chef 16.1.16-universal-mingw32 → 16.2.44-universal-mingw32

data/lib/chef/provider/package/windows/msi.rb

@@ -18,7 +18,7 @@
 
 # TODO: Allow new_resource.source to be a Product Code as a GUID for uninstall / network install
 
-require_relative "../../../win32/api/installer" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+require_relative "../../../win32/api/installer" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
 require_relative "../../../mixin/shell_out"
 
 class Chef
@@ -26,7 +26,7 @@ class Chef
     class Package
       class Windows
         class MSI
-          include Chef::ReservedNames::Win32::API::Installer if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+          include Chef::ReservedNames::Win32::API::Installer if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
           include Chef::Mixin::ShellOut
 
           def initialize(resource, uninstall_entries)
@@ -84,7 +84,7 @@ class Chef
                 .map(&:uninstall_string).uniq.each do |uninstall_string|
                   uninstall_string = "msiexec /x #{uninstall_string.match(/{.*}/)}"
                   uninstall_string += expand_options(new_resource.options)
-                  uninstall_string += " /q" unless uninstall_string.downcase =~ %r{ /q}
+                  uninstall_string += " /q" unless %r{ /q}.match?(uninstall_string.downcase)
                   logger.trace("#{new_resource} removing MSI package version using '#{uninstall_string}'")
                   shell_out!(uninstall_string, default_env: false, timeout: new_resource.timeout, returns: new_resource.returns)
                 end

data/lib/chef/provider/package/windows/registry_uninstall_entry.rb

@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-require "win32/registry" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+require "win32/registry" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
 
 class Chef
   class Provider

data/lib/chef/provider/powershell_script.rb

@@ -26,19 +26,12 @@ class Chef
 
       provides :powershell_script
 
-      def initialize(new_resource, run_context)
-        super(new_resource, run_context, ".ps1")
-        add_exit_status_wrapper
-      end
-
       action :run do
         validate_script_syntax!
         super()
       end
 
       def command
-        basepath = is_forced_32bit ? wow64_directory : run_context.node["kernel"]["os_info"]["system_directory"]
-
         # Powershell.exe is always in "v1.0" folder (for backwards compatibility)
         interpreter_path = Chef::Util::PathHelper.join(basepath, "WindowsPowerShell", "v1.0", interpreter)
 
@@ -48,21 +41,19 @@ class Chef
         # error status of a failed Windows process that ran at the
         # end of the script, it gets changed to '1'.
         #
-        "\"#{interpreter_path}\" #{new_resource.flags} -File \"#{script_file.path}\""
+        "\"#{interpreter_path}\" #{new_resource.flags} -File \"#{script_file_path}\""
       end
 
       protected
 
-      # Process exit codes are strange with PowerShell and require
-      # special handling to cover common use cases.
-      def add_exit_status_wrapper
-        self.code = wrapper_script
+      def code
+        code = wrapper_script
         logger.trace("powershell_script provider called with script code:\n\n#{new_resource.code}\n")
         logger.trace("powershell_script provider will execute transformed code:\n\n#{code}\n")
+        code
       end
 
       def validate_script_syntax!
-        interpreter_arguments = new_resource.flags
         Tempfile.open(["chef_powershell_script-user-code", ".ps1"]) do |user_script_file|
           # Wrap the user's code in a PowerShell script block so that
           # it isn't executed. However, syntactically invalid script
@@ -80,7 +71,7 @@ class Chef
           # written to the file system at this point, which is required since
           # the intent is to execute the code just written to it.
           user_script_file.close
-          validation_command = "\"#{interpreter}\" #{interpreter_arguments} -Command \". '#{user_script_file.path}'\""
+          validation_command = "\"#{interpreter}\" #{new_resource.flags} -Command \". '#{user_script_file.path}'\""
 
           # Note that other script providers like bash allow syntax errors
           # to be suppressed by setting 'returns' to a value that the
@@ -99,6 +90,8 @@ class Chef
         end
       end
 
+      # Process exit codes are strange with PowerShell and require
+      # special handling to cover common use cases.
       # A wrapper script is used to launch user-supplied script while
       # still obtaining useful process exit codes. Unless you
       # explicitly call exit in PowerShell, the powershell.exe
@@ -182,6 +175,9 @@ class Chef
         EOH
       end
 
+      def script_extension
+        ".ps1"
+      end
     end
   end
 end

data/lib/chef/provider/remote_file/http.rb

@@ -130,10 +130,13 @@ class Chef
           # which tricks Chef::REST into decompressing the response body. In this
           # case you'd end up with a tar archive (no gzip) named, e.g., foo.tgz,
           # which is not what you wanted.
-          if uri.to_s =~ /gz$/
+          if /gz$/.match?(uri.to_s)
             logger.trace("Turning gzip compression off due to filename ending in gz")
             opts[:disable_gzip] = true
           end
+          if new_resource.ssl_verify_mode
+            opts[:ssl_verify_mode] = new_resource.ssl_verify_mode
+          end
           opts
         end
 

data/lib/chef/provider/script.rb

@@ -16,9 +16,7 @@
 # limitations under the License.
 #
 
-require "tempfile" unless defined?(Tempfile)
 require_relative "execute"
-require_relative "../win32/security" if ChefUtils.windows?
 require "forwardable" unless defined?(Forwardable)
 
 class Chef
@@ -34,84 +32,15 @@ class Chef
       provides :ruby
       provides :script
 
-      def_delegators :new_resource, :interpreter, :flags
-
-      attr_accessor :code
-
-      def initialize(new_resource, run_context)
-        super
-        self.code = new_resource.code
-      end
+      def_delegators :new_resource, :interpreter, :flags, :code
 
       def command
-        "\"#{interpreter}\" #{flags} \"#{script_file.path}\""
-      end
-
-      def load_current_resource
-        super
-      end
-
-      action :run do
-        script_file.puts(code)
-        script_file.close
-
-        set_owner_and_group
-
-        super()
-
-        unlink_script_file
-      end
-
-      def set_owner_and_group
-        if ChefUtils.windows?
-          # And on Windows also this is a no-op if there is no user specified.
-          grant_alternate_user_read_access
-        else
-          # FileUtils itself implements a no-op if +user+ or +group+ are nil
-          # You can prove this by running FileUtils.chown(nil,nil,'/tmp/file')
-          # as an unprivileged user.
-          FileUtils.chown(new_resource.user, new_resource.group, script_file.path)
-        end
+        "\"#{interpreter}\" #{flags}"
       end
 
-      def grant_alternate_user_read_access
-        # Do nothing if an alternate user isn't specified -- the file
-        # will already have the correct permissions for the user as part
-        # of the default ACL behavior on Windows.
-        return if new_resource.user.nil?
-
-        # Duplicate the script file's existing DACL
-        # so we can add an ACE later
-        securable_object = Chef::ReservedNames::Win32::Security::SecurableObject.new(script_file.path)
-        aces = securable_object.security_descriptor.dacl.reduce([]) { |result, current| result.push(current) }
-
-        username = new_resource.user
-
-        if new_resource.domain
-          username = new_resource.domain + '\\' + new_resource.user
-        end
-
-        # Create an ACE that allows the alternate user read access to the script
-        # file so it can be read and executed.
-        user_sid = Chef::ReservedNames::Win32::Security::SID.from_account(username)
-        read_ace = Chef::ReservedNames::Win32::Security::ACE.access_allowed(user_sid, Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE, 0)
-        aces.push(read_ace)
-        acl = Chef::ReservedNames::Win32::Security::ACL.create(aces)
-
-        # This actually applies the modified DACL to the file
-        # Use parentheses to bypass RuboCop / ChefStyle warning
-        # about useless setter
-        (securable_object.dacl = acl)
+      def input
+        code
       end
-
-      def script_file
-        @script_file ||= Tempfile.open("chef-script")
-      end
-
-      def unlink_script_file
-        script_file && script_file.close!
-      end
-
     end
   end
 end

data/lib/chef/provider/service/arch.rb

@@ -33,7 +33,7 @@ class Chef::Provider::Service::Arch < Chef::Provider::Service::Init
 
   def load_current_resource
     raise Chef::Exceptions::Service, "Could not find /etc/rc.conf" unless ::File.exists?("/etc/rc.conf")
-    raise Chef::Exceptions::Service, "No DAEMONS found in /etc/rc.conf" unless ::File.read("/etc/rc.conf") =~ /DAEMONS=\((.*)\)/m
+    raise Chef::Exceptions::Service, "No DAEMONS found in /etc/rc.conf" unless /DAEMONS=\((.*)\)/m.match?(::File.read("/etc/rc.conf"))
 
     super
 

data/lib/chef/provider/service/debian.rb

@@ -76,9 +76,9 @@ class Chef
 
           in_info = false
           ::File.readlines(path).each_with_object([]) do |line, acc|
-            if line =~ /^### BEGIN INIT INFO/
+            if /^### BEGIN INIT INFO/.match?(line)
               in_info = true
-            elsif line =~ /^### END INIT INFO/
+            elsif /^### END INIT INFO/.match?(line)
               break acc
             elsif in_info
               if line =~ /Default-(Start|Stop):\s+(\d.*)/

data/lib/chef/provider/service/openbsd.rb

@@ -91,7 +91,7 @@ class Chef
               old_services_list = rc_conf_local.match(/^pkg_scripts="(.*)"/)
               old_services_list = old_services_list ? old_services_list[1].split(" ") : []
               new_services_list = old_services_list + [new_resource.service_name]
-              if rc_conf_local =~ /^pkg_scripts="(.*)"/
+              if /^pkg_scripts="(.*)"/.match?(rc_conf_local)
                 new_rcl = rc_conf_local.sub(/^pkg_scripts="(.*)"/, "pkg_scripts=\"#{new_services_list.join(" ")}\"")
               else
                 new_rcl = rc_conf_local + "\n" + "pkg_scripts=\"#{new_services_list.join(" ")}\"\n"
@@ -158,7 +158,7 @@ class Chef
           result = false
           var_name = builtin_service_enable_variable_name
           if var_name
-            if rc_conf =~ /^#{Regexp.escape(var_name)}=(.*)/
+            if /^#{Regexp.escape(var_name)}=(.*)/.match?(rc_conf)
               result = true
             end
           end
@@ -170,7 +170,7 @@ class Chef
           var_name = builtin_service_enable_variable_name
           if var_name
             if m = rc_conf.match(/^#{Regexp.escape(var_name)}=(.*)/)
-              unless m[1] =~ /"?[Nn][Oo]"?/
+              unless /"?[Nn][Oo]"?/.match?(m[1])
                 result = true
               end
             end
@@ -186,7 +186,7 @@ class Chef
             if var_name
               if m = rc_conf_local.match(/^#{Regexp.escape(var_name)}=(.*)/)
                 @enabled_state_found = true
-                unless m[1] =~ /"?[Nn][Oo]"?/ # e.g. looking for httpd_flags=NO
+                unless /"?[Nn][Oo]"?/.match?(m[1]) # e.g. looking for httpd_flags=NO
                   result = true
                 end
               end

data/lib/chef/provider/service/redhat.rb

@@ -87,7 +87,7 @@ class Chef
               chkconfig.stdout.split(/\s+/)[1..-1].each do |level|
                 index = level.split(":").first
                 status = level.split(":").last
-                if level =~ CHKCONFIG_ON
+                if CHKCONFIG_ON.match?(level)
                   @current_run_levels << index.to_i
                   all_levels_match = false unless run_levels.include?(index.to_i)
                 else

data/lib/chef/provider/service/windows.rb

@@ -20,7 +20,7 @@
 
 require_relative "simple"
 require_relative "../../win32_service_constants"
-if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
   require_relative "../../win32/error"
   require "win32/service"
 end

data/lib/chef/provider/subversion.rb

@@ -122,7 +122,7 @@ class Chef
       # If the specified revision is an integer, trust it.
       def revision_int
         @revision_int ||= begin
-          if new_resource.revision =~ /^\d+$/
+          if /^\d+$/.match?(new_resource.revision)
             new_resource.revision
           else
             command = scm(:info, new_resource.repository, new_resource.svn_info_args, authentication, "-r#{new_resource.revision}")
@@ -211,7 +211,7 @@ class Chef
 
       def scm(*args)
         binary = svn_binary
-        binary = "\"#{binary}\"" if binary =~ /\s/
+        binary = "\"#{binary}\"" if /\s/.match?(binary)
         [binary, *args].compact.join(" ")
       end
 

data/lib/chef/provider/user/dscl.rb

@@ -215,7 +215,7 @@ in 'password', with the associated 'salt' and 'iterations'.")
           next_uid_guess = base_uid
           users_uids = run_dscl("list", "/Users", "uid")
           while next_uid_guess < search_limit + base_uid
-            if users_uids =~ Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n")
+            if users_uids&.match?(Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n"))
               next_uid_guess += 1
             else
               uid = next_uid_guess
@@ -291,7 +291,7 @@ in 'password', with the associated 'salt' and 'iterations'.")
         end
 
         def validate_home_dir_specification!
-          unless new_resource.home =~ %r{^/}
+          unless %r{^/}.match?(new_resource.home)
             raise(Chef::Exceptions::InvalidHomeDirectory, "invalid path spec for User: '#{new_resource.username}', home directory: '#{new_resource.home}'")
           end
         end
@@ -536,7 +536,7 @@ in 'password', with the associated 'salt' and 'iterations'.")
 
           # We flush the cache here in order to make sure that we read fresh information
           # for the user.
-          shell_out("dscacheutil", "-flushcache") # FIXME: this is MacOS version dependent
+          shell_out("dscacheutil", "-flushcache") # FIXME: this is macOS version dependent
 
           begin
             user_plist_file = "#{USER_PLIST_DIRECTORY}/#{new_resource.username}.plist"
@@ -587,7 +587,7 @@ in 'password', with the associated 'salt' and 'iterations'.")
           result = shell_out("dscl", ".", "-#{args[0]}", args[1..-1])
           return "" if ( args.first =~ /^delete/ ) && ( result.exitstatus != 0 )
           raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") unless result.exitstatus == 0
-          raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") if result.stdout =~ /No such key: /
+          raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") if /No such key: /.match?(result.stdout)
 
           result.stdout
         end

data/lib/chef/provider/user/linux.rb

@@ -96,7 +96,7 @@ class Chef
           passwd_s = shell_out("passwd", "-S", new_resource.username, returns: [ 0, 1 ])
 
           # checking "does not exist" has to come before exit code handling since centos and ubuntu differ in exit codes
-          if passwd_s.stderr =~ /does not exist/
+          if /does not exist/.match?(passwd_s.stderr)
             return false if whyrun_mode?
 
             raise Chef::Exceptions::User, "User #{new_resource.username} does not exist when checking lock status for #{new_resource}"
@@ -108,8 +108,8 @@ class Chef
           # now the actual output parsing
           @locked = nil
           status_line = passwd_s.stdout.split(" ")
-          @locked = false if status_line[1] =~ /^[PN]/
-          @locked = true if status_line[1] =~ /^L/
+          @locked = false if /^[PN]/.match?(status_line[1])
+          @locked = true if /^L/.match?(status_line[1])
 
           raise Chef::Exceptions::User, "Cannot determine if user #{new_resource.username} is locked for #{new_resource}" if @locked.nil?
 

data/lib/chef/provider/user/mac.rb

@@ -163,7 +163,7 @@ class Chef
           # a problem. We'll check stderr and make sure we see that it finished
           # correctly.
           res = run_sysadminctl(cmd)
-          unless res.downcase =~ /creating user/
+          unless /creating user/.match?(res.downcase)
             raise Chef::Exceptions::User, "error when creating user: #{res}"
           end
 
@@ -309,7 +309,7 @@ class Chef
           # sysadminctl doesn't exit with a non-zero exit code if it encounters
           # a problem. We'll check stderr and make sure we see that it finished
           res = run_sysadminctl(cmd)
-          unless res.downcase =~ /deleting record|not found/
+          unless /deleting record|not found/.match?(res.downcase)
             raise Chef::Exceptions::User, "error deleting user: #{res}"
           end
 
@@ -372,7 +372,7 @@ class Chef
           next_uid_guess = base_uid
           users_uids = run_dscl("list", "/Users", "uid")
           while next_uid_guess < search_limit + base_uid
-            if users_uids =~ Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n")
+            if users_uids&.match?(Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n"))
               next_uid_guess += 1
             else
               uid = next_uid_guess
@@ -430,7 +430,7 @@ class Chef
           # sysadminctl doesn't exit with a non-zero exit code if it encounters
           # a problem. We'll check stderr and make sure we see that it finished
           res = run_sysadminctl(cmd)
-          unless res.downcase =~ /done/
+          unless /done/.match?(res.downcase)
             raise Chef::Exceptions::User, "error when modifying SecureToken: #{res}"
           end
 
@@ -611,7 +611,7 @@ class Chef
           result = shell_out("dscl", "-plist", ".", "-#{args[0]}", args[1..-1])
           return "" if ( args.first =~ /^delete/ ) && ( result.exitstatus != 0 )
           raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") unless result.exitstatus == 0
-          raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") if result.stdout =~ /No such key: /
+          raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") if /No such key: /.match?(result.stdout)
 
           result.stdout
         end

data/lib/chef/provider/windows_script.rb

@@ -18,57 +18,119 @@
 
 require_relative "script"
 require_relative "../mixin/windows_architecture_helper"
+require_relative "../win32/security" if ChefUtils.windows?
+require "tempfile" unless defined?(Tempfile)
 
 class Chef
   class Provider
     class WindowsScript < Chef::Provider::Script
 
-      attr_reader :is_forced_32bit
-
       protected
 
-      include Chef::Mixin::WindowsArchitectureHelper
-
-      def initialize( new_resource, run_context, script_extension = "")
-        super( new_resource, run_context )
-        @script_extension = script_extension
+      attr_accessor :script_file_path
 
-        target_architecture = if new_resource.architecture.nil?
-                                node_windows_architecture(run_context.node)
-                              else
-                                new_resource.architecture
-                              end
-
-        @is_wow64 = wow64_architecture_override_required?(run_context.node, target_architecture)
+      include Chef::Mixin::WindowsArchitectureHelper
 
-        @is_forced_32bit = forced_32bit_override_required?(run_context.node, target_architecture)
+      def target_architecture
+        @target_architecture ||= if new_resource.architecture.nil?
+                                   node_windows_architecture(run_context.node)
+                                 else
+                                   new_resource.architecture
+                                 end
       end
 
-      public
+      def basepath
+        if forced_32bit_override_required?(run_context.node, target_architecture)
+          wow64_directory
+        else
+          run_context.node["kernel"]["os_info"]["system_directory"]
+        end
+      end
 
-      action :run do
+      def with_wow64_redirection_disabled
         wow64_redirection_state = nil
 
-        if @is_wow64
-          wow64_redirection_state = disable_wow64_file_redirection(@run_context.node)
+        if wow64_architecture_override_required?(run_context.node, target_architecture)
+          wow64_redirection_state = disable_wow64_file_redirection(run_context.node)
         end
 
         begin
-          super()
+          yield
         rescue
           raise
         ensure
           unless wow64_redirection_state.nil?
-            restore_wow64_file_redirection(@run_context.node, wow64_redirection_state)
+            restore_wow64_file_redirection(run_context.node, wow64_redirection_state)
           end
         end
       end
 
-      def script_file
-        base_script_name = "chef-script"
-        temp_file_arguments = [ base_script_name, @script_extension ]
+      def command
+        "\"#{interpreter}\" #{flags} \"#{script_file_path}\""
+      end
+
+      def grant_alternate_user_read_access(file_path)
+        # Do nothing if an alternate user isn't specified -- the file
+        # will already have the correct permissions for the user as part
+        # of the default ACL behavior on Windows.
+        return if new_resource.user.nil?
+
+        # Duplicate the script file's existing DACL
+        # so we can add an ACE later
+        securable_object = Chef::ReservedNames::Win32::Security::SecurableObject.new(file_path)
+        aces = securable_object.security_descriptor.dacl.reduce([]) { |result, current| result.push(current) }
+
+        username = new_resource.user
+
+        if new_resource.domain
+          username = new_resource.domain + '\\' + new_resource.user
+        end
+
+        # Create an ACE that allows the alternate user read access to the script
+        # file so it can be read and executed.
+        user_sid = Chef::ReservedNames::Win32::Security::SID.from_account(username)
+        read_ace = Chef::ReservedNames::Win32::Security::ACE.access_allowed(user_sid, Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE, 0)
+        aces.push(read_ace)
+        acl = Chef::ReservedNames::Win32::Security::ACL.create(aces)
+
+        # This actually applies the modified DACL to the file
+        # Use parentheses to bypass RuboCop / ChefStyle warning
+        # about useless setter
+        (securable_object.dacl = acl)
+      end
+
+      def with_temp_script_file
+        Tempfile.open(["chef-script", script_extension]) do |script_file|
+          script_file.puts(code)
+          script_file.close
+
+          grant_alternate_user_read_access(script_file.path)
+
+          # This needs to be set here so that the call to #command in Execute works.
+          self.script_file_path = script_file.path
+
+          yield
+
+          self.script_file_path = nil
+        end
+      end
+
+      def input
+        nil
+      end
+
+      public
+
+      action :run do
+        with_wow64_redirection_disabled do
+          with_temp_script_file do
+            super()
+          end
+        end
+      end
 
-        @script_file ||= Tempfile.open(temp_file_arguments)
+      def script_extension
+        raise Chef::Exceptions::Override, "You must override #{__method__} in #{self}"
       end
     end
   end