chef 16.1.16 → 16.18.30
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +32 -27
- data/README.md +5 -5
- data/Rakefile +35 -30
- data/bin/knife +1 -1
- data/chef-universal-mingw32.gemspec +5 -5
- data/chef.gemspec +32 -10
- data/lib/chef/action_collection.rb +5 -1
- data/lib/chef/api_client/registration.rb +2 -2
- data/lib/chef/application/apply.rb +19 -13
- data/lib/chef/application/base.rb +27 -24
- data/lib/chef/application/client.rb +17 -6
- data/lib/chef/application/exit_code.rb +13 -4
- data/lib/chef/application/knife.rb +22 -11
- data/lib/chef/application/solo.rb +2 -1
- data/lib/chef/application/windows_service.rb +39 -39
- data/lib/chef/application/windows_service_manager.rb +7 -7
- data/lib/chef/application.rb +33 -19
- data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
- data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
- data/lib/chef/chef_class.rb +0 -1
- data/lib/chef/chef_fs/chef_fs_data_store.rb +55 -55
- data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
- data/lib/chef/chef_fs/file_pattern.rb +1 -1
- data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
- data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
- data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
- data/lib/chef/chef_fs/knife.rb +2 -2
- data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
- data/lib/chef/chef_fs/parallelizer.rb +0 -1
- data/lib/chef/chef_fs/path_utils.rb +1 -1
- data/lib/chef/client.rb +32 -59
- data/lib/chef/compliance/default_attributes.rb +97 -0
- data/lib/chef/compliance/fetcher/automate.rb +80 -0
- data/lib/chef/compliance/fetcher/chef_server.rb +134 -0
- data/lib/chef/compliance/reporter/automate.rb +201 -0
- data/lib/chef/compliance/reporter/chef_server_automate.rb +94 -0
- data/lib/chef/compliance/reporter/compliance_enforcer.rb +20 -0
- data/lib/chef/compliance/reporter/json_file.rb +19 -0
- data/lib/chef/compliance/runner.rb +269 -0
- data/lib/chef/cookbook/chefignore.rb +1 -1
- data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
- data/lib/chef/cookbook/gem_installer.rb +6 -2
- data/lib/chef/cookbook/metadata.rb +1 -1
- data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
- data/lib/chef/cookbook/synchronizer.rb +2 -2
- data/lib/chef/cookbook/syntax_check.rb +1 -2
- data/lib/chef/cookbook_loader.rb +15 -29
- data/lib/chef/cookbook_manifest.rb +2 -1
- data/lib/chef/cookbook_site_streaming_uploader.rb +13 -11
- data/lib/chef/cookbook_uploader.rb +1 -1
- data/lib/chef/cookbook_version.rb +30 -11
- data/lib/chef/data_bag.rb +5 -6
- data/lib/chef/data_collector/config_validation.rb +22 -13
- data/lib/chef/data_collector/run_end_message.rb +15 -5
- data/lib/chef/data_collector/run_start_message.rb +1 -1
- data/lib/chef/data_collector.rb +7 -6
- data/lib/chef/deprecated.rb +27 -5
- data/lib/chef/deprecation/warnings.rb +2 -2
- data/lib/chef/digester.rb +4 -3
- data/lib/chef/dsl/chef_vault.rb +1 -1
- data/lib/chef/dsl/data_query.rb +2 -2
- data/lib/chef/dsl/platform_introspection.rb +10 -8
- data/lib/chef/dsl/reboot_pending.rb +1 -1
- data/lib/chef/encrypted_data_bag_item/assertions.rb +1 -1
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +3 -3
- data/lib/chef/encrypted_data_bag_item/encryptor.rb +3 -3
- data/lib/chef/encrypted_data_bag_item.rb +3 -4
- data/lib/chef/environment.rb +6 -7
- data/lib/chef/event_loggers/windows_eventlog.rb +2 -2
- data/lib/chef/exceptions.rb +16 -6
- data/lib/chef/file_access_control/windows.rb +12 -11
- data/lib/chef/file_access_control.rb +1 -1
- data/lib/chef/file_cache.rb +4 -4
- data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
- data/lib/chef/file_content_management/tempfile.rb +10 -10
- data/lib/chef/formatters/doc.rb +7 -6
- data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +6 -5
- data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +3 -3
- data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +3 -3
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +9 -9
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +8 -8
- data/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +3 -3
- data/lib/chef/formatters/error_mapper.rb +2 -2
- data/lib/chef/formatters/indentable_output_stream.rb +2 -2
- data/lib/chef/formatters/minimal.rb +5 -4
- data/lib/chef/guard_interpreter/resource_guard_interpreter.rb +28 -39
- data/lib/chef/handler/json_file.rb +1 -1
- data/lib/chef/handler.rb +2 -0
- data/lib/chef/http/auth_credentials.rb +5 -1
- data/lib/chef/http/authenticator.rb +4 -2
- data/lib/chef/http/basic_client.rb +4 -2
- data/lib/chef/http/decompressor.rb +1 -1
- data/lib/chef/http/http_request.rb +8 -6
- data/lib/chef/http/json_output.rb +1 -1
- data/lib/chef/http/socketless_chef_zero_client.rb +5 -2
- data/lib/chef/http/ssl_policies.rb +52 -15
- data/lib/chef/http.rb +38 -31
- data/lib/chef/json_compat.rb +4 -9
- data/lib/chef/key.rb +1 -1
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +12 -12
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +9 -9
- data/lib/chef/knife/bootstrap/train_connector.rb +2 -1
- data/lib/chef/knife/bootstrap.rb +93 -40
- data/lib/chef/knife/client_bulk_delete.rb +1 -1
- data/lib/chef/knife/client_create.rb +3 -3
- data/lib/chef/knife/config_get.rb +8 -96
- data/lib/chef/knife/config_get_profile.rb +9 -9
- data/lib/chef/knife/config_list.rb +139 -0
- data/lib/chef/knife/config_list_profiles.rb +8 -95
- data/lib/chef/knife/config_show.rb +127 -0
- data/lib/chef/knife/config_use.rb +61 -0
- data/lib/chef/knife/config_use_profile.rb +12 -17
- data/lib/chef/knife/configure.rb +5 -3
- data/lib/chef/knife/cookbook_delete.rb +1 -1
- data/lib/chef/knife/cookbook_download.rb +1 -1
- data/lib/chef/knife/cookbook_metadata.rb +1 -1
- data/lib/chef/knife/cookbook_upload.rb +29 -37
- data/lib/chef/knife/core/bootstrap_context.rb +3 -3
- data/lib/chef/knife/core/cookbook_scm_repo.rb +2 -2
- data/lib/chef/knife/core/formatting_options.rb +49 -0
- data/lib/chef/knife/core/gem_glob_loader.rb +2 -2
- data/lib/chef/knife/core/generic_presenter.rb +1 -1
- data/lib/chef/knife/core/hashed_command_loader.rb +3 -2
- data/lib/chef/knife/core/node_presenter.rb +0 -25
- data/lib/chef/knife/core/object_loader.rb +1 -1
- data/lib/chef/knife/core/status_presenter.rb +1 -26
- data/lib/chef/knife/core/subcommand_loader.rb +20 -1
- data/lib/chef/knife/core/ui.rb +12 -3
- data/lib/chef/knife/core/windows_bootstrap_context.rb +51 -42
- data/lib/chef/knife/data_bag_create.rb +1 -1
- data/lib/chef/knife/delete.rb +15 -15
- data/lib/chef/knife/exec.rb +4 -4
- data/lib/chef/knife/node_bulk_delete.rb +1 -1
- data/lib/chef/knife/node_policy_set.rb +2 -2
- data/lib/chef/knife/node_run_list_add.rb +1 -1
- data/lib/chef/knife/node_run_list_remove.rb +2 -2
- data/lib/chef/knife/node_run_list_set.rb +1 -1
- data/lib/chef/knife/node_show.rb +4 -3
- data/lib/chef/knife/rehash.rb +3 -21
- data/lib/chef/knife/role_bulk_delete.rb +1 -1
- data/lib/chef/knife/role_env_run_list_add.rb +1 -1
- data/lib/chef/knife/role_env_run_list_set.rb +1 -1
- data/lib/chef/knife/role_run_list_add.rb +1 -1
- data/lib/chef/knife/role_run_list_set.rb +1 -1
- data/lib/chef/knife/search.rb +2 -2
- data/lib/chef/knife/serve.rb +3 -3
- data/lib/chef/knife/ssh.rb +33 -12
- data/lib/chef/knife/ssl_check.rb +3 -3
- data/lib/chef/knife/status.rb +10 -13
- data/lib/chef/knife/supermarket_share.rb +1 -1
- data/lib/chef/knife/supermarket_unshare.rb +1 -1
- data/lib/chef/knife/tag_create.rb +1 -1
- data/lib/chef/knife/tag_delete.rb +1 -1
- data/lib/chef/knife/user_create.rb +2 -2
- data/lib/chef/knife/xargs.rb +19 -19
- data/lib/chef/knife/yaml_convert.rb +1 -1
- data/lib/chef/knife.rb +9 -9
- data/lib/chef/local_mode.rb +2 -2
- data/lib/chef/log/syslog.rb +2 -2
- data/lib/chef/log/winevt.rb +2 -2
- data/lib/chef/log.rb +8 -3
- data/lib/chef/mixin/checksum.rb +5 -0
- data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
- data/lib/chef/mixin/convert_to_class_name.rb +0 -56
- data/lib/chef/mixin/deep_merge.rb +35 -18
- data/{spec/unit/monkey_patches/uri_spec.rb → lib/chef/mixin/default_paths.rb} +11 -13
- data/lib/chef/mixin/openssl_helper.rb +32 -11
- data/lib/chef/mixin/path_sanity.rb +5 -4
- data/lib/chef/mixin/powershell_exec.rb +17 -22
- data/lib/chef/mixin/powershell_out.rb +12 -5
- data/lib/chef/mixin/properties.rb +2 -0
- data/lib/chef/mixin/securable.rb +2 -2
- data/lib/chef/mixin/shell_out.rb +4 -188
- data/lib/chef/mixin/template.rb +4 -3
- data/lib/chef/mixin/unformatter.rb +1 -1
- data/lib/chef/mixin/uris.rb +4 -2
- data/lib/chef/mixin/versioned_api.rb +1 -2
- data/lib/chef/mixin/which.rb +6 -3
- data/lib/chef/mixins.rb +1 -0
- data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
- data/lib/chef/node/attribute.rb +22 -7
- data/lib/chef/node/attribute_collections.rb +2 -6
- data/lib/chef/node/mixin/deep_merge_cache.rb +4 -4
- data/lib/chef/node/mixin/immutablize_hash.rb +2 -0
- data/lib/chef/node.rb +43 -18
- data/lib/chef/node_map.rb +21 -18
- data/lib/chef/platform/query_helpers.rb +4 -4
- data/lib/chef/platform/service_helpers.rb +31 -28
- data/lib/chef/policy_builder/dynamic.rb +2 -0
- data/lib/chef/policy_builder/policyfile.rb +8 -3
- data/lib/chef/powershell.rb +10 -4
- data/lib/chef/property.rb +2 -2
- data/lib/chef/provider/batch.rb +3 -10
- data/lib/chef/provider/cron/unix.rb +0 -2
- data/lib/chef/provider/cron.rb +9 -28
- data/lib/chef/provider/dsc_resource.rb +12 -24
- data/lib/chef/provider/dsc_script.rb +16 -20
- data/lib/chef/provider/execute.rb +2 -1
- data/lib/chef/provider/file.rb +5 -5
- data/lib/chef/provider/git.rb +22 -14
- data/lib/chef/provider/group/dscl.rb +3 -3
- data/lib/chef/provider/group/suse.rb +5 -5
- data/lib/chef/provider/group/windows.rb +13 -2
- data/lib/chef/provider/group.rb +14 -8
- data/lib/chef/provider/ifconfig/debian.rb +38 -22
- data/lib/chef/provider/ifconfig/redhat.rb +54 -18
- data/lib/chef/provider/ifconfig.rb +16 -19
- data/lib/chef/provider/launchd.rb +3 -13
- data/lib/chef/provider/link.rb +0 -9
- data/lib/chef/provider/mount/aix.rb +1 -1
- data/lib/chef/provider/mount/linux.rb +67 -0
- data/lib/chef/provider/mount/mount.rb +41 -43
- data/lib/chef/provider/mount/solaris.rb +0 -1
- data/lib/chef/provider/mount/windows.rb +2 -2
- data/lib/chef/provider/mount.rb +23 -3
- data/lib/chef/provider/noop.rb +1 -1
- data/lib/chef/provider/package/apt.rb +1 -1
- data/lib/chef/provider/package/chocolatey.rb +6 -6
- data/lib/chef/provider/package/dnf/dnf_helper.py +23 -6
- data/lib/chef/provider/package/dnf/python_helper.rb +6 -6
- data/lib/chef/provider/package/dnf.rb +39 -12
- data/lib/chef/provider/package/dpkg.rb +3 -12
- data/lib/chef/provider/package/freebsd/base.rb +3 -2
- data/lib/chef/provider/package/freebsd/pkgng.rb +4 -2
- data/lib/chef/provider/package/homebrew.rb +1 -1
- data/lib/chef/provider/package/ips.rb +1 -1
- data/lib/chef/provider/package/openbsd.rb +1 -1
- data/lib/chef/provider/package/portage.rb +2 -2
- data/lib/chef/provider/package/powershell.rb +10 -2
- data/lib/chef/provider/package/rubygems.rb +25 -22
- data/lib/chef/provider/package/snap.rb +99 -34
- data/lib/chef/provider/package/solaris.rb +0 -2
- data/lib/chef/provider/package/windows/msi.rb +3 -3
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +12 -10
- data/lib/chef/provider/package/windows.rb +12 -7
- data/lib/chef/provider/package/yum/rpm_utils.rb +1 -1
- data/lib/chef/provider/package/yum/yum_helper.py +4 -10
- data/lib/chef/provider/package/zypper.rb +99 -73
- data/lib/chef/provider/package.rb +53 -18
- data/lib/chef/provider/powershell_script.rb +40 -17
- data/lib/chef/provider/registry_key.rb +4 -3
- data/lib/chef/provider/remote_file/content.rb +3 -0
- data/lib/chef/provider/remote_file/ftp.rb +6 -4
- data/lib/chef/provider/remote_file/http.rb +4 -1
- data/lib/chef/provider/remote_file/sftp.rb +6 -4
- data/lib/chef/provider/route.rb +4 -8
- data/lib/chef/provider/script.rb +4 -75
- data/lib/chef/provider/service/arch.rb +2 -2
- data/lib/chef/provider/service/debian.rb +5 -4
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +7 -7
- data/lib/chef/provider/service/openbsd.rb +5 -8
- data/lib/chef/provider/service/redhat.rb +4 -4
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +11 -11
- data/lib/chef/provider/service.rb +2 -2
- data/lib/chef/provider/subversion.rb +2 -2
- data/lib/chef/provider/systemd_unit.rb +0 -2
- data/lib/chef/provider/template/content.rb +2 -1
- data/lib/chef/provider/template_finder.rb +2 -10
- data/lib/chef/provider/user/aix.rb +1 -1
- data/lib/chef/provider/user/dscl.rb +10 -10
- data/lib/chef/provider/user/linux.rb +3 -3
- data/lib/chef/provider/user/mac.rb +29 -21
- data/lib/chef/provider/user/solaris.rb +1 -1
- data/lib/chef/provider/user/windows.rb +10 -3
- data/lib/chef/provider/user.rb +17 -9
- data/lib/chef/provider/windows_script.rb +87 -25
- data/lib/chef/provider/yum_repository.rb +3 -3
- data/lib/chef/provider/zypper_repository.rb +33 -14
- data/lib/chef/provider.rb +1 -5
- data/lib/chef/provider_resolver.rb +1 -1
- data/lib/chef/providers.rb +1 -4
- data/lib/chef/pwsh.rb +71 -0
- data/lib/chef/recipe.rb +2 -2
- data/lib/chef/resource/alternatives.rb +1 -1
- data/lib/chef/resource/apt_package.rb +1 -1
- data/lib/chef/resource/apt_repository.rb +7 -15
- data/lib/chef/resource/archive_file.rb +28 -8
- data/lib/chef/resource/bash.rb +119 -2
- data/lib/chef/resource/batch.rb +5 -3
- data/lib/chef/resource/bff_package.rb +22 -0
- data/lib/chef/resource/breakpoint.rb +59 -2
- data/lib/chef/resource/build_essential.rb +7 -10
- data/lib/chef/resource/cab_package.rb +29 -0
- data/lib/chef/resource/chef_client_config.rb +313 -0
- data/lib/chef/resource/chef_client_cron.rb +36 -29
- data/lib/chef/resource/chef_client_launchd.rb +194 -0
- data/lib/chef/resource/chef_client_scheduled_task.rb +36 -21
- data/lib/chef/resource/chef_client_systemd_timer.rb +29 -22
- data/lib/chef/resource/chef_client_trusted_certificate.rb +102 -0
- data/lib/chef/resource/chef_gem.rb +58 -22
- data/lib/chef/resource/chef_handler.rb +149 -4
- data/lib/chef/resource/chef_sleep.rb +3 -3
- data/lib/chef/resource/chef_vault_secret.rb +14 -14
- data/lib/chef/resource/chocolatey_feature.rb +1 -2
- data/lib/chef/resource/cookbook_file.rb +2 -2
- data/lib/chef/resource/cron/_cron_shared.rb +99 -0
- data/lib/chef/resource/cron/cron.rb +46 -0
- data/lib/chef/resource/{cron_d.rb → cron/cron_d.rb} +9 -89
- data/lib/chef/resource/cron_access.rb +13 -5
- data/lib/chef/resource/csh.rb +2 -3
- data/lib/chef/resource/dmg_package.rb +2 -2
- data/lib/chef/resource/dnf_package.rb +2 -2
- data/lib/chef/resource/dsc_resource.rb +0 -1
- data/lib/chef/resource/dsc_script.rb +9 -2
- data/lib/chef/resource/execute.rb +486 -15
- data/lib/chef/resource/file.rb +5 -5
- data/lib/chef/resource/freebsd_package.rb +1 -1
- data/lib/chef/resource/gem_package.rb +36 -3
- data/lib/chef/resource/helpers/cron_validations.rb +6 -3
- data/lib/chef/resource/homebrew_cask.rb +16 -10
- data/lib/chef/resource/homebrew_package.rb +32 -3
- data/lib/chef/resource/homebrew_update.rb +110 -0
- data/lib/chef/resource/hostname.rb +27 -40
- data/lib/chef/resource/http_request.rb +1 -1
- data/lib/chef/resource/ifconfig.rb +52 -5
- data/lib/chef/resource/kernel_module.rb +15 -2
- data/lib/chef/resource/ksh.rb +3 -3
- data/lib/chef/resource/launchd.rb +18 -17
- data/lib/chef/resource/locale.rb +4 -4
- data/lib/chef/resource/lwrp_base.rb +4 -5
- data/lib/chef/resource/macos_userdefaults.rb +176 -61
- data/lib/chef/resource/mdadm.rb +2 -2
- data/lib/chef/resource/mount.rb +9 -3
- data/lib/chef/resource/notify_group.rb +0 -1
- data/lib/chef/resource/ohai.rb +46 -3
- data/lib/chef/resource/ohai_hint.rb +33 -0
- data/lib/chef/resource/openssl_dhparam.rb +29 -5
- data/lib/chef/resource/openssl_ec_private_key.rb +8 -3
- data/lib/chef/resource/openssl_ec_public_key.rb +4 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +8 -3
- data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
- data/lib/chef/resource/openssl_x509_certificate.rb +49 -49
- data/lib/chef/resource/openssl_x509_crl.rb +22 -12
- data/lib/chef/resource/openssl_x509_request.rb +37 -36
- data/lib/chef/resource/osx_profile.rb +292 -6
- data/lib/chef/resource/perl.rb +2 -3
- data/lib/chef/resource/plist.rb +26 -11
- data/lib/chef/resource/powershell_package_source.rb +25 -24
- data/lib/chef/resource/powershell_script.rb +40 -41
- data/lib/chef/resource/python.rb +2 -3
- data/lib/chef/resource/reboot.rb +2 -2
- data/lib/chef/resource/registry_key.rb +93 -2
- data/lib/chef/resource/remote_directory.rb +1 -1
- data/lib/chef/resource/remote_file.rb +26 -10
- data/lib/chef/resource/rhsm_register.rb +39 -10
- data/lib/chef/resource/rhsm_subscription.rb +5 -5
- data/lib/chef/resource/route.rb +1 -1
- data/lib/chef/resource/ruby.rb +1 -6
- data/lib/chef/resource/ruby_block.rb +2 -2
- data/lib/chef/resource/scm/_scm.rb +2 -1
- data/lib/chef/resource/scm/git.rb +82 -1
- data/lib/chef/resource/scm/subversion.rb +14 -2
- data/lib/chef/resource/script.rb +2 -2
- data/lib/chef/resource/service.rb +5 -5
- data/lib/chef/resource/solaris_package.rb +0 -2
- data/lib/chef/resource/ssh_known_hosts_entry.rb +18 -3
- data/lib/chef/resource/sudo.rb +32 -5
- data/lib/chef/resource/support/client.erb +68 -0
- data/lib/chef/resource/support/cron.d.erb +1 -1
- data/lib/chef/resource/support/cron_access.erb +1 -1
- data/lib/chef/resource/support/sudoer.erb +1 -1
- data/lib/chef/resource/support/ulimit.erb +1 -1
- data/lib/chef/resource/swap_file.rb +17 -0
- data/lib/chef/resource/sysctl.rb +6 -10
- data/lib/chef/resource/systemd_unit.rb +45 -4
- data/lib/chef/resource/template.rb +4 -4
- data/lib/chef/resource/timezone.rb +122 -68
- data/lib/chef/resource/user/windows_user.rb +5 -0
- data/lib/chef/resource/user_ulimit.rb +2 -1
- data/lib/chef/resource/windows_ad_join.rb +51 -13
- data/lib/chef/resource/windows_audit_policy.rb +232 -0
- data/lib/chef/resource/windows_auto_run.rb +13 -0
- data/lib/chef/resource/windows_certificate.rb +95 -39
- data/lib/chef/resource/windows_dfs_folder.rb +2 -0
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
- data/lib/chef/resource/windows_dfs_server.rb +9 -4
- data/lib/chef/resource/windows_dns_record.rb +25 -5
- data/lib/chef/resource/windows_dns_zone.rb +12 -7
- data/lib/chef/resource/windows_env.rb +173 -0
- data/lib/chef/resource/windows_feature.rb +4 -0
- data/lib/chef/resource/windows_feature_dism.rb +10 -0
- data/lib/chef/resource/windows_feature_powershell.rb +14 -2
- data/lib/chef/resource/windows_firewall_profile.rb +196 -0
- data/lib/chef/resource/windows_firewall_rule.rb +14 -14
- data/lib/chef/resource/windows_font.rb +7 -5
- data/lib/chef/resource/windows_package.rb +30 -6
- data/lib/chef/resource/windows_pagefile.rb +5 -1
- data/lib/chef/resource/windows_path.rb +38 -0
- data/lib/chef/resource/windows_printer.rb +22 -21
- data/lib/chef/resource/windows_printer_port.rb +20 -17
- data/lib/chef/resource/windows_script.rb +2 -16
- data/lib/chef/resource/windows_security_policy.rb +98 -49
- data/lib/chef/resource/windows_service.rb +108 -0
- data/lib/chef/resource/windows_share.rb +23 -21
- data/lib/chef/resource/windows_shortcut.rb +3 -2
- data/lib/chef/resource/windows_task.rb +633 -32
- data/lib/chef/resource/windows_uac.rb +5 -1
- data/lib/chef/resource/windows_user_privilege.rb +111 -77
- data/lib/chef/resource/windows_workgroup.rb +11 -10
- data/lib/chef/resource/yum_package.rb +2 -2
- data/lib/chef/resource/yum_repository.rb +15 -10
- data/lib/chef/resource.rb +60 -27
- data/lib/chef/resource_collection/resource_set.rb +2 -6
- data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
- data/lib/chef/resource_inspector.rb +82 -70
- data/lib/chef/resource_reporter.rb +1 -3
- data/lib/chef/resources.rb +9 -3
- data/lib/chef/role.rb +3 -4
- data/lib/chef/run_context/cookbook_compiler.rb +21 -21
- data/lib/chef/run_context.rb +2 -2
- data/lib/chef/run_lock.rb +3 -3
- data/lib/chef/run_status.rb +2 -6
- data/lib/chef/search/query.rb +7 -6
- data/lib/chef/server_api.rb +0 -4
- data/lib/chef/server_api_versions.rb +4 -0
- data/lib/chef/shell/ext.rb +15 -15
- data/lib/chef/shell/shell_session.rb +4 -2
- data/lib/chef/shell.rb +63 -27
- data/lib/chef/train_transport.rb +5 -104
- data/lib/chef/util/backup.rb +2 -2
- data/lib/chef/util/diff.rb +16 -17
- data/lib/chef/util/dsc/configuration_generator.rb +53 -12
- data/lib/chef/util/dsc/lcm_output_parser.rb +4 -7
- data/lib/chef/util/dsc/local_configuration_manager.rb +18 -15
- data/lib/chef/util/dsc/resource_store.rb +5 -11
- data/lib/chef/util/powershell/ps_credential.rb +18 -14
- data/lib/chef/util/threaded_job_queue.rb +0 -2
- data/lib/chef/util/windows/net_user.rb +1 -1
- data/lib/chef/util/windows/volume.rb +1 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/version_string.rb +1 -1
- data/lib/chef/win32/api/file.rb +4 -0
- data/lib/chef/win32/api.rb +9 -2
- data/lib/chef/win32/crypto.rb +1 -1
- data/lib/chef/win32/file/version_info.rb +5 -5
- data/lib/chef/win32/file.rb +4 -4
- data/lib/chef/win32/registry.rb +4 -6
- data/lib/chef/win32/security/sid.rb +1 -1
- data/lib/chef/win32/security.rb +1 -1
- data/lib/chef/win32/unicode.rb +1 -1
- data/lib/chef/win32/version.rb +4 -2
- data/spec/data/lwrp/providers/buck_passer.rb +1 -1
- data/spec/data/lwrp/providers/buck_passer_2.rb +1 -1
- data/spec/data/lwrp/providers/embedded_resource_accesses_providers_scope.rb +1 -1
- data/spec/data/rubygems.org/latest_specs.4.8.gz +0 -0
- data/spec/data/rubygems.org/nonexistent_gem +0 -0
- data/spec/data/rubygems.org/sexp_processor +0 -0
- data/spec/data/rubygems.org/sexp_processor-4.15.1.gemspec.rz +0 -0
- data/spec/data/shef-config.rb +1 -1
- data/spec/data/ssl/binary/chef-rspec-der.cert +0 -0
- data/spec/data/ssl/binary/chef-rspec-der.key +0 -0
- data/spec/data/ssl/chef-rspec.cert +15 -15
- data/spec/functional/assets/yumrepo-empty/repodata/01a3b-filelists.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/401dc-filelists.xml.gz +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/5dc1e-primary.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/6bf96-other.xml.gz +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/7c365-other.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/dabe2-primary.xml.gz +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/repomd.xml +55 -0
- data/spec/functional/event_loggers/windows_eventlog_spec.rb +6 -5
- data/spec/functional/knife/configure_spec.rb +1 -1
- data/spec/functional/knife/ssh_spec.rb +5 -16
- data/spec/functional/mixin/powershell_out_spec.rb +11 -3
- data/spec/functional/resource/aix_service_spec.rb +11 -4
- data/spec/functional/resource/aixinit_service_spec.rb +9 -10
- data/spec/functional/resource/apt_package_spec.rb +4 -7
- data/spec/functional/resource/bash_spec.rb +3 -2
- data/spec/functional/resource/bff_spec.rb +3 -3
- data/spec/functional/resource/chocolatey_package_spec.rb +11 -3
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +24 -6
- data/spec/functional/resource/dnf_package_spec.rb +323 -17
- data/spec/functional/resource/dsc_resource_spec.rb +1 -1
- data/spec/functional/resource/dsc_script_spec.rb +6 -10
- data/spec/functional/resource/execute_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +23 -1
- data/spec/functional/resource/group_spec.rb +26 -10
- data/spec/functional/resource/ifconfig_spec.rb +9 -1
- data/spec/functional/resource/insserv_spec.rb +8 -8
- data/spec/functional/resource/link_spec.rb +30 -25
- data/spec/functional/resource/mount_spec.rb +19 -3
- data/spec/functional/resource/msu_package_spec.rb +9 -3
- data/spec/functional/resource/ohai_spec.rb +2 -10
- data/spec/functional/resource/powershell_package_source_spec.rb +107 -0
- data/spec/functional/resource/powershell_script_spec.rb +65 -22
- data/spec/functional/resource/remote_file_spec.rb +9 -15
- data/spec/functional/resource/rpm_spec.rb +3 -3
- data/spec/functional/resource/timezone_spec.rb +2 -0
- data/spec/functional/resource/user/dscl_spec.rb +1 -1
- data/spec/functional/resource/user/mac_user_spec.rb +1 -1
- data/spec/functional/resource/windows_certificate_spec.rb +206 -382
- data/spec/functional/resource/windows_firewall_rule_spec.rb +93 -0
- data/spec/functional/resource/windows_font_spec.rb +50 -0
- data/spec/functional/resource/windows_package_spec.rb +36 -11
- data/spec/functional/resource/windows_path_spec.rb +4 -0
- data/spec/functional/resource/windows_security_policy_spec.rb +0 -4
- data/spec/functional/resource/windows_service_spec.rb +4 -0
- data/spec/functional/resource/windows_share_spec.rb +103 -0
- data/spec/functional/resource/windows_task_spec.rb +27 -27
- data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
- data/spec/functional/resource/yum_package_spec.rb +16 -1
- data/spec/functional/resource/zypper_package_spec.rb +15 -1
- data/spec/functional/run_lock_spec.rb +26 -25
- data/spec/functional/shell_spec.rb +10 -6
- data/spec/functional/version_spec.rb +4 -4
- data/spec/functional/win32/crypto_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +8 -8
- data/spec/functional/win32/service_manager_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +6 -5
- data/spec/integration/client/exit_code_spec.rb +3 -2
- data/spec/integration/client/fips_spec.rb +21 -0
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +82 -0
- data/spec/integration/knife/client_key_create_spec.rb +1 -1
- data/spec/integration/knife/common_options_spec.rb +12 -12
- data/spec/integration/knife/config_list_spec.rb +220 -0
- data/spec/integration/knife/config_show_spec.rb +192 -0
- data/spec/integration/knife/config_use_spec.rb +198 -0
- data/spec/integration/knife/cookbook_api_ipv6_spec.rb +1 -1
- data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
- data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
- data/spec/integration/knife/delete_spec.rb +1 -1
- data/spec/integration/knife/diff_spec.rb +3 -1
- data/spec/integration/knife/download_spec.rb +5 -3
- data/spec/integration/knife/environment_from_file_spec.rb +1 -1
- data/spec/integration/knife/node_create_spec.rb +1 -1
- data/spec/integration/knife/node_environment_set_spec.rb +1 -1
- data/spec/integration/knife/node_from_file_spec.rb +1 -1
- data/spec/integration/knife/node_run_list_add_spec.rb +4 -4
- data/spec/integration/knife/node_run_list_remove_spec.rb +1 -1
- data/spec/integration/knife/node_run_list_set_spec.rb +1 -1
- data/spec/integration/knife/node_show_spec.rb +1 -1
- data/spec/integration/knife/role_from_file_spec.rb +1 -1
- data/spec/integration/knife/serve_spec.rb +5 -5
- data/spec/integration/knife/upload_spec.rb +8 -7
- data/spec/integration/ohai/ohai_spec.rb +61 -0
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +2 -2
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +2 -2
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/provider_choice.rb +2 -2
- data/spec/integration/recipes/recipe_dsl_spec.rb +6 -1
- data/spec/integration/recipes/remote_directory.rb +1 -1
- data/spec/integration/recipes/resource_action_spec.rb +14 -0
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
- data/spec/integration/recipes/resource_load_spec.rb +4 -2
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +1 -1
- data/spec/integration/solo/solo_spec.rb +5 -5
- data/spec/spec_helper.rb +30 -17
- data/spec/stress/win32/file_spec.rb +1 -1
- data/spec/support/chef_helpers.rb +3 -22
- data/spec/support/lib/chef/resource/cat.rb +1 -1
- data/spec/support/lib/chef/resource/one_two_three_four.rb +1 -1
- data/spec/support/matchers/leak.rb +2 -2
- data/spec/support/mock/platform.rb +24 -16
- data/spec/support/platform_helpers.rb +36 -41
- data/spec/support/platforms/win32/spec_service.rb +2 -2
- data/spec/support/shared/functional/directory_resource.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +2 -2
- data/spec/support/shared/functional/file_resource.rb +20 -21
- data/spec/support/shared/functional/securable_resource.rb +109 -29
- data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
- data/spec/support/shared/functional/win32_service.rb +2 -2
- data/spec/support/shared/functional/windows_script.rb +5 -5
- data/spec/support/shared/integration/integration_helper.rb +22 -52
- data/spec/support/shared/integration/knife_support.rb +2 -9
- data/spec/support/shared/unit/application_dot_d.rb +5 -4
- data/spec/support/shared/unit/execute_resource.rb +1 -1
- data/spec/support/shared/unit/knife_shared.rb +1 -1
- data/spec/support/shared/unit/provider/file.rb +26 -8
- data/spec/support/shared/unit/script_resource.rb +10 -24
- data/spec/support/shared/unit/windows_script_resource.rb +16 -29
- data/spec/tiny_server.rb +0 -1
- data/spec/unit/application/client_spec.rb +2 -2
- data/spec/unit/application/exit_code_spec.rb +10 -0
- data/spec/unit/application/solo_spec.rb +4 -2
- data/spec/unit/application_spec.rb +15 -8
- data/spec/unit/chef_fs/config_spec.rb +3 -3
- data/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/spec/unit/chef_fs/diff_spec.rb +8 -8
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
- data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +6 -2
- data/spec/unit/chef_fs/path_util_spec.rb +1 -1
- data/spec/unit/client_spec.rb +25 -5
- data/spec/unit/compliance/fetcher/automate_spec.rb +142 -0
- data/spec/unit/compliance/fetcher/chef_server_spec.rb +93 -0
- data/spec/unit/compliance/reporter/automate_spec.rb +427 -0
- data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +177 -0
- data/spec/unit/compliance/reporter/compliance_enforcer_spec.rb +48 -0
- data/spec/unit/compliance/runner_spec.rb +215 -0
- data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
- data/spec/unit/cookbook/synchronizer_spec.rb +28 -26
- data/spec/unit/cookbook_spec.rb +2 -2
- data/spec/unit/cookbook_version_spec.rb +52 -0
- data/spec/unit/daemon_spec.rb +1 -5
- data/spec/unit/data_bag_spec.rb +6 -3
- data/spec/unit/data_collector/config_validation_spec.rb +208 -0
- data/spec/unit/data_collector_spec.rb +100 -120
- data/spec/unit/decorator_spec.rb +23 -23
- data/spec/unit/dsl/declare_resource_spec.rb +1 -1
- data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
- data/spec/unit/dsl/reboot_pending_spec.rb +2 -2
- data/spec/unit/environment_spec.rb +12 -8
- data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
- data/spec/unit/file_access_control_spec.rb +1 -1
- data/spec/unit/formatters/error_inspectors/resource_failure_inspector_spec.rb +2 -2
- data/spec/unit/guard_interpreter/resource_guard_interpreter_spec.rb +11 -11
- data/spec/unit/guard_interpreter_spec.rb +1 -1
- data/spec/unit/http/api_versions_spec.rb +20 -2
- data/spec/unit/http/ssl_policies_spec.rb +125 -66
- data/spec/unit/json_compat_spec.rb +1 -1
- data/spec/unit/knife/bootstrap_spec.rb +69 -45
- data/spec/unit/knife/client_create_spec.rb +2 -2
- data/spec/unit/knife/configure_client_spec.rb +5 -5
- data/spec/unit/knife/configure_spec.rb +3 -3
- data/spec/unit/knife/cookbook_delete_spec.rb +2 -2
- data/spec/unit/knife/cookbook_download_spec.rb +8 -8
- data/spec/unit/knife/cookbook_list_spec.rb +2 -2
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
- data/spec/unit/knife/cookbook_metadata_spec.rb +3 -3
- data/spec/unit/knife/cookbook_show_spec.rb +6 -7
- data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
- data/spec/unit/knife/core/node_editor_spec.rb +1 -1
- data/spec/unit/knife/core/status_presenter_spec.rb +54 -0
- data/spec/unit/knife/core/ui_spec.rb +1 -0
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +24 -15
- data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
- data/spec/unit/knife/environment_compare_spec.rb +3 -3
- data/spec/unit/knife/ssh_spec.rb +2 -2
- data/spec/unit/knife/supermarket_download_spec.rb +8 -8
- data/spec/unit/knife/supermarket_list_spec.rb +3 -3
- data/spec/unit/knife/supermarket_search_spec.rb +1 -1
- data/spec/unit/knife/supermarket_share_spec.rb +6 -7
- data/spec/unit/knife/tag_create_spec.rb +1 -1
- data/spec/unit/knife/tag_delete_spec.rb +1 -1
- data/spec/unit/knife/user_create_spec.rb +1 -1
- data/spec/unit/log/syslog_spec.rb +6 -10
- data/spec/unit/log/winevt_spec.rb +21 -13
- data/spec/unit/lwrp_spec.rb +12 -9
- data/spec/unit/mixin/checksum_spec.rb +28 -0
- data/spec/unit/mixin/deep_merge_spec.rb +15 -0
- data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
- data/spec/unit/mixin/openssl_helper_spec.rb +1 -8
- data/spec/unit/mixin/powershell_exec_spec.rb +43 -6
- data/spec/unit/mixin/powershell_out_spec.rb +16 -4
- data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
- data/spec/unit/mixin/securable_spec.rb +2 -3
- data/spec/unit/mixin/shell_out_spec.rb +25 -26
- data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
- data/spec/unit/mixin/template_spec.rb +30 -30
- data/spec/unit/mixin/unformatter_spec.rb +2 -2
- data/spec/unit/mixin/uris_spec.rb +1 -1
- data/spec/unit/mixin/user_context_spec.rb +1 -9
- data/spec/unit/mixin/which.rb +9 -1
- data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
- data/spec/unit/node/immutable_collections_spec.rb +8 -4
- data/spec/unit/node_spec.rb +103 -16
- data/spec/unit/platform/query_helpers_spec.rb +13 -14
- data/spec/unit/policy_builder/policyfile_spec.rb +11 -1
- data/spec/unit/property_spec.rb +6 -6
- data/spec/unit/provider/batch_spec.rb +130 -0
- data/spec/unit/provider/cron/unix_spec.rb +1 -1
- data/spec/unit/provider/cron_spec.rb +43 -49
- data/spec/unit/provider/dsc_resource_spec.rb +30 -63
- data/spec/unit/provider/dsc_script_spec.rb +11 -11
- data/spec/unit/provider/execute_spec.rb +1 -8
- data/spec/unit/provider/git_spec.rb +3 -3
- data/spec/unit/provider/group/windows_spec.rb +6 -0
- data/spec/unit/provider/group_spec.rb +1 -1
- data/spec/unit/provider/ifconfig_spec.rb +0 -1
- data/spec/unit/provider/mdadm_spec.rb +1 -3
- data/spec/unit/provider/mount/linux_spec.rb +107 -0
- data/spec/unit/provider/mount/mount_spec.rb +73 -10
- data/spec/unit/provider/mount/solaris_spec.rb +1 -1
- data/spec/unit/provider/mount/windows_spec.rb +1 -0
- data/spec/unit/provider/mount_spec.rb +31 -0
- data/spec/unit/provider/package/chocolatey_spec.rb +2 -3
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +8 -2
- data/spec/unit/provider/package/freebsd/pkgng_spec.rb +1 -1
- data/spec/unit/provider/package/openbsd_spec.rb +1 -1
- data/spec/unit/provider/package/pacman_spec.rb +17 -20
- data/spec/unit/provider/package/powershell_spec.rb +162 -99
- data/spec/unit/provider/package/rubygems_spec.rb +50 -20
- data/spec/unit/provider/package/smartos_spec.rb +1 -1
- data/spec/unit/provider/package/snap_spec.rb +1 -1
- data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
- data/spec/unit/provider/package/windows_spec.rb +30 -53
- data/spec/unit/provider/package/zypper_spec.rb +0 -25
- data/spec/unit/provider/package_spec.rb +2 -2
- data/spec/unit/provider/powershell_script_spec.rb +20 -44
- data/spec/unit/provider/remote_directory_spec.rb +9 -9
- data/spec/unit/provider/route_spec.rb +0 -2
- data/spec/unit/provider/script_spec.rb +20 -110
- data/spec/unit/provider/service/arch_service_spec.rb +3 -2
- data/spec/unit/provider/service/debian_service_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
- data/spec/unit/provider/service/macosx_spec.rb +6 -6
- data/spec/unit/provider/service/redhat_spec.rb +3 -3
- data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
- data/spec/unit/provider/service/windows_spec.rb +2 -6
- data/spec/unit/provider/subversion_spec.rb +0 -3
- data/spec/unit/provider/systemd_unit_spec.rb +29 -25
- data/spec/unit/provider/user/dscl_spec.rb +2 -2
- data/spec/unit/provider/user_spec.rb +7 -1
- data/spec/unit/provider/windows_env_spec.rb +22 -37
- data/spec/unit/provider/windows_path_spec.rb +6 -11
- data/spec/unit/provider/windows_task_spec.rb +7 -6
- data/spec/unit/provider/zypper_repository_spec.rb +60 -10
- data/spec/unit/provider_spec.rb +1 -0
- data/spec/unit/recipe_spec.rb +1 -1
- data/spec/unit/resource/archive_file_spec.rb +23 -2
- data/spec/unit/resource/batch_spec.rb +6 -6
- data/spec/unit/resource/breakpoint_spec.rb +1 -1
- data/spec/unit/resource/build_essential_spec.rb +0 -12
- data/spec/unit/resource/chef_client_config_spec.rb +137 -0
- data/spec/unit/resource/chef_client_cron_spec.rb +51 -14
- data/spec/unit/resource/chef_client_launchd_spec.rb +127 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +17 -7
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +43 -5
- data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +68 -0
- data/spec/unit/resource/cron_spec.rb +2 -2
- data/spec/unit/resource/execute_spec.rb +123 -118
- data/spec/unit/resource/file/verification_spec.rb +2 -1
- data/spec/unit/resource/helpers/cron_validations_spec.rb +5 -1
- data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
- data/spec/unit/resource/homebrew_update_spec.rb +30 -0
- data/spec/unit/resource/ifconfig_spec.rb +2 -10
- data/spec/unit/resource/launchd_spec.rb +8 -0
- data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
- data/spec/unit/resource/mount_spec.rb +28 -5
- data/spec/unit/resource/osx_profile_spec.rb +299 -0
- data/spec/unit/resource/powershell_package_source_spec.rb +20 -20
- data/spec/unit/resource/powershell_script_spec.rb +15 -108
- data/spec/unit/resource/rhsm_register_spec.rb +56 -18
- data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
- data/spec/unit/resource/script_spec.rb +6 -1
- data/spec/unit/resource/service_spec.rb +2 -2
- data/spec/unit/resource/solaris_package_spec.rb +8 -10
- data/spec/unit/resource/systemd_unit_spec.rb +1 -1
- data/spec/unit/resource/timezone_spec.rb +64 -1
- data/spec/unit/{log_spec.rb → resource/user/windows_user_spec.rb} +16 -4
- data/spec/unit/resource/user_ulimit_spec.rb +14 -1
- data/spec/unit/resource/windows_audit_policy_spec.rb +64 -0
- data/spec/unit/resource/windows_certificate_spec.rb +12 -0
- data/spec/unit/resource/windows_dns_record_spec.rb +3 -3
- data/spec/unit/resource/windows_dns_zone_spec.rb +2 -2
- data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
- data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
- data/spec/unit/resource/windows_package_spec.rb +1 -0
- data/spec/unit/resource/windows_task_spec.rb +1 -1
- data/spec/unit/resource/windows_uac_spec.rb +3 -3
- data/spec/unit/resource/windows_user_privilege_spec.rb +55 -0
- data/spec/unit/resource/yum_repository_spec.rb +21 -21
- data/spec/unit/resource_inspector_spec.rb +10 -5
- data/spec/unit/resource_reporter_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +137 -3
- data/spec/unit/role_spec.rb +30 -28
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_lock_spec.rb +6 -2
- data/spec/unit/runner_spec.rb +1 -2
- data/spec/unit/scan_access_control_spec.rb +1 -1
- data/spec/unit/server_api_spec.rb +43 -16
- data/spec/unit/shell/shell_ext_spec.rb +46 -3
- data/spec/unit/shell/shell_session_spec.rb +35 -64
- data/spec/unit/shell_spec.rb +18 -21
- data/spec/unit/train_transport_spec.rb +14 -13
- data/spec/unit/util/backup_spec.rb +1 -1
- data/spec/unit/util/diff_spec.rb +1 -15
- data/spec/unit/util/dsc/configuration_generator_spec.rb +80 -1
- data/spec/unit/util/dsc/local_configuration_manager_spec.rb +27 -35
- data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
- data/spec/unit/util/selinux_spec.rb +4 -1
- data/spec/unit/util/threaded_job_queue_spec.rb +9 -0
- data/spec/unit/win32/security_spec.rb +4 -3
- data/tasks/rspec.rb +2 -4
- metadata +172 -104
- data/lib/chef/dist.rb +0 -68
- data/lib/chef/monkey_patches/net_http.rb +0 -22
- data/lib/chef/provider/osx_profile.rb +0 -255
- data/lib/chef/provider/windows_env.rb +0 -210
- data/lib/chef/provider/windows_path.rb +0 -61
- data/lib/chef/provider/windows_task.rb +0 -635
- data/lib/chef/resource/cron.rb +0 -157
- data/lib/chef/util/powershell/cmdlet.rb +0 -173
- data/lib/chef/util/powershell/cmdlet_result.rb +0 -61
- data/spec/data/trusted_certs_empty/.gitkeep +0 -0
- data/spec/data/trusted_certs_empty/README.md +0 -1
- data/spec/functional/assets/yumrepo/repodata/4632d67cb92636e7575d911c24f0e04d3505a944e97c483abe0c3e73a7c62d33-filelists.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo/repodata/74599b793e54d877323837d2d81a1c3c594c44e4335f9528234bb490f7b9b439-other.xml.gz +0 -0
- data/spec/functional/assets/yumrepo/repodata/a845d418f919d2115ab95a56b2c76f6825ad0d0bede49181a55c04f58995d057-primary.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo/repodata/af9b7cf9ef23bd7b43068d74a460f3b5d06753d638e58e4a0c9edc35bfb9cdc4-other.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo/repodata/bdb4f5f1492a3b9532f22c43110a81500dd744f23da0aec5c33b2a41317c737d-filelists.xml.gz +0 -0
- data/spec/functional/assets/yumrepo/repodata/c10d1d34ce99e02f12ec96ef68360543ab1bb7c3cb81a4a2bf78df7d8597e9df-primary.xml.gz +0 -0
- data/spec/functional/util/powershell/cmdlet_spec.rb +0 -111
- data/spec/integration/knife/config_get_profile_spec.rb +0 -113
- data/spec/integration/knife/config_get_spec.rb +0 -191
- data/spec/integration/knife/config_list_profiles_spec.rb +0 -190
- data/spec/integration/knife/config_use_profile_spec.rb +0 -101
- data/spec/scripts/ssl-serve.rb +0 -47
- data/spec/support/mock/constant.rb +0 -52
- data/spec/unit/provider/osx_profile_spec.rb +0 -255
- data/spec/unit/provider_resolver_spec.rb +0 -885
- data/spec/unit/resource/data/InstallHistory_with_CLT.plist +0 -92
- data/spec/unit/resource/data/InstallHistory_without_CLT.plist +0 -38
- data/spec/unit/util/powershell/cmdlet_spec.rb +0 -106
@@ -16,15 +16,46 @@
|
|
16
16
|
#
|
17
17
|
|
18
18
|
require_relative "../resource"
|
19
|
-
|
19
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
20
20
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsAdJoin < Chef::Resource
|
24
24
|
provides :windows_ad_join
|
25
25
|
|
26
|
+
unified_mode true
|
27
|
+
|
26
28
|
description "Use the **windows_ad_join** resource to join a Windows Active Directory domain."
|
27
29
|
introduced "14.0"
|
30
|
+
examples <<~DOC
|
31
|
+
**Join a domain**
|
32
|
+
|
33
|
+
```ruby
|
34
|
+
windows_ad_join 'ad.example.org' do
|
35
|
+
domain_user 'nick'
|
36
|
+
domain_password 'p@ssw0rd1'
|
37
|
+
end
|
38
|
+
```
|
39
|
+
|
40
|
+
**Join a domain, as `win-workstation`**
|
41
|
+
|
42
|
+
```ruby
|
43
|
+
windows_ad_join 'ad.example.org' do
|
44
|
+
domain_user 'nick'
|
45
|
+
domain_password 'p@ssw0rd1'
|
46
|
+
new_hostname 'win-workstation'
|
47
|
+
end
|
48
|
+
```
|
49
|
+
|
50
|
+
**Leave the current domain and re-join the `local` workgroup**
|
51
|
+
|
52
|
+
```ruby
|
53
|
+
windows_ad_join 'Leave domain' do
|
54
|
+
action :leave
|
55
|
+
workgroup 'local'
|
56
|
+
end
|
57
|
+
```
|
58
|
+
DOC
|
28
59
|
|
29
60
|
property :domain_name, String,
|
30
61
|
description: "An optional property to set the FQDN of the Active Directory domain to join if it differs from the resource block's name.",
|
@@ -45,10 +76,15 @@ class Chef
|
|
45
76
|
|
46
77
|
property :reboot, Symbol,
|
47
78
|
equal_to: %i{immediate delayed never request_reboot reboot_now},
|
48
|
-
validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{
|
49
|
-
description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the #{
|
79
|
+
validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{ChefUtils::Dist::Infra::PRODUCT} run completes), and :never (Don't reboot)",
|
80
|
+
description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the #{ChefUtils::Dist::Infra::PRODUCT} run completes, or never. Note that a reboot is necessary for changes to take effect.",
|
50
81
|
default: :immediate
|
51
82
|
|
83
|
+
property :reboot_delay, Integer,
|
84
|
+
description: "The amount of time (in minutes) to delay a reboot request.",
|
85
|
+
default: 0,
|
86
|
+
introduced: "16.5"
|
87
|
+
|
52
88
|
property :new_hostname, String,
|
53
89
|
description: "Specifies a new hostname for the computer in the new domain.",
|
54
90
|
introduced: "14.5"
|
@@ -73,18 +109,19 @@ class Chef
|
|
73
109
|
cmd << " -Force"
|
74
110
|
|
75
111
|
converge_by("join Active Directory domain #{new_resource.domain_name}") do
|
76
|
-
ps_run =
|
112
|
+
ps_run = powershell_exec(cmd)
|
77
113
|
if ps_run.error?
|
78
114
|
if sensitive?
|
79
115
|
raise "Failed to join the domain #{new_resource.domain_name}: *suppressed sensitive resource output*"
|
80
116
|
else
|
81
|
-
raise "Failed to join the domain #{new_resource.domain_name}: #{ps_run.
|
117
|
+
raise "Failed to join the domain #{new_resource.domain_name}: #{ps_run.errors}"
|
82
118
|
end
|
83
119
|
end
|
84
120
|
|
85
121
|
unless new_resource.reboot == :never
|
86
122
|
reboot "Reboot to join domain #{new_resource.domain_name}" do
|
87
123
|
action clarify_reboot(new_resource.reboot)
|
124
|
+
delay_mins new_resource.reboot_delay
|
88
125
|
reason "Reboot to join domain #{new_resource.domain_name}"
|
89
126
|
end
|
90
127
|
end
|
@@ -106,18 +143,19 @@ class Chef
|
|
106
143
|
cmd << " -Force"
|
107
144
|
|
108
145
|
converge_by("leave Active Directory domain #{node_domain}") do
|
109
|
-
ps_run =
|
146
|
+
ps_run = powershell_exec(cmd)
|
110
147
|
if ps_run.error?
|
111
148
|
if sensitive?
|
112
149
|
raise "Failed to leave the domain #{node_domain}: *suppressed sensitive resource output*"
|
113
150
|
else
|
114
|
-
raise "Failed to leave the domain #{node_domain}: #{ps_run.
|
151
|
+
raise "Failed to leave the domain #{node_domain}: #{ps_run.errors}"
|
115
152
|
end
|
116
153
|
end
|
117
154
|
|
118
155
|
unless new_resource.reboot == :never
|
119
156
|
reboot "Reboot to leave domain #{new_resource.domain_name}" do
|
120
157
|
action clarify_reboot(new_resource.reboot)
|
158
|
+
delay_mins new_resource.reboot_delay
|
121
159
|
reason "Reboot to leave domain #{new_resource.domain_name}"
|
122
160
|
end
|
123
161
|
end
|
@@ -132,10 +170,10 @@ class Chef
|
|
132
170
|
# workgroup the node is a member of.
|
133
171
|
#
|
134
172
|
def node_domain
|
135
|
-
node_domain =
|
136
|
-
raise "Failed to check if the system is joined to the domain #{new_resource.domain_name}: #{node_domain.
|
173
|
+
node_domain = powershell_exec!("(Get-WmiObject Win32_ComputerSystem).Domain")
|
174
|
+
raise "Failed to check if the system is joined to the domain #{new_resource.domain_name}: #{node_domain.errors}}" if node_domain.error?
|
137
175
|
|
138
|
-
node_domain.
|
176
|
+
node_domain.result.downcase.strip
|
139
177
|
end
|
140
178
|
|
141
179
|
#
|
@@ -144,10 +182,10 @@ class Chef
|
|
144
182
|
# workgroup.
|
145
183
|
#
|
146
184
|
def node_workgroup
|
147
|
-
node_workgroup =
|
185
|
+
node_workgroup = powershell_exec!("(Get-WmiObject Win32_ComputerSystem).Workgroup")
|
148
186
|
raise "Failed to check if the system is currently a member of a workgroup" if node_workgroup.error?
|
149
187
|
|
150
|
-
node_workgroup.
|
188
|
+
node_workgroup.result
|
151
189
|
end
|
152
190
|
|
153
191
|
#
|
@@ -175,7 +213,7 @@ class Chef
|
|
175
213
|
# links: https://docs.microsoft.com/en-us/windows/win32/ad/naming-properties#userprincipalname https://tools.ietf.org/html/rfc822
|
176
214
|
# regex: https://rubular.com/r/isAWojpTMKzlnp
|
177
215
|
def sanitize_usename
|
178
|
-
if new_resource.domain_user
|
216
|
+
if /@/.match?(new_resource.domain_user)
|
179
217
|
new_resource.domain_user
|
180
218
|
else
|
181
219
|
"#{new_resource.domain_user}@#{new_resource.domain_name}"
|
@@ -0,0 +1,232 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Ross Moles (<rmoles@chef.io>)
|
3
|
+
# Author:: Rachel Rice (<rrice@chef.io>)
|
4
|
+
# Author:: Davin Taddeo (<davin@chef.io>)
|
5
|
+
# Copyright:: Copyright (c) Chef Software Inc.
|
6
|
+
#
|
7
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
8
|
+
# you may not use this file except in compliance with the License.
|
9
|
+
# You may obtain a copy of the License at
|
10
|
+
#
|
11
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
12
|
+
#
|
13
|
+
# Unless required by applicable law or agreed to in writing, software
|
14
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
15
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
16
|
+
# See the License for the specific language governing permissions and
|
17
|
+
# limitations under the License.
|
18
|
+
#
|
19
|
+
|
20
|
+
require_relative "../resource"
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Resource
|
24
|
+
class WindowsAuditPolicy < Chef::Resource
|
25
|
+
WIN_AUDIT_SUBCATEGORIES = ["Account Lockout",
|
26
|
+
"Application Generated",
|
27
|
+
"Application Group Management",
|
28
|
+
"Audit Policy Change",
|
29
|
+
"Authentication Policy Change",
|
30
|
+
"Authorization Policy Change",
|
31
|
+
"Central Policy Staging",
|
32
|
+
"Certification Services",
|
33
|
+
"Computer Account Management",
|
34
|
+
"Credential Validation",
|
35
|
+
"DPAPI Activity",
|
36
|
+
"Detailed Directory Service Replication",
|
37
|
+
"Detailed File Share",
|
38
|
+
"Directory Service Access",
|
39
|
+
"Directory Service Changes",
|
40
|
+
"Directory Service Replication",
|
41
|
+
"Distribution Group Management",
|
42
|
+
"File Share",
|
43
|
+
"File System",
|
44
|
+
"Filtering Platform Connection",
|
45
|
+
"Filtering Platform Packet Drop",
|
46
|
+
"Filtering Platform Policy Change",
|
47
|
+
"Group Membership",
|
48
|
+
"Handle Manipulation",
|
49
|
+
"IPsec Driver",
|
50
|
+
"IPsec Extended Mode",
|
51
|
+
"IPsec Main Mode",
|
52
|
+
"IPsec Quick Mode",
|
53
|
+
"Kerberos Authentication Service",
|
54
|
+
"Kerberos Service Ticket Operations",
|
55
|
+
"Kernel Object",
|
56
|
+
"Logoff",
|
57
|
+
"Logon",
|
58
|
+
"MPSSVC Rule-Level Policy Change",
|
59
|
+
"Network Policy Server",
|
60
|
+
"Non Sensitive Privilege Use",
|
61
|
+
"Other Account Logon Events",
|
62
|
+
"Other Account Management Events",
|
63
|
+
"Other Logon/Logoff Events",
|
64
|
+
"Other Object Access Events",
|
65
|
+
"Other Policy Change Events",
|
66
|
+
"Other Privilege Use Events",
|
67
|
+
"Other System Events",
|
68
|
+
"Plug and Play Events",
|
69
|
+
"Process Creation",
|
70
|
+
"Process Termination",
|
71
|
+
"RPC Events",
|
72
|
+
"Registry",
|
73
|
+
"Removable Storage",
|
74
|
+
"SAM",
|
75
|
+
"Security Group Management",
|
76
|
+
"Security State Change",
|
77
|
+
"Security System Extension",
|
78
|
+
"Sensitive Privilege Use",
|
79
|
+
"Special Logon",
|
80
|
+
"System Integrity",
|
81
|
+
"Token Right Adjusted Events",
|
82
|
+
"User / Device Claims",
|
83
|
+
"User Account Management",
|
84
|
+
].freeze
|
85
|
+
|
86
|
+
unified_mode true
|
87
|
+
|
88
|
+
provides :windows_audit_policy
|
89
|
+
|
90
|
+
description "Use the **windows_audit_policy** resource to configure system level and per-user Windows advanced audit policy settings."
|
91
|
+
introduced "16.2"
|
92
|
+
|
93
|
+
examples <<~DOC
|
94
|
+
**Set Logon and Logoff policy to "Success and Failure"**:
|
95
|
+
|
96
|
+
```ruby
|
97
|
+
windows_audit_policy "Set Audit Policy for 'Logon and Logoff' actions to 'Success and Failure'" do
|
98
|
+
subcategory %w(Logon Logoff)
|
99
|
+
success true
|
100
|
+
failure true
|
101
|
+
action :set
|
102
|
+
end
|
103
|
+
```
|
104
|
+
|
105
|
+
**Set Credential Validation policy to "Success"**:
|
106
|
+
|
107
|
+
```ruby
|
108
|
+
windows_audit_policy "Set Audit Policy for 'Credential Validation' actions to 'Success'" do
|
109
|
+
subcategory 'Credential Validation'
|
110
|
+
success true
|
111
|
+
failure false
|
112
|
+
action :set
|
113
|
+
end
|
114
|
+
```
|
115
|
+
|
116
|
+
**Enable CrashOnAuditFail option**:
|
117
|
+
|
118
|
+
```ruby
|
119
|
+
windows_audit_policy 'Enable CrashOnAuditFail option' do
|
120
|
+
crash_on_audit_fail true
|
121
|
+
action :set
|
122
|
+
end
|
123
|
+
```
|
124
|
+
DOC
|
125
|
+
|
126
|
+
property :subcategory, [String, Array],
|
127
|
+
coerce: proc { |p| Array(p) },
|
128
|
+
description: "The audit policy subcategory, specified by GUID or name. Applied system-wide if no user is specified.",
|
129
|
+
callbacks: { "Subcategories entered should be actual advanced audit policy subcategories" => proc { |n| (Array(n) - WIN_AUDIT_SUBCATEGORIES).empty? } }
|
130
|
+
|
131
|
+
property :success, [true, false],
|
132
|
+
description: "Specify success auditing. By setting this property to true the resource will enable success for the category or sub category. Success is the default and is applied if neither success nor failure are specified."
|
133
|
+
|
134
|
+
property :failure, [true, false],
|
135
|
+
description: "Specify failure auditing. By setting this property to true the resource will enable failure for the category or sub category. Success is the default and is applied if neither success nor failure are specified."
|
136
|
+
|
137
|
+
property :include_user, String,
|
138
|
+
description: "The audit policy specified by the category or subcategory is applied per-user if specified. When a user is specified, include user. Include and exclude cannot be used at the same time."
|
139
|
+
|
140
|
+
property :exclude_user, String,
|
141
|
+
description: "The audit policy specified by the category or subcategory is applied per-user if specified. When a user is specified, exclude user. Include and exclude cannot be used at the same time."
|
142
|
+
|
143
|
+
property :crash_on_audit_fail, [true, false],
|
144
|
+
description: "Setting this audit policy option to true will cause the system to crash if the auditing system is unable to log events."
|
145
|
+
|
146
|
+
property :full_privilege_auditing, [true, false],
|
147
|
+
description: "Setting this audit policy option to true will force the audit of all privilege changes except SeAuditPrivilege. Setting this property may cause the logs to fill up more quickly."
|
148
|
+
|
149
|
+
property :audit_base_objects, [true, false],
|
150
|
+
description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of base objects such as mutexes."
|
151
|
+
|
152
|
+
property :audit_base_directories, [true, false],
|
153
|
+
description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of container objects such as directories."
|
154
|
+
|
155
|
+
action :set do
|
156
|
+
unless new_resource.subcategory.nil?
|
157
|
+
new_resource.subcategory.each do |subcategory|
|
158
|
+
next if subcategory_configured?(subcategory, new_resource.success, new_resource.failure)
|
159
|
+
|
160
|
+
s_val = new_resource.success ? "enable" : "disable"
|
161
|
+
f_val = new_resource.failure ? "enable" : "disable"
|
162
|
+
converge_by "Update Audit Policy for \"#{subcategory}\" to Success:#{s_val} and Failure:#{f_val}" do
|
163
|
+
cmd = "auditpol /set "
|
164
|
+
cmd += "/user:\"#{new_resource.include_user}\" /include " if new_resource.include_user
|
165
|
+
cmd += "/user:\"#{new_resource.exclude_user}\" /exclude " if new_resource.exclude_user
|
166
|
+
cmd += "/subcategory:\"#{subcategory}\" /success:#{s_val} /failure:#{f_val}"
|
167
|
+
powershell_exec!(cmd)
|
168
|
+
end
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
if !new_resource.crash_on_audit_fail.nil? && option_configured?("CrashOnAuditFail", new_resource.crash_on_audit_fail)
|
173
|
+
val = new_resource.crash_on_audit_fail ? "Enable" : "Disable"
|
174
|
+
converge_by "Configure Audit: CrashOnAuditFail to #{val}" do
|
175
|
+
cmd = "auditpol /set /option:CrashOnAuditFail /value:#{val}"
|
176
|
+
powershell_exec!(cmd)
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
if !new_resource.full_privilege_auditing.nil? && option_configured?("FullPrivilegeAuditing", new_resource.full_privilege_auditing)
|
181
|
+
val = new_resource.full_privilege_auditing ? "Enable" : "Disable"
|
182
|
+
converge_by "Configure Audit: FullPrivilegeAuditing to #{val}" do
|
183
|
+
cmd = "auditpol /set /option:FullPrivilegeAuditing /value:#{val}"
|
184
|
+
powershell_exec!(cmd)
|
185
|
+
end
|
186
|
+
end
|
187
|
+
|
188
|
+
if !new_resource.audit_base_directories.nil? && option_configured?("AuditBaseDirectories", new_resource.audit_base_directories)
|
189
|
+
val = new_resource.audit_base_directories ? "Enable" : "Disable"
|
190
|
+
converge_by "Configure Audit: AuditBaseDirectories to #{val}" do
|
191
|
+
cmd = "auditpol /set /option:AuditBaseDirectories /value:#{val}"
|
192
|
+
powershell_exec!(cmd)
|
193
|
+
end
|
194
|
+
end
|
195
|
+
|
196
|
+
if !new_resource.audit_base_objects.nil? && option_configured?("AuditBaseObjects", new_resource.audit_base_objects)
|
197
|
+
val = new_resource.audit_base_objects ? "Enable" : "Disable"
|
198
|
+
converge_by "Configure Audit: AuditBaseObjects to #{val}" do
|
199
|
+
cmd = "auditpol /set /option:AuditBaseObjects /value:#{val}"
|
200
|
+
powershell_exec!(cmd)
|
201
|
+
end
|
202
|
+
end
|
203
|
+
end
|
204
|
+
|
205
|
+
action_class do
|
206
|
+
def subcategory_configured?(sub_cat, success_value, failure_value)
|
207
|
+
setting = if success_value && failure_value
|
208
|
+
"Success and Failure$"
|
209
|
+
elsif success_value && !failure_value
|
210
|
+
"Success$"
|
211
|
+
elsif !success_value && failure_value
|
212
|
+
"#{sub_cat}\\s+Failure$"
|
213
|
+
else
|
214
|
+
"No Auditing"
|
215
|
+
end
|
216
|
+
powershell_exec!(<<-CODE).result
|
217
|
+
$auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
|
218
|
+
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
219
|
+
CODE
|
220
|
+
end
|
221
|
+
|
222
|
+
def option_configured?(option_name, option_setting)
|
223
|
+
setting = option_setting ? "Enabled$" : "Disabled$"
|
224
|
+
powershell_exec!(<<-CODE).result
|
225
|
+
$auditpol_config = auditpol /get /option:#{option_name}
|
226
|
+
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
227
|
+
CODE
|
228
|
+
end
|
229
|
+
end
|
230
|
+
end
|
231
|
+
end
|
232
|
+
end
|
@@ -21,10 +21,23 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsAutorun < Chef::Resource
|
24
|
+
unified_mode true
|
25
|
+
|
24
26
|
provides(:windows_auto_run) { true }
|
25
27
|
|
26
28
|
description "Use the **windows_auto_run** resource to set applications to run at login."
|
27
29
|
introduced "14.0"
|
30
|
+
examples <<~DOC
|
31
|
+
**Run BGInfo at login**
|
32
|
+
|
33
|
+
```ruby
|
34
|
+
windows_auto_run 'BGINFO' do
|
35
|
+
program 'C:/Sysinternals/bginfo.exe'
|
36
|
+
args '\'C:/Sysinternals/Config.bgi\' /NOLICPROMPT /TIMER:0'
|
37
|
+
action :create
|
38
|
+
end
|
39
|
+
```
|
40
|
+
DOC
|
28
41
|
|
29
42
|
property :program_name, String,
|
30
43
|
description: "The name of the program to run at login if it differs from the resource block's name.",
|
@@ -19,17 +19,47 @@
|
|
19
19
|
|
20
20
|
require_relative "../util/path_helper"
|
21
21
|
require_relative "../resource"
|
22
|
-
|
23
|
-
|
24
|
-
|
22
|
+
module Win32
|
23
|
+
autoload :Certstore, "win32-certstore" if Chef::Platform.windows?
|
24
|
+
end
|
25
|
+
autoload :OpenSSL, "openssl"
|
26
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
25
27
|
|
26
28
|
class Chef
|
27
29
|
class Resource
|
28
30
|
class WindowsCertificate < Chef::Resource
|
31
|
+
unified_mode true
|
32
|
+
|
29
33
|
provides :windows_certificate
|
30
34
|
|
31
35
|
description "Use the **windows_certificate** resource to install a certificate into the Windows certificate store from a file. The resource grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificates remotely may not work if the operation requires a user profile. Operations on the local machine store should still work."
|
32
36
|
introduced "14.7"
|
37
|
+
examples <<~DOC
|
38
|
+
**Add PFX cert to local machine personal store and grant accounts read-only access to private key**
|
39
|
+
|
40
|
+
```ruby
|
41
|
+
windows_certificate 'c:/test/mycert.pfx' do
|
42
|
+
pfx_password 'password'
|
43
|
+
private_key_acl ["acme\\fred", "pc\\jane"]
|
44
|
+
end
|
45
|
+
```
|
46
|
+
|
47
|
+
**Add cert to trusted intermediate store**
|
48
|
+
|
49
|
+
```ruby
|
50
|
+
windows_certificate 'c:/test/mycert.cer' do
|
51
|
+
store_name 'CA'
|
52
|
+
end
|
53
|
+
```
|
54
|
+
|
55
|
+
**Remove all certificates matching the subject**
|
56
|
+
|
57
|
+
```ruby
|
58
|
+
windows_certificate 'me.acme.com' do
|
59
|
+
action :delete
|
60
|
+
end
|
61
|
+
```
|
62
|
+
DOC
|
33
63
|
|
34
64
|
property :source, String,
|
35
65
|
description: "The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete) if it differs from the resource block's name.",
|
@@ -39,24 +69,29 @@ class Chef
|
|
39
69
|
description: "The password to access the source if it is a pfx file."
|
40
70
|
|
41
71
|
property :private_key_acl, Array,
|
42
|
-
description: "An array of 'domain
|
72
|
+
description: "An array of 'domain\\account' entries to be granted read-only access to the certificate's private key. Not idempotent."
|
43
73
|
|
44
74
|
property :store_name, String,
|
45
75
|
description: "The certificate store to manipulate.",
|
46
76
|
default: "MY", equal_to: ["TRUSTEDPUBLISHER", "TrustedPublisher", "CLIENTAUTHISSUER", "REMOTE DESKTOP", "ROOT", "TRUSTEDDEVICES", "WEBHOSTING", "CA", "AUTHROOT", "TRUSTEDPEOPLE", "MY", "SMARTCARDROOT", "TRUST", "DISALLOWED"]
|
47
77
|
|
48
78
|
property :user_store, [TrueClass, FalseClass],
|
49
|
-
description: "Use the
|
79
|
+
description: "Use the `CurrentUser` store instead of the default `LocalMachine` store. Note: Prior to #{ChefUtils::Dist::Infra::CLIENT}. 16.10 this property was ignored.",
|
50
80
|
default: false
|
51
81
|
|
52
82
|
property :cert_path, String,
|
53
|
-
description: ""
|
83
|
+
description: "The path to the certificate."
|
54
84
|
|
55
85
|
# lazy used to set default value of sensitive to true if password is set
|
56
86
|
property :sensitive, [TrueClass, FalseClass],
|
57
|
-
description: "Ensure that sensitive resource data is not logged by the #{
|
87
|
+
description: "Ensure that sensitive resource data is not logged by the #{ChefUtils::Dist::Infra::CLIENT}.",
|
58
88
|
default: lazy { pfx_password ? true : false }, skip_docs: true
|
59
89
|
|
90
|
+
property :exportable, [TrueClass, FalseClass],
|
91
|
+
description: "Ensure that imported pfx certificate is exportable. Please provide 'true' if you want the certificate to be exportable.",
|
92
|
+
default: false,
|
93
|
+
introduced: "16.8"
|
94
|
+
|
60
95
|
action :create do
|
61
96
|
description "Creates or updates a certificate."
|
62
97
|
|
@@ -84,7 +119,7 @@ class Chef
|
|
84
119
|
code_script << acl_script(hash)
|
85
120
|
guard_script << cert_exists_script(hash)
|
86
121
|
|
87
|
-
powershell_script "setting the acls on #{new_resource.source} in #{
|
122
|
+
powershell_script "setting the acls on #{new_resource.source} in #{ps_cert_location}\\#{new_resource.store_name}" do
|
88
123
|
convert_boolean_return true
|
89
124
|
code code_script
|
90
125
|
only_if guard_script
|
@@ -126,24 +161,47 @@ class Chef
|
|
126
161
|
end
|
127
162
|
|
128
163
|
action_class do
|
164
|
+
|
165
|
+
CERT_SYSTEM_STORE_LOCAL_MACHINE = 0x00020000
|
166
|
+
CERT_SYSTEM_STORE_CURRENT_USER = 0x00010000
|
167
|
+
|
129
168
|
def add_cert(cert_obj)
|
130
|
-
store = ::Win32::Certstore.open(new_resource.store_name)
|
169
|
+
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
|
131
170
|
store.add(cert_obj)
|
132
171
|
end
|
133
172
|
|
134
173
|
def add_pfx_cert
|
135
|
-
|
136
|
-
store.
|
174
|
+
exportable = new_resource.exportable ? 1 : 0
|
175
|
+
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
|
176
|
+
store.add_pfx(new_resource.source, new_resource.pfx_password, exportable)
|
137
177
|
end
|
138
178
|
|
139
179
|
def delete_cert
|
140
|
-
store = ::Win32::Certstore.open(new_resource.store_name)
|
141
|
-
store.delete(new_resource.source)
|
180
|
+
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
|
181
|
+
store.delete(resolve_thumbprint(new_resource.source))
|
142
182
|
end
|
143
183
|
|
144
184
|
def fetch_cert
|
145
|
-
store = ::Win32::Certstore.open(new_resource.store_name)
|
146
|
-
store.get(new_resource.source)
|
185
|
+
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
|
186
|
+
store.get(resolve_thumbprint(new_resource.source))
|
187
|
+
end
|
188
|
+
|
189
|
+
# Thumbprints should be exactly 40 Hex characters
|
190
|
+
def valid_thumbprint?(string)
|
191
|
+
string.scan(/\H/).empty? && string.length == 40
|
192
|
+
end
|
193
|
+
|
194
|
+
def get_thumbprint(store_name, location, source)
|
195
|
+
<<-GETTHUMBPRINTCODE
|
196
|
+
$content = Get-ChildItem -Path Cert:\\#{location}\\#{store_name} | Where-Object {$_.Subject -Match "#{source}"} | Select-Object Thumbprint
|
197
|
+
$content.thumbprint
|
198
|
+
GETTHUMBPRINTCODE
|
199
|
+
end
|
200
|
+
|
201
|
+
def resolve_thumbprint(thumbprint)
|
202
|
+
return thumbprint if valid_thumbprint?(thumbprint)
|
203
|
+
|
204
|
+
powershell_exec!(get_thumbprint(new_resource.store_name, ps_cert_location, new_resource.source)).result
|
147
205
|
end
|
148
206
|
|
149
207
|
# Checks whether a certificate with the given thumbprint
|
@@ -151,9 +209,11 @@ class Chef
|
|
151
209
|
# If the certificate is not present, verify_cert returns a String: "Certificate not found"
|
152
210
|
# But if it is present but expired, it returns a Boolean: false
|
153
211
|
# Otherwise, it returns a Boolean: true
|
212
|
+
# updated this method to accept either a subject name or a thumbprint - 1/29/2021
|
213
|
+
|
154
214
|
def verify_cert(thumbprint = new_resource.source)
|
155
|
-
store = ::Win32::Certstore.open(new_resource.store_name)
|
156
|
-
store.valid?(thumbprint)
|
215
|
+
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
|
216
|
+
store.valid?(resolve_thumbprint(thumbprint))
|
157
217
|
end
|
158
218
|
|
159
219
|
def show_or_store_cert(cert_obj)
|
@@ -177,16 +237,16 @@ class Chef
|
|
177
237
|
when ".der"
|
178
238
|
out_file.puts(cert_obj.to_der)
|
179
239
|
when ".cer"
|
180
|
-
cert_out =
|
240
|
+
cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout
|
181
241
|
out_file.puts(cert_out)
|
182
242
|
when ".crt"
|
183
|
-
cert_out =
|
243
|
+
cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CRT").stdout
|
184
244
|
out_file.puts(cert_out)
|
185
245
|
when ".pfx"
|
186
|
-
cert_out =
|
246
|
+
cert_out = shell_out("openssl pkcs12 -export -nokeys -in #{cert_obj.to_pem} -outform PFX").stdout
|
187
247
|
out_file.puts(cert_out)
|
188
248
|
when ".p7b"
|
189
|
-
cert_out =
|
249
|
+
cert_out = shell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout
|
190
250
|
out_file.puts(cert_out)
|
191
251
|
else
|
192
252
|
Chef::Log.info("Supported certificate format .pem, .der, .cer, .crt, .pfx and .p7b")
|
@@ -194,13 +254,19 @@ class Chef
|
|
194
254
|
out_file.close
|
195
255
|
end
|
196
256
|
|
197
|
-
|
198
|
-
|
257
|
+
# this array structure is solving 2 problems. The first is that we need to have support for both the CurrentUser AND LocalMachine stores
|
258
|
+
# Secondly, we need to pass the proper constant name for each store to win32-certstore but also pass the short name to powershell scripts used here
|
259
|
+
def ps_cert_location
|
260
|
+
new_resource.user_store ? "CurrentUser" : "LocalMachine"
|
261
|
+
end
|
262
|
+
|
263
|
+
def native_cert_location
|
264
|
+
new_resource.user_store ? CERT_SYSTEM_STORE_CURRENT_USER : CERT_SYSTEM_STORE_LOCAL_MACHINE
|
199
265
|
end
|
200
266
|
|
201
267
|
def cert_script(persist)
|
202
268
|
cert_script = "$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2"
|
203
|
-
file = Chef::Util::PathHelper.cleanpath(new_resource.source)
|
269
|
+
file = Chef::Util::PathHelper.cleanpath(new_resource.source, ps_cert_location)
|
204
270
|
cert_script << " \"#{file}\""
|
205
271
|
if ::File.extname(file.downcase) == ".pfx"
|
206
272
|
cert_script << ", \"#{new_resource.pfx_password}\""
|
@@ -216,14 +282,14 @@ class Chef
|
|
216
282
|
def cert_exists_script(hash)
|
217
283
|
<<-EOH
|
218
284
|
$hash = #{hash}
|
219
|
-
Test-Path "Cert:\\#{
|
285
|
+
Test-Path "Cert:\\#{ps_cert_location}\\#{new_resource.store_name}\\$hash"
|
220
286
|
EOH
|
221
287
|
end
|
222
288
|
|
223
289
|
def within_store_script
|
224
290
|
inner_script = yield "$store"
|
225
291
|
<<-EOH
|
226
|
-
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{
|
292
|
+
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{ps_cert_location})
|
227
293
|
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
|
228
294
|
#{inner_script}
|
229
295
|
$store.Close()
|
@@ -237,7 +303,7 @@ class Chef
|
|
237
303
|
# and from https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx
|
238
304
|
set_acl_script = <<-EOH
|
239
305
|
$hash = #{hash}
|
240
|
-
$storeCert = Get-ChildItem "cert:\\#{
|
306
|
+
$storeCert = Get-ChildItem "cert:\\#{ps_cert_location}\\#{new_resource.store_name}\\$hash"
|
241
307
|
if ($storeCert -eq $null) { throw 'no key exists.' }
|
242
308
|
$keyname = $storeCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
|
243
309
|
if ($keyname -eq $null) { throw 'no private key exists.' }
|
@@ -273,11 +339,7 @@ class Chef
|
|
273
339
|
# @raise [OpenSSL::PKCS12::PKCS12Error] When incorrect password is provided for PFX certificate
|
274
340
|
#
|
275
341
|
def fetch_cert_object(ext)
|
276
|
-
contents =
|
277
|
-
::File.binread(new_resource.source)
|
278
|
-
else
|
279
|
-
::File.read(new_resource.source)
|
280
|
-
end
|
342
|
+
contents = ::File.binread(new_resource.source)
|
281
343
|
|
282
344
|
case ext
|
283
345
|
when ".pfx"
|
@@ -294,12 +356,6 @@ class Chef
|
|
294
356
|
end
|
295
357
|
end
|
296
358
|
|
297
|
-
# @return [Boolean] Whether the certificate file is binary encoded or not
|
298
|
-
#
|
299
|
-
def binary_cert?
|
300
|
-
powershell_out!("file -b --mime-encoding #{new_resource.source}").stdout.strip == "binary"
|
301
|
-
end
|
302
|
-
|
303
359
|
# Imports the certificate object into cert store
|
304
360
|
#
|
305
361
|
# @param cert_objs [OpenSSL::X509::Certificate] Object containing certificate's attributes
|
@@ -314,7 +370,7 @@ class Chef
|
|
314
370
|
if verify_cert(thumbprint) == true
|
315
371
|
Chef::Log.debug("Certificate is already present")
|
316
372
|
else
|
317
|
-
converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do
|
373
|
+
converge_by("Adding certificate #{new_resource.source} into #{ps_cert_location} Store #{new_resource.store_name}") do
|
318
374
|
if is_pfx
|
319
375
|
add_pfx_cert
|
320
376
|
else
|