chef 16.1.0-universal-mingw32 → 16.3.38-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (424) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -7
  3. data/README.md +3 -3
  4. data/Rakefile +4 -3
  5. data/chef-universal-mingw32.gemspec +2 -2
  6. data/chef.gemspec +7 -6
  7. data/distro/powershell/chef/chef.psm1 +3 -3
  8. data/distro/templates/powershell/chef/chef.psm1.erb +3 -3
  9. data/lib/chef/application.rb +12 -0
  10. data/lib/chef/application/apply.rb +2 -1
  11. data/lib/chef/application/base.rb +1 -1
  12. data/lib/chef/application/client.rb +1 -1
  13. data/lib/chef/application/windows_service_manager.rb +1 -1
  14. data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
  15. data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
  16. data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
  17. data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
  18. data/lib/chef/chef_fs/file_system/chef_server/acls_dir.rb +1 -1
  19. data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
  20. data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
  21. data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
  22. data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
  23. data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +2 -2
  24. data/lib/chef/chef_fs/path_utils.rb +4 -4
  25. data/lib/chef/client.rb +3 -3
  26. data/lib/chef/cookbook/chefignore.rb +1 -1
  27. data/lib/chef/cookbook/file_system_file_vendor.rb +1 -1
  28. data/lib/chef/cookbook/metadata.rb +2 -2
  29. data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
  30. data/lib/chef/cookbook/syntax_check.rb +1 -2
  31. data/lib/chef/cookbook_loader.rb +16 -30
  32. data/lib/chef/cookbook_manifest.rb +1 -1
  33. data/lib/chef/cookbook_site_streaming_uploader.rb +1 -1
  34. data/lib/chef/cookbook_version.rb +4 -4
  35. data/lib/chef/data_bag.rb +5 -6
  36. data/lib/chef/data_collector.rb +1 -1
  37. data/lib/chef/data_collector/error_handlers.rb +1 -1
  38. data/lib/chef/decorator/lazy_array.rb +2 -2
  39. data/lib/chef/deprecated.rb +12 -0
  40. data/lib/chef/digester.rb +5 -4
  41. data/lib/chef/dsl/declare_resource.rb +1 -1
  42. data/lib/chef/dsl/platform_introspection.rb +2 -0
  43. data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
  44. data/lib/chef/encrypted_data_bag_item/encryptor.rb +1 -1
  45. data/lib/chef/environment.rb +1 -2
  46. data/lib/chef/exceptions.rb +3 -0
  47. data/lib/chef/file_access_control.rb +1 -1
  48. data/lib/chef/file_access_control/windows.rb +2 -2
  49. data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
  50. data/lib/chef/formatters/base.rb +1 -1
  51. data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +1 -1
  52. data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +3 -3
  53. data/lib/chef/http.rb +19 -4
  54. data/lib/chef/http/authenticator.rb +1 -1
  55. data/lib/chef/http/decompressor.rb +1 -1
  56. data/lib/chef/http/http_request.rb +1 -1
  57. data/lib/chef/http/json_output.rb +1 -1
  58. data/lib/chef/http/ssl_policies.rb +18 -0
  59. data/lib/chef/json_compat.rb +1 -1
  60. data/lib/chef/key.rb +1 -1
  61. data/lib/chef/knife.rb +6 -6
  62. data/lib/chef/knife/bootstrap.rb +24 -24
  63. data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
  64. data/lib/chef/knife/bootstrap/client_builder.rb +1 -1
  65. data/lib/chef/knife/bootstrap/templates/chef-full.erb +9 -9
  66. data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +3 -1
  67. data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
  68. data/lib/chef/knife/client_bulk_delete.rb +1 -1
  69. data/lib/chef/knife/config_get.rb +2 -1
  70. data/lib/chef/knife/config_list_profiles.rb +4 -1
  71. data/lib/chef/knife/config_use_profile.rb +15 -5
  72. data/lib/chef/knife/configure.rb +1 -1
  73. data/lib/chef/knife/cookbook_delete.rb +1 -1
  74. data/lib/chef/knife/cookbook_upload.rb +6 -14
  75. data/lib/chef/knife/core/bootstrap_context.rb +1 -1
  76. data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
  77. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  78. data/lib/chef/knife/core/hashed_command_loader.rb +2 -1
  79. data/lib/chef/knife/core/node_presenter.rb +1 -1
  80. data/lib/chef/knife/core/status_presenter.rb +1 -1
  81. data/lib/chef/knife/core/subcommand_loader.rb +21 -2
  82. data/lib/chef/knife/core/ui.rb +8 -2
  83. data/lib/chef/knife/core/windows_bootstrap_context.rb +18 -4
  84. data/lib/chef/knife/data_bag_create.rb +1 -1
  85. data/lib/chef/knife/key_create_base.rb +1 -1
  86. data/lib/chef/knife/key_edit_base.rb +1 -1
  87. data/lib/chef/knife/node_bulk_delete.rb +1 -1
  88. data/lib/chef/knife/node_run_list_remove.rb +1 -1
  89. data/lib/chef/knife/rehash.rb +3 -21
  90. data/lib/chef/knife/role_bulk_delete.rb +1 -1
  91. data/lib/chef/knife/ssh.rb +7 -3
  92. data/lib/chef/knife/supermarket_share.rb +1 -1
  93. data/lib/chef/knife/supermarket_unshare.rb +1 -1
  94. data/lib/chef/log.rb +8 -3
  95. data/lib/chef/mixin/api_version_request_handling.rb +1 -1
  96. data/lib/chef/mixin/checksum.rb +0 -1
  97. data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
  98. data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
  99. data/lib/chef/mixin/openssl_helper.rb +31 -9
  100. data/lib/chef/mixin/path_sanity.rb +5 -4
  101. data/lib/chef/mixin/properties.rb +2 -2
  102. data/lib/chef/mixin/securable.rb +2 -2
  103. data/lib/chef/mixin/shell_out.rb +4 -188
  104. data/lib/chef/mixin/template.rb +1 -0
  105. data/lib/chef/mixin/which.rb +6 -3
  106. data/lib/chef/mixins.rb +1 -0
  107. data/lib/chef/node.rb +36 -12
  108. data/lib/chef/node/attribute.rb +2 -2
  109. data/lib/chef/node/immutable_collections.rb +1 -1
  110. data/lib/chef/node_map.rb +21 -18
  111. data/lib/chef/platform/service_helpers.rb +31 -28
  112. data/lib/chef/policy_builder/policyfile.rb +1 -1
  113. data/lib/chef/powershell.rb +1 -1
  114. data/lib/chef/property.rb +2 -2
  115. data/lib/chef/provider.rb +3 -3
  116. data/lib/chef/provider/batch.rb +3 -10
  117. data/lib/chef/provider/cron.rb +2 -14
  118. data/lib/chef/provider/directory.rb +1 -1
  119. data/lib/chef/provider/execute.rb +2 -1
  120. data/lib/chef/provider/file.rb +1 -1
  121. data/lib/chef/provider/git.rb +12 -4
  122. data/lib/chef/provider/group/dscl.rb +2 -2
  123. data/lib/chef/provider/group/windows.rb +1 -1
  124. data/lib/chef/provider/ifconfig.rb +7 -7
  125. data/lib/chef/provider/mount/aix.rb +1 -1
  126. data/lib/chef/provider/mount/solaris.rb +0 -1
  127. data/lib/chef/provider/mount/windows.rb +2 -2
  128. data/lib/chef/provider/noop.rb +1 -1
  129. data/lib/chef/provider/package/chocolatey.rb +1 -1
  130. data/lib/chef/provider/package/dpkg.rb +1 -1
  131. data/lib/chef/provider/package/openbsd.rb +1 -1
  132. data/lib/chef/provider/package/portage.rb +3 -2
  133. data/lib/chef/provider/package/powershell.rb +6 -2
  134. data/lib/chef/provider/package/rubygems.rb +3 -3
  135. data/lib/chef/provider/package/snap.rb +97 -29
  136. data/lib/chef/provider/package/windows.rb +11 -6
  137. data/lib/chef/provider/package/windows/msi.rb +3 -3
  138. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
  139. data/lib/chef/provider/package/yum.rb +1 -1
  140. data/lib/chef/provider/package/yum/yum_cache.rb +1 -1
  141. data/lib/chef/provider/package/zypper.rb +0 -1
  142. data/lib/chef/provider/powershell_script.rb +10 -14
  143. data/lib/chef/provider/remote_directory.rb +2 -2
  144. data/lib/chef/provider/remote_file/http.rb +4 -1
  145. data/lib/chef/provider/script.rb +4 -75
  146. data/lib/chef/provider/service.rb +2 -2
  147. data/lib/chef/provider/service/arch.rb +2 -2
  148. data/lib/chef/provider/service/debian.rb +2 -2
  149. data/lib/chef/provider/service/openbsd.rb +4 -4
  150. data/lib/chef/provider/service/redhat.rb +1 -1
  151. data/lib/chef/provider/service/upstart.rb +1 -1
  152. data/lib/chef/provider/service/windows.rb +1 -1
  153. data/lib/chef/provider/subversion.rb +2 -2
  154. data/lib/chef/provider/user/aix.rb +1 -1
  155. data/lib/chef/provider/user/dscl.rb +6 -6
  156. data/lib/chef/provider/user/linux.rb +3 -3
  157. data/lib/chef/provider/user/mac.rb +15 -11
  158. data/lib/chef/provider/windows_script.rb +87 -25
  159. data/lib/chef/provider/windows_task.rb +4 -2
  160. data/lib/chef/provider/yum_repository.rb +1 -1
  161. data/lib/chef/provider/zypper_repository.rb +31 -11
  162. data/lib/chef/resource.rb +27 -14
  163. data/lib/chef/resource/alternatives.rb +1 -1
  164. data/lib/chef/resource/apt_package.rb +1 -1
  165. data/lib/chef/resource/archive_file.rb +28 -8
  166. data/lib/chef/resource/bash.rb +0 -1
  167. data/lib/chef/resource/batch.rb +4 -2
  168. data/lib/chef/resource/build_essential.rb +2 -2
  169. data/lib/chef/resource/chef_client_scheduled_task.rb +14 -2
  170. data/lib/chef/resource/chef_gem.rb +57 -21
  171. data/lib/chef/resource/chef_handler.rb +2 -2
  172. data/lib/chef/resource/chef_vault_secret.rb +1 -1
  173. data/lib/chef/resource/chocolatey_feature.rb +1 -2
  174. data/lib/chef/resource/cron/_cron_shared.rb +98 -0
  175. data/lib/chef/resource/cron/cron.rb +46 -0
  176. data/lib/chef/resource/{cron_d.rb → cron/cron_d.rb} +7 -87
  177. data/lib/chef/resource/cron_access.rb +13 -5
  178. data/lib/chef/resource/csh.rb +0 -1
  179. data/lib/chef/resource/dmg_package.rb +2 -2
  180. data/lib/chef/resource/execute.rb +480 -10
  181. data/lib/chef/resource/file.rb +10 -8
  182. data/lib/chef/resource/freebsd_package.rb +1 -1
  183. data/lib/chef/resource/gem_package.rb +35 -2
  184. data/lib/chef/resource/helpers/cron_validations.rb +6 -3
  185. data/lib/chef/resource/homebrew_package.rb +30 -1
  186. data/lib/chef/resource/homebrew_update.rb +107 -0
  187. data/lib/chef/resource/hostname.rb +7 -20
  188. data/lib/chef/resource/kernel_module.rb +14 -1
  189. data/lib/chef/resource/launchd.rb +1 -1
  190. data/lib/chef/resource/locale.rb +3 -3
  191. data/lib/chef/resource/lwrp_base.rb +1 -0
  192. data/lib/chef/resource/macos_userdefaults.rb +176 -56
  193. data/lib/chef/resource/mount.rb +1 -1
  194. data/lib/chef/resource/openssl_x509_certificate.rb +11 -14
  195. data/lib/chef/resource/openssl_x509_crl.rb +1 -2
  196. data/lib/chef/resource/perl.rb +0 -1
  197. data/lib/chef/resource/plist.rb +23 -4
  198. data/lib/chef/resource/powershell_script.rb +4 -2
  199. data/lib/chef/resource/python.rb +0 -1
  200. data/lib/chef/resource/remote_file.rb +26 -10
  201. data/lib/chef/resource/ruby.rb +0 -1
  202. data/lib/chef/resource/scm/git.rb +1 -1
  203. data/lib/chef/resource/service.rb +2 -2
  204. data/lib/chef/resource/ssh_known_hosts_entry.rb +16 -1
  205. data/lib/chef/resource/sudo.rb +30 -3
  206. data/lib/chef/resource/swap_file.rb +17 -0
  207. data/lib/chef/resource/template.rb +1 -1
  208. data/lib/chef/resource/timezone.rb +15 -0
  209. data/lib/chef/resource/user_ulimit.rb +1 -1
  210. data/lib/chef/resource/windows_ad_join.rb +30 -1
  211. data/lib/chef/resource/windows_audit_policy.rb +227 -0
  212. data/lib/chef/resource/windows_auto_run.rb +11 -0
  213. data/lib/chef/resource/windows_certificate.rb +27 -1
  214. data/lib/chef/resource/windows_dfs_server.rb +1 -1
  215. data/lib/chef/resource/windows_dns_record.rb +17 -0
  216. data/lib/chef/resource/windows_firewall_profile.rb +197 -0
  217. data/lib/chef/resource/windows_font.rb +3 -3
  218. data/lib/chef/resource/windows_package.rb +1 -1
  219. data/lib/chef/resource/windows_pagefile.rb +2 -2
  220. data/lib/chef/resource/windows_script.rb +2 -16
  221. data/lib/chef/resource/windows_security_policy.rb +67 -36
  222. data/lib/chef/resource/windows_shortcut.rb +1 -2
  223. data/lib/chef/resource/windows_task.rb +10 -10
  224. data/lib/chef/resource/windows_user_privilege.rb +33 -10
  225. data/lib/chef/resource/yum_repository.rb +9 -9
  226. data/lib/chef/resource_inspector.rb +11 -4
  227. data/lib/chef/resources.rb +5 -2
  228. data/lib/chef/role.rb +1 -2
  229. data/lib/chef/run_context/cookbook_compiler.rb +1 -1
  230. data/lib/chef/search/query.rb +1 -1
  231. data/lib/chef/shell/ext.rb +1 -1
  232. data/lib/chef/shell/shell_session.rb +2 -0
  233. data/lib/chef/util/diff.rb +2 -3
  234. data/lib/chef/util/windows/net_user.rb +1 -1
  235. data/lib/chef/util/windows/volume.rb +1 -1
  236. data/lib/chef/version.rb +2 -2
  237. data/lib/chef/win32/api.rb +2 -2
  238. data/lib/chef/win32/api/error.rb +3 -1
  239. data/lib/chef/win32/api/file.rb +1 -1
  240. data/lib/chef/win32/api/net.rb +1 -0
  241. data/lib/chef/win32/file.rb +1 -1
  242. data/lib/chef/win32/mutex.rb +1 -1
  243. data/lib/chef/win32/net.rb +1 -0
  244. data/lib/chef/win32/registry.rb +3 -4
  245. data/lib/chef/win32/security.rb +1 -1
  246. data/lib/chef/win32/security/sid.rb +4 -4
  247. data/spec/data/lwrp/providers/buck_passer.rb +1 -1
  248. data/spec/data/lwrp/providers/buck_passer_2.rb +1 -1
  249. data/spec/data/lwrp/providers/embedded_resource_accesses_providers_scope.rb +1 -1
  250. data/spec/functional/knife/configure_spec.rb +1 -1
  251. data/spec/functional/knife/ssh_spec.rb +5 -16
  252. data/spec/functional/resource/aix_service_spec.rb +9 -2
  253. data/spec/functional/resource/aixinit_service_spec.rb +1 -2
  254. data/spec/functional/resource/apt_package_spec.rb +0 -1
  255. data/spec/functional/resource/bash_spec.rb +3 -2
  256. data/spec/functional/resource/bff_spec.rb +1 -1
  257. data/spec/functional/resource/chocolatey_package_spec.rb +4 -0
  258. data/spec/functional/resource/cron_spec.rb +20 -2
  259. data/spec/functional/resource/dnf_package_spec.rb +6 -3
  260. data/spec/functional/resource/execute_spec.rb +1 -1
  261. data/spec/functional/resource/git_spec.rb +29 -7
  262. data/spec/functional/resource/group_spec.rb +15 -3
  263. data/spec/functional/resource/ifconfig_spec.rb +9 -1
  264. data/spec/functional/resource/insserv_spec.rb +3 -3
  265. data/spec/functional/resource/link_spec.rb +2 -5
  266. data/spec/functional/resource/mount_spec.rb +9 -1
  267. data/spec/functional/resource/msu_package_spec.rb +9 -3
  268. data/spec/functional/resource/powershell_script_spec.rb +4 -4
  269. data/spec/functional/resource/remote_file_spec.rb +9 -15
  270. data/spec/functional/resource/rpm_spec.rb +1 -1
  271. data/spec/functional/resource/timezone_spec.rb +2 -0
  272. data/spec/functional/resource/windows_package_spec.rb +0 -1
  273. data/spec/functional/resource/windows_path_spec.rb +4 -0
  274. data/spec/functional/resource/windows_security_policy_spec.rb +0 -1
  275. data/spec/functional/resource/windows_service_spec.rb +4 -0
  276. data/spec/functional/resource/windows_task_spec.rb +16 -15
  277. data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
  278. data/spec/functional/resource/yum_package_spec.rb +4 -1
  279. data/spec/functional/resource/zypper_package_spec.rb +4 -1
  280. data/spec/functional/run_lock_spec.rb +2 -1
  281. data/spec/functional/shell_spec.rb +5 -6
  282. data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
  283. data/spec/functional/version_spec.rb +1 -1
  284. data/spec/functional/win32/crypto_spec.rb +1 -1
  285. data/spec/integration/knife/config_list_profiles_spec.rb +30 -2
  286. data/spec/integration/knife/config_use_profile_spec.rb +55 -2
  287. data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
  288. data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
  289. data/spec/integration/knife/environment_from_file_spec.rb +1 -1
  290. data/spec/integration/knife/node_from_file_spec.rb +1 -1
  291. data/spec/integration/knife/role_from_file_spec.rb +1 -1
  292. data/spec/integration/recipes/accumulator_spec.rb +1 -1
  293. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
  294. data/spec/integration/recipes/lwrp_spec.rb +1 -1
  295. data/spec/integration/recipes/notifies_spec.rb +1 -1
  296. data/spec/integration/recipes/notifying_block_spec.rb +1 -1
  297. data/spec/integration/recipes/recipe_dsl_spec.rb +5 -1
  298. data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
  299. data/spec/integration/recipes/resource_load_spec.rb +4 -2
  300. data/spec/integration/recipes/unified_mode_spec.rb +1 -1
  301. data/spec/integration/recipes/use_partial_spec.rb +1 -1
  302. data/spec/scripts/ssl-serve.rb +1 -1
  303. data/spec/spec_helper.rb +10 -4
  304. data/spec/support/chef_helpers.rb +2 -21
  305. data/spec/support/platform_helpers.rb +1 -3
  306. data/spec/support/platforms/win32/spec_service.rb +1 -1
  307. data/spec/support/shared/functional/execute_resource.rb +1 -1
  308. data/spec/support/shared/functional/file_resource.rb +0 -1
  309. data/spec/support/shared/functional/securable_resource.rb +1 -2
  310. data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
  311. data/spec/support/shared/functional/windows_script.rb +3 -3
  312. data/spec/support/shared/integration/knife_support.rb +2 -9
  313. data/spec/support/shared/unit/application_dot_d.rb +0 -1
  314. data/spec/support/shared/unit/execute_resource.rb +1 -1
  315. data/spec/support/shared/unit/provider/file.rb +12 -8
  316. data/spec/support/shared/unit/provider/useradd_based_user_provider.rb +4 -4
  317. data/spec/unit/application/solo_spec.rb +4 -2
  318. data/spec/unit/application_spec.rb +11 -2
  319. data/spec/unit/chef_fs/config_spec.rb +2 -2
  320. data/spec/unit/chef_fs/diff_spec.rb +8 -8
  321. data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
  322. data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
  323. data/spec/unit/client_spec.rb +4 -1
  324. data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
  325. data/spec/unit/cookbook/synchronizer_spec.rb +26 -24
  326. data/spec/unit/data_bag_spec.rb +6 -3
  327. data/spec/unit/data_collector_spec.rb +1 -1
  328. data/spec/unit/decorator_spec.rb +23 -23
  329. data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
  330. data/spec/unit/environment_spec.rb +5 -1
  331. data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
  332. data/spec/unit/guard_interpreter_spec.rb +1 -1
  333. data/spec/unit/http/api_versions_spec.rb +1 -1
  334. data/spec/unit/http/ssl_policies_spec.rb +20 -0
  335. data/spec/unit/json_compat_spec.rb +1 -1
  336. data/spec/unit/knife/bootstrap_spec.rb +5 -8
  337. data/spec/unit/knife/cookbook_download_spec.rb +2 -2
  338. data/spec/unit/knife/cookbook_show_spec.rb +6 -7
  339. data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
  340. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +7 -1
  341. data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
  342. data/spec/unit/log/syslog_spec.rb +6 -10
  343. data/spec/unit/log/winevt_spec.rb +21 -13
  344. data/spec/unit/lwrp_spec.rb +9 -6
  345. data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
  346. data/spec/unit/mixin/openssl_helper_spec.rb +4 -4
  347. data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
  348. data/spec/unit/mixin/powershell_out_spec.rb +2 -4
  349. data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
  350. data/spec/unit/mixin/securable_spec.rb +0 -1
  351. data/spec/unit/mixin/shell_out_spec.rb +25 -26
  352. data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
  353. data/spec/unit/mixin/unformatter_spec.rb +2 -2
  354. data/spec/unit/mixin/uris_spec.rb +1 -1
  355. data/spec/unit/mixin/user_context_spec.rb +1 -9
  356. data/spec/unit/mixin/which.rb +8 -0
  357. data/spec/unit/node/attribute_spec.rb +1 -1
  358. data/spec/unit/node_spec.rb +98 -11
  359. data/spec/unit/property_spec.rb +6 -6
  360. data/spec/unit/provider/batch_spec.rb +130 -0
  361. data/spec/unit/provider/cron/unix_spec.rb +1 -1
  362. data/spec/unit/provider/cron_spec.rb +9 -49
  363. data/spec/unit/provider/dsc_resource_spec.rb +22 -38
  364. data/spec/unit/provider/dsc_script_spec.rb +10 -10
  365. data/spec/unit/provider/execute_spec.rb +1 -8
  366. data/spec/unit/provider/git_spec.rb +3 -3
  367. data/spec/unit/provider/group/groupadd_spec.rb +1 -1
  368. data/spec/unit/provider/ifconfig_spec.rb +0 -1
  369. data/spec/unit/provider/mdadm_spec.rb +1 -3
  370. data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
  371. data/spec/unit/provider/package/openbsd_spec.rb +1 -1
  372. data/spec/unit/provider/package/pacman_spec.rb +17 -20
  373. data/spec/unit/provider/package/portage_spec.rb +2 -2
  374. data/spec/unit/provider/package/powershell_spec.rb +96 -87
  375. data/spec/unit/provider/package/rubygems_spec.rb +5 -10
  376. data/spec/unit/provider/package/smartos_spec.rb +1 -1
  377. data/spec/unit/provider/package/snap_spec.rb +1 -1
  378. data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
  379. data/spec/unit/provider/package/windows_spec.rb +30 -53
  380. data/spec/unit/provider/powershell_script_spec.rb +3 -45
  381. data/spec/unit/provider/script_spec.rb +20 -110
  382. data/spec/unit/provider/service/redhat_spec.rb +1 -1
  383. data/spec/unit/provider/service/windows_spec.rb +2 -6
  384. data/spec/unit/provider/systemd_unit_spec.rb +28 -24
  385. data/spec/unit/provider/user/dscl_spec.rb +2 -2
  386. data/spec/unit/provider/windows_env_spec.rb +5 -4
  387. data/spec/unit/provider/zypper_repository_spec.rb +60 -10
  388. data/spec/unit/provider_spec.rb +1 -0
  389. data/spec/unit/resource/archive_file_spec.rb +11 -2
  390. data/spec/unit/resource/chef_client_cron_spec.rb +23 -7
  391. data/spec/unit/resource/chef_client_scheduled_task_spec.rb +17 -7
  392. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +7 -4
  393. data/spec/unit/resource/cron_spec.rb +2 -2
  394. data/spec/unit/resource/execute_spec.rb +10 -0
  395. data/spec/unit/resource/file/verification_spec.rb +2 -1
  396. data/spec/unit/resource/helpers/cron_validations_spec.rb +5 -1
  397. data/spec/unit/resource/homebrew_update_spec.rb +30 -0
  398. data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
  399. data/spec/unit/resource/powershell_script_spec.rb +10 -15
  400. data/spec/unit/resource/timezone_spec.rb +1 -1
  401. data/spec/unit/resource/windows_audit_policy_spec.rb +64 -0
  402. data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
  403. data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
  404. data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
  405. data/spec/unit/resource/windows_package_spec.rb +1 -0
  406. data/spec/unit/resource/windows_task_spec.rb +1 -1
  407. data/spec/unit/resource/windows_uac_spec.rb +2 -2
  408. data/spec/unit/resource/yum_repository_spec.rb +21 -21
  409. data/spec/unit/resource_reporter_spec.rb +1 -1
  410. data/spec/unit/resource_spec.rb +84 -1
  411. data/spec/unit/role_spec.rb +23 -21
  412. data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
  413. data/spec/unit/run_lock_spec.rb +1 -1
  414. data/spec/unit/scan_access_control_spec.rb +1 -1
  415. data/spec/unit/util/backup_spec.rb +1 -1
  416. data/spec/unit/util/diff_spec.rb +1 -15
  417. data/spec/unit/util/dsc/configuration_generator_spec.rb +1 -1
  418. data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
  419. data/spec/unit/util/selinux_spec.rb +2 -1
  420. data/spec/unit/util/threaded_job_queue_spec.rb +9 -0
  421. data/spec/unit/win32/registry_spec.rb +1 -1
  422. data/spec/unit/win32/security_spec.rb +4 -3
  423. metadata +68 -40
  424. data/lib/chef/resource/cron.rb +0 -157
@@ -25,6 +25,17 @@ class Chef
25
25
 
26
26
  description "Use the **windows_auto_run** resource to set applications to run at login."
27
27
  introduced "14.0"
28
+ examples <<~DOC
29
+ **Run BGInfo at login**
30
+
31
+ ```ruby
32
+ windows_auto_run 'BGINFO' do
33
+ program 'C:/Sysinternals/bginfo.exe'
34
+ args '\'C:/Sysinternals/Config.bgi\' /NOLICPROMPT /TIMER:0'
35
+ action :create
36
+ end
37
+ ```
38
+ DOC
28
39
 
29
40
  property :program_name, String,
30
41
  description: "The name of the program to run at login if it differs from the resource block's name.",
@@ -30,6 +30,32 @@ class Chef
30
30
 
31
31
  description "Use the **windows_certificate** resource to install a certificate into the Windows certificate store from a file. The resource grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificates remotely may not work if the operation requires a user profile. Operations on the local machine store should still work."
32
32
  introduced "14.7"
33
+ examples <<~DOC
34
+ **Add PFX cert to local machine personal store and grant accounts read-only access to private key**
35
+
36
+ ```ruby
37
+ windows_certificate 'c:/test/mycert.pfx' do
38
+ pfx_password 'password'
39
+ private_key_acl ["acme\\fred", "pc\\jane"]
40
+ end
41
+ ```
42
+
43
+ **Add cert to trusted intermediate store**
44
+
45
+ ```ruby
46
+ windows_certificate 'c:/test/mycert.cer' do
47
+ store_name 'CA'
48
+ end
49
+ ```
50
+
51
+ **Remove all certificates matching the subject**
52
+
53
+ ```ruby
54
+ windows_certificate 'me.acme.com' do
55
+ action :delete
56
+ end
57
+ ```
58
+ DOC
33
59
 
34
60
  property :source, String,
35
61
  description: "The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete) if it differs from the resource block's name.",
@@ -308,7 +334,7 @@ class Chef
308
334
  #
309
335
  def import_certificates(cert_objs, is_pfx)
310
336
  [cert_objs].flatten.each do |cert_obj|
311
- thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint
337
+ thumbprint = OpenSSL::Digest.new("SHA1", cert_obj.to_der).to_s # Fetch its thumbprint
312
338
  # Need to check if return value is Boolean:true
313
339
  # If not then the given certificate should be added in certstore
314
340
  if verify_cert(thumbprint) == true
@@ -50,7 +50,7 @@ class Chef
50
50
  ps_results = powershell_out("Get-DfsnServerConfiguration -ComputerName '#{ENV["COMPUTERNAME"]}' | Select LdapTimeoutSec, PreferLogonDC, EnableSiteCostedReferrals, SyncIntervalSec, UseFqdn | ConvertTo-Json")
51
51
 
52
52
  if ps_results.error?
53
- raise "The dfs_server resource failed to fetch the current state via the Get-DfsnServerConfiguration PowerShell cmlet. Is the DFS Windows feature installed?"
53
+ raise "The dfs_server resource failed to fetch the current state via the Get-DfsnServerConfiguration PowerShell cmdlet. Is the DFS Windows feature installed?"
54
54
  end
55
55
 
56
56
  Chef::Log.debug("The Get-DfsnServerConfiguration results were #{ps_results.stdout}")
@@ -42,18 +42,34 @@ class Chef
42
42
  description: "The type of record to create, can be either ARecord, CNAME or PTR.",
43
43
  default: "ARecord", equal_to: %w{ARecord CNAME PTR}
44
44
 
45
+ property :dns_server, String,
46
+ description: "The name of the DNS server on which to create the record.",
47
+ default: "localhost",
48
+ introduced: "16.3"
49
+
45
50
  action :create do
46
51
  description "Creates and updates the DNS entry."
47
52
 
53
+ windows_feature "RSAT-DNS-Server" do
54
+ not_if new_resource.dns_server.casecmp?("localhost")
55
+ end
56
+
48
57
  powershell_package "xDnsServer" do
49
58
  end
59
+
50
60
  do_it "Present"
51
61
  end
52
62
 
53
63
  action :delete do
54
64
  description "Deletes a DNS entry."
65
+
66
+ windows_feature "RSAT-DNS-Server" do
67
+ not_if new_resource.dns_server.casecmp?("localhost")
68
+ end
69
+
55
70
  powershell_package "xDnsServer" do
56
71
  end
72
+
57
73
  do_it "Absent"
58
74
  end
59
75
 
@@ -67,6 +83,7 @@ class Chef
67
83
  property :Zone, new_resource.zone
68
84
  property :Type, new_resource.record_type
69
85
  property :Target, new_resource.target
86
+ property :DnsServer, new_resource.dns_server
70
87
  end
71
88
  end
72
89
  end
@@ -0,0 +1,197 @@
1
+ #
2
+ # Author:: John McCrae (<jmccrae@chef.io>)
3
+ # Author:: Davin Taddeo (<davin@chef.io>)
4
+ # Copyright:: Copyright (c) Chef Software Inc.
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ class Chef
20
+ class Resource
21
+ class WindowsFirewallProfile < Chef::Resource
22
+ provides :windows_firewall_profile
23
+ description "Use the **windows_firewall_profile** resource to enable, disable, and configure the Windows firewall."
24
+ introduced "16.3"
25
+
26
+ examples <<~DOC
27
+ **Enable and Configure the Private Profile of the Windows Profile**:
28
+
29
+ ```ruby
30
+ windows_firewall_profile 'Private' do
31
+ default_inbound_action 'Block'
32
+ default_outbound_action 'Allow'
33
+ allow_inbound_rules true
34
+ display_notification false
35
+ action :enable
36
+ end
37
+ ```
38
+
39
+ **Enable and Configure the Public Profile of the Windows Firewall**:
40
+
41
+ ```ruby
42
+ windows_firewall_profile 'Public' do
43
+ default_inbound_action 'Block'
44
+ default_outbound_action 'Allow'
45
+ allow_inbound_rules false
46
+ display_notification false
47
+ action :enable
48
+ end
49
+ ```
50
+
51
+ **Disable the Domain Profile of the Windows Firewall**:
52
+
53
+ ```ruby
54
+ windows_firewall_profile 'Disable the Domain Profile of the Windows Firewall' do
55
+ profile 'Domain'
56
+ action :disable
57
+ end
58
+ ```
59
+ DOC
60
+
61
+ unified_mode true
62
+
63
+ property :profile, String,
64
+ name_property: true,
65
+ equal_to: %w{ Domain Public Private },
66
+ description: "Set the Windows Profile being configured"
67
+
68
+ property :default_inbound_action, [String, nil],
69
+ equal_to: %w{ Allow Block NotConfigured },
70
+ description: "Set the default policy for inbound network traffic"
71
+
72
+ property :default_outbound_action, [String, nil],
73
+ equal_to: %w{ Allow Block NotConfigured },
74
+ description: "Set the default policy for outbound network traffic"
75
+
76
+ property :allow_inbound_rules, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow users to set inbound firewall rules"
77
+ property :allow_local_firewall_rules, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Merges inbound firewall rules into the policy"
78
+ property :allow_local_ipsec_rules, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow users to manage local connection security rules"
79
+ property :allow_user_apps, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow user applications to manage firewall"
80
+ property :allow_user_ports, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow users to manage firewall port rules"
81
+ property :allow_unicast_response, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow unicast responses to multicast and broadcast messages"
82
+ property :display_notification, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Display a notification when firewall blocks certain activity"
83
+
84
+ load_current_value do |desired|
85
+ ps_get_net_fw_profile = load_firewall_state(desired.profile)
86
+ output = powershell_out(ps_get_net_fw_profile)
87
+ if output.stdout.empty?
88
+ current_value_does_not_exist!
89
+ else
90
+ state = Chef::JSONCompat.from_json(output.stdout)
91
+ end
92
+
93
+ default_inbound_action state["default_inbound_action"]
94
+ default_outbound_action state["default_outbound_action"]
95
+ allow_inbound_rules convert_to_ruby(state["allow_inbound_rules"])
96
+ allow_local_firewall_rules convert_to_ruby(state["allow_local_firewall_rules"])
97
+ allow_local_ipsec_rules convert_to_ruby(state["allow_local_ipsec_rules"])
98
+ allow_user_apps convert_to_ruby(state["allow_user_apps"])
99
+ allow_user_ports convert_to_ruby(state["allow_user_ports"])
100
+ allow_unicast_response convert_to_ruby(state["allow_unicast_response"])
101
+ display_notification convert_to_ruby(state["display_notification"])
102
+ end
103
+
104
+ def convert_to_ruby(obj)
105
+ if obj.to_s.downcase == "true"
106
+ true
107
+ elsif obj.to_s.downcase == "false"
108
+ false
109
+ elsif obj.to_s.downcase == "notconfigured"
110
+ "NotConfigured"
111
+ end
112
+ end
113
+
114
+ def convert_to_powershell(obj)
115
+ if obj.to_s.downcase == "true"
116
+ "True"
117
+ elsif obj.to_s.downcase == "false"
118
+ "False"
119
+ elsif obj.to_s.downcase == "notconfigured"
120
+ "NotConfigured"
121
+ end
122
+ end
123
+
124
+ action :enable do
125
+ converge_if_changed :default_inbound_action, :default_outbound_action, :allow_inbound_rules, :allow_local_firewall_rules,
126
+ :allow_local_ipsec_rules, :allow_user_apps, :allow_user_ports, :allow_unicast_response, :display_notification do
127
+ fw_cmd = firewall_command(new_resource.profile)
128
+ powershell_exec!(fw_cmd)
129
+ end
130
+ unless firewall_enabled?(new_resource.profile)
131
+ converge_by "Enable the #{new_resource.profile} Firewall Profile" do
132
+ cmd = "Set-NetFirewallProfile -Profile #{new_resource.profile} -Enabled \"True\""
133
+ powershell_out!(cmd)
134
+ end
135
+ end
136
+ end
137
+
138
+ action :disable do
139
+ if firewall_enabled?(new_resource.profile)
140
+ converge_by "Disable the #{new_resource.profile} Firewall Profile" do
141
+ cmd = "Set-NetFirewallProfile -Profile #{new_resource.profile} -Enabled \"False\""
142
+ powershell_out!(cmd)
143
+ end
144
+ end
145
+ end
146
+
147
+ action_class do
148
+ def firewall_command(fw_profile)
149
+ cmd = "Set-NetFirewallProfile -Profile \"#{fw_profile}\""
150
+ cmd << " -DefaultInboundAction \"#{new_resource.default_inbound_action}\"" unless new_resource.default_inbound_action.nil?
151
+ cmd << " -DefaultOutboundAction \"#{new_resource.default_outbound_action}\"" unless new_resource.default_outbound_action.nil?
152
+ cmd << " -AllowInboundRules \"#{convert_to_powershell(new_resource.allow_inbound_rules)}\"" unless new_resource.allow_inbound_rules.nil?
153
+ cmd << " -AllowLocalFirewallRules \"#{convert_to_powershell(new_resource.allow_local_firewall_rules)}\"" unless new_resource.allow_local_firewall_rules.nil?
154
+ cmd << " -AllowLocalIPsecRules \"#{convert_to_powershell(new_resource.allow_local_ipsec_rules)}\"" unless new_resource.allow_local_ipsec_rules.nil?
155
+ cmd << " -AllowUserApps \"#{convert_to_powershell(new_resource.allow_user_apps)}\"" unless new_resource.allow_user_apps.nil?
156
+ cmd << " -AllowUserPorts \"#{convert_to_powershell(new_resource.allow_user_ports)}\"" unless new_resource.allow_user_ports.nil?
157
+ cmd << " -AllowUnicastResponseToMulticast \"#{convert_to_powershell(new_resource.allow_unicast_response)}\"" unless new_resource.allow_unicast_response.nil?
158
+ cmd << " -NotifyOnListen \"#{convert_to_powershell(new_resource.display_notification)}\"" unless new_resource.display_notification.nil?
159
+ cmd
160
+ end
161
+
162
+ def load_firewall_state(profile_name)
163
+ <<-EOH
164
+ Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
165
+ $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
166
+ ([PSCustomObject]@{
167
+ default_inbound_action = $#{profile_name}.DefaultInboundAction.ToString()
168
+ default_outbound_action = $#{profile_name}.DefaultOutboundAction.ToString()
169
+ allow_inbound_rules = $#{profile_name}.AllowInboundRules.ToString()
170
+ allow_local_firewall_rules = $#{profile_name}.AllowLocalFirewallRules.ToString()
171
+ allow_local_ipsec_rules = $#{profile_name}.AllowLocalIPsecRules.ToString()
172
+ allow_user_apps = $#{profile_name}.AllowUserApps.ToString()
173
+ allow_user_ports = $#{profile_name}.AllowUserPorts.ToString()
174
+ allow_unicast_response = $#{profile_name}.AllowUnicastResponseToMulticast.ToString()
175
+ display_notification = $#{profile_name}.NotifyOnListen.ToString()
176
+ }) | ConvertTo-Json
177
+ EOH
178
+ end
179
+
180
+ def firewall_enabled?(profile_name)
181
+ cmd = <<~CODE
182
+ $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
183
+ if ($#{profile_name}.Enabled) {
184
+ return $true
185
+ } else {return $false}
186
+ CODE
187
+ firewall_status = powershell_out(cmd).stdout
188
+ if firewall_status =~ /True/
189
+ true
190
+ elsif firewall_status =~ /False/
191
+ false
192
+ end
193
+ end
194
+ end
195
+ end
196
+ end
197
+ end
@@ -42,7 +42,7 @@ class Chef
42
42
 
43
43
  property :source, String,
44
44
  description: "A local filesystem path or URI that is used to source the font file.",
45
- coerce: proc { |x| x =~ /^.:.*/ ? x.tr('\\', "/").gsub("//", "/") : x }
45
+ coerce: proc { |x| /^.:.*/.match?(x) ? x.tr('\\', "/").gsub("//", "/") : x }
46
46
 
47
47
  action :install do
48
48
  description "Install a font to the system fonts directory."
@@ -84,7 +84,7 @@ class Chef
84
84
 
85
85
  # install the font into the appropriate fonts directory
86
86
  def install_font
87
- require "win32ole" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
87
+ require "win32ole" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
88
88
  fonts_dir = Chef::Util::PathHelper.join(ENV["windir"], "fonts")
89
89
  folder = WIN32OLE.new("Shell.Application").Namespace(fonts_dir)
90
90
  converge_by("install font #{new_resource.font_name} to #{fonts_dir}") do
@@ -96,7 +96,7 @@ class Chef
96
96
  #
97
97
  # @return [Boolean] Is the font is installed?
98
98
  def font_exists?
99
- require "win32ole" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
99
+ require "win32ole" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
100
100
  fonts_dir = WIN32OLE.new("WScript.Shell").SpecialFolders("Fonts")
101
101
  logger.trace("Seeing if the font at #{Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)} exists")
102
102
  ::File.exist?(Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name))
@@ -19,7 +19,7 @@
19
19
  require_relative "../mixin/uris"
20
20
  require_relative "package"
21
21
  require_relative "../provider/package/windows"
22
- require_relative "../win32/error" if RUBY_PLATFORM =~ /mswin|mingw|windows/
22
+ require_relative "../win32/error" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
23
23
  require_relative "../dist"
24
24
 
25
25
  class Chef
@@ -113,7 +113,7 @@ class Chef
113
113
  # we do this here and not in the property itself because if automatic_managed
114
114
  # is set then this validation is not necessary / doesn't make sense at all
115
115
  def validate_name
116
- return if /^.:.*.sys/ =~ new_resource.path
116
+ return if /^.:.*.sys/.match?(new_resource.path)
117
117
 
118
118
  raise "#{new_resource.path} does not match the format DRIVE:\\path\\file.sys for pagefiles. Example: C:\\pagefile.sys"
119
119
  end
@@ -124,7 +124,7 @@ class Chef
124
124
  # @return [Boolean]
125
125
  def exists?(pagefile)
126
126
  @exists ||= begin
127
- logger.trace("Checking if #{pagefile} exists by runing: wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list")
127
+ logger.trace("Checking if #{pagefile} exists by running: wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list")
128
128
  cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list", returns: [0])
129
129
  cmd.stderr.empty? && (cmd.stdout =~ /SettingID=#{get_setting_id(pagefile)}/i)
130
130
  end
@@ -16,34 +16,20 @@
16
16
  # limitations under the License.
17
17
  #
18
18
 
19
- require_relative "../platform/query_helpers"
20
19
  require_relative "script"
21
20
  require_relative "../mixin/windows_architecture_helper"
22
21
 
23
22
  class Chef
24
23
  class Resource
25
24
  class WindowsScript < Chef::Resource::Script
26
- unified_mode true
25
+ include Chef::Mixin::WindowsArchitectureHelper
27
26
 
28
- provides :windows_script
27
+ unified_mode true
29
28
 
30
29
  # This is an abstract resource meant to be subclasses; thus no 'provides'
31
30
 
32
31
  set_guard_inherited_attributes(:architecture)
33
32
 
34
- protected
35
-
36
- def initialize(name, run_context, resource_name, interpreter_command)
37
- super(name, run_context)
38
- @interpreter = interpreter_command
39
- @resource_name = resource_name if resource_name
40
- @default_guard_interpreter = self.resource_name
41
- end
42
-
43
- include Chef::Mixin::WindowsArchitectureHelper
44
-
45
- public
46
-
47
33
  def architecture(arg = nil)
48
34
  assert_architecture_compatible!(arg) unless arg.nil?
49
35
  result = set_or_return(
@@ -21,25 +21,27 @@ require_relative "../resource"
21
21
  class Chef
22
22
  class Resource
23
23
  class WindowsSecurityPolicy < Chef::Resource
24
- resource_name :windows_security_policy
24
+ provides :windows_security_policy
25
25
 
26
26
  # The valid policy_names options found here
27
27
  # https://github.com/ChrisAWalker/cSecurityOptions under 'AccountSettings'
28
- policy_names = %w{MinimumPasswordAge
29
- MaximumPasswordAge
30
- MinimumPasswordLength
31
- PasswordComplexity
32
- PasswordHistorySize
33
- LockoutBadCount
34
- RequireLogonToChangePassword
35
- ForceLogoffWhenHourExpire
36
- NewAdministratorName
37
- NewGuestName
38
- ClearTextPassword
39
- LSAAnonymousNameLookup
40
- EnableAdminAccount
41
- EnableGuestAccount
42
- }
28
+ policy_names = %w{LockoutDuration
29
+ MaximumPasswordAge
30
+ MinimumPasswordAge
31
+ MinimumPasswordLength
32
+ PasswordComplexity
33
+ PasswordHistorySize
34
+ LockoutBadCount
35
+ ResetLockoutCount
36
+ RequireLogonToChangePassword
37
+ ForceLogoffWhenHourExpire
38
+ NewAdministratorName
39
+ NewGuestName
40
+ ClearTextPassword
41
+ LSAAnonymousNameLookup
42
+ EnableAdminAccount
43
+ EnableGuestAccount
44
+ }
43
45
  description "Use the **windows_security_policy** resource to set a security policy on the Microsoft Windows platform."
44
46
  introduced "16.0"
45
47
 
@@ -78,13 +80,55 @@ class Chef
78
80
  property :secvalue, String, required: true,
79
81
  description: "Policy value to be set for policy name."
80
82
 
83
+ load_current_value do |desired|
84
+ powershell_code = <<-CODE
85
+ C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\secopts_export.inf | Out-Null
86
+ # cspell:disable-next-line
87
+ $security_options_data = (Get-Content $env:TEMP\\secopts_export.inf | Select-String -Pattern "^[CEFLMNPR].* =.*$" | Out-String)
88
+ Remove-Item $env:TEMP\\secopts_export.inf -force
89
+ $security_options_hash = ($security_options_data -Replace '"'| ConvertFrom-StringData)
90
+ ([PSCustomObject]@{
91
+ RequireLogonToChangePassword = $security_options_hash.RequireLogonToChangePassword
92
+ PasswordComplexity = $security_options_hash.PasswordComplexity
93
+ LSAAnonymousNameLookup = $security_options_hash.LSAAnonymousNameLookup
94
+ EnableAdminAccount = $security_options_hash.EnableAdminAccount
95
+ PasswordHistorySize = $security_options_hash.PasswordHistorySize
96
+ MinimumPasswordLength = $security_options_hash.MinimumPasswordLength
97
+ ResetLockoutCount = $security_options_hash.ResetLockoutCount
98
+ MaximumPasswordAge = $security_options_hash.MaximumPasswordAge
99
+ ClearTextPassword = $security_options_hash.ClearTextPassword
100
+ NewAdministratorName = $security_options_hash.NewAdministratorName
101
+ LockoutDuration = $security_options_hash.LockoutDuration
102
+ EnableGuestAccount = $security_options_hash.EnableGuestAccount
103
+ ForceLogoffWhenHourExpire = $security_options_hash.ForceLogoffWhenHourExpire
104
+ MinimumPasswordAge = $security_options_hash.MinimumPasswordAge
105
+ NewGuestName = $security_options_hash.NewGuestName
106
+ LockoutBadCount = $security_options_hash.LockoutBadCount
107
+ }) | ConvertTo-Json
108
+ CODE
109
+ output = powershell_out(powershell_code)
110
+ current_value_does_not_exist! if output.stdout.empty?
111
+ state = Chef::JSONCompat.from_json(output.stdout)
112
+
113
+ if desired.secoption == "ResetLockoutCount" || desired.secoption == "LockoutDuration"
114
+ if state["LockoutBadCount"] == "0"
115
+ raise Chef::Exceptions::ValidationFailed.new "#{desired.secoption} cannot be set unless the \"LockoutBadCount\" security policy has been set to a non-zero value"
116
+ else
117
+ secvalue state[desired.secoption.to_s]
118
+ end
119
+ else
120
+ secvalue state[desired.secoption.to_s]
121
+ end
122
+ end
123
+
81
124
  action :set do
82
- security_option = new_resource.secoption
83
- security_value = new_resource.secvalue
84
- powershell_script "#{security_option} set to #{security_value}" do
85
- convert_boolean_return true
86
- code <<-EOH
125
+ converge_if_changed :secvalue do
126
+ security_option = new_resource.secoption
127
+ security_value = new_resource.secvalue
128
+
129
+ cmd = <<-EOH
87
130
  $security_option = "#{security_option}"
131
+ C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
88
132
  if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") )
89
133
  {
90
134
  $#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content $env:TEMP\\#{security_option}_Export.inf
@@ -97,21 +141,8 @@ class Chef
97
141
  }
98
142
  Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
99
143
  EOH
100
- not_if <<-EOH
101
- $#{security_option}_Export = C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
102
- $ExportAudit = (Get-Content $env:TEMP\\#{security_option}_Export.inf | Select-String -Pattern #{security_option})
103
- $check_digit = $ExportAudit -match '#{security_option} = #{security_value}'
104
- $check_string = $ExportAudit -match '#{security_option} = "#{security_value}"'
105
- if ( $check_string -Or $check_digit )
106
- {
107
- Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
108
- $true
109
- }
110
- else
111
- {
112
- $false
113
- }
114
- EOH
144
+
145
+ powershell_out!(cmd)
115
146
  end
116
147
  end
117
148
  end