full_privilege_auditing ? "Enable" : "Disable"
203
+ converge_by "Configure Audit: FullPrivilegeAuditing to #{val}" do
204
+ cmd = "auditpol /set /option:FullPrivilegeAuditing /value:#{val}"
205
+ powershell_exec!(cmd)
206
+ end
207
+ end
208
+
209
+ if !new_resource.audit_base_directories.nil? && option_configured?("AuditBaseDirectories", new_resource.audit_base_directories)
210
+ val = new_resource.audit_base_directories ? "Enable" : "Disable"
211
+ converge_by "Configure Audit: AuditBaseDirectories to #{val}" do
212
+ cmd = "auditpol /set /option:AuditBaseDirectories /value:#{val}"
213
+ powershell_exec!(cmd)
214
+ end
215
+ end
216
+
217
+ if !new_resource.audit_base_objects.nil? && option_configured?("AuditBaseObjects", new_resource.audit_base_objects)
218
+ val = new_resource.audit_base_objects ? "Enable" : "Disable"
219
+ converge_by "Configure Audit: AuditBaseObjects to #{val}" do
220
+ cmd = "auditpol /set /option:AuditBaseObjects /value:#{val}"
221
+ powershell_exec!(cmd)
222
+ end
223
+ end
224
+ end
225
+ end
226
+ end
227
+ end