chef 16.11.7 → 17.2.29

data/lib/chef/resource/cron_access.rb

@@ -64,8 +64,7 @@ class Chef
           "default" => "/etc",
       }.freeze
 
-      action :allow do
-        description "Add the user to the cron.allow file."
+      action :allow, description: "Add the user to the cron.allow file." do
         allow_path = ::File.join(value_for_platform_family(CRON_PATHS), "cron.allow")
 
         with_run_context :root do
@@ -81,8 +80,7 @@ class Chef
         end
       end
 
-      action :deny do
-        description "Add the user to the cron.deny file."
+      action :deny, description: "Add the user to the cron.deny file." do
         deny_path = ::File.join(value_for_platform_family(CRON_PATHS), "cron.deny")
 
         with_run_context :root do

data/lib/chef/resource/dmg_package.rb

@@ -121,9 +121,7 @@ class Chef
         end
       end
 
-      action :install do
-        description "Installs the application."
-
+      action :install, description: "Installs the application." do
         if current_resource.nil?
           if new_resource.source
             remote_file dmg_file do
@@ -171,13 +169,11 @@ class Chef
       action_class do
         # @return [String] the path to the dmg file
         def dmg_file
-          @dmg_file ||= begin
-            if new_resource.file.nil?
-              "#{Chef::Config[:file_cache_path]}/#{new_resource.dmg_name}.dmg"
-            else
-              new_resource.file
-            end
-          end
+          @dmg_file ||= if new_resource.file.nil?
+                          "#{Chef::Config[:file_cache_path]}/#{new_resource.dmg_name}.dmg"
+                        else
+                          new_resource.file
+                        end
         end
 
         # @return [String] the hdiutil flag for handling DMGs with a password

data/lib/chef/resource/dpkg_package.rb

@@ -36,7 +36,7 @@ class Chef
 
       property :response_file_variables, Hash,
         description: "A Hash of response file variables in the form of {'VARIABLE' => 'VALUE'}.",
-        default: lazy { {} }, desired_state: false
+        default: {}, desired_state: false
     end
   end
 end

data/lib/chef/resource/execute.rb

@@ -572,6 +572,10 @@ class Chef
         introduced: "16.2",
         description: "An optional property to set the input sent to the command as STDIN."
 
+      property :login, [ TrueClass, FalseClass ], default: false,
+        introduced: "17.0",
+        description: "Use a login shell to run the commands instead of inheriting the existing execution environment."
+
       alias :env :environment
 
       def self.set_guard_inherited_attributes(*inherited_attributes)
@@ -629,13 +633,13 @@ class Chef
         end
 
         # if domain is provided in both username and domain
-        if specified_user.is_a?(String) && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain
+        if specified_user.is_a?(String) && ((specified_user.include? "\\") || (specified_user.include? "@")) && specified_domain
           raise ArgumentError, "The domain is provided twice. Username: `#{specified_user}`, Domain: `#{specified_domain}`. Please specify domain only once."
         end
 
         if specified_user.is_a?(String) && specified_domain.nil?
           # Splitting username of format: Domain\Username
-          domain_and_user = user.split('\\')
+          domain_and_user = user.split("\\")
 
           if domain_and_user.length == 2
             domain = domain_and_user[0]
@@ -666,7 +670,8 @@ class Chef
         :group,
         :password,
         :user,
-        :umask
+        :umask,
+        :login
       )
 
     end

data/lib/chef/resource/file.rb

@@ -81,7 +81,7 @@ class Chef
       property :manage_symlink_source, [ TrueClass, FalseClass ], desired_state: false,
         description: "Change the behavior of the file resource if it is pointed at a symlink. When this value is set to true, #{ChefUtils::Dist::Infra::PRODUCT} will manage the symlink's permissions or will replace the symlink with a normal file if the resource has content. When this value is set to false, #{ChefUtils::Dist::Infra::PRODUCT} will follow the symlink and will manage the permissions and content of symlink's target file. The default behavior is true but emits a warning that the default value will be changed to false in a future version; setting this explicitly to true or false suppresses this warning."
 
-      property :verifications, Array, default: lazy { [] }
+      property :verifications, Array, default: lazy { [] }, desired_state: false, skip_docs: true
 
       def verify(command = nil, opts = {}, &block)
         unless command.nil? || [String, Symbol].include?(command.class)

data/lib/chef/resource/group.rb

@@ -37,22 +37,22 @@ class Chef
       property :gid, [ String, Integer ],
         description: "The identifier for the group."
 
-      property :members, [String, Array], default: lazy { [] },
+      property :members, [String, Array], default: [],
                coerce: proc { |arg| arg.is_a?(String) ? arg.split(/\s*,\s*/) : arg },
                description: "Which users should be set or appended to a group. When more than one group member is identified, the list of members should be an array: members ['user1', 'user2']."
 
-      property :excluded_members, [String, Array], default: lazy { [] },
+      property :excluded_members, [String, Array], default: [],
                coerce: proc { |arg| arg.is_a?(String) ? arg.split(/\s*,\s*/) : arg },
-               description: "Remove users from a group. May only be used when append is set to true."
+               description: "Remove users from a group. May only be used when `append` is set to `true`."
 
       property :append, [ TrueClass, FalseClass ], default: false,
-               description: "How members should be appended and/or removed from a group. When true, members are appended and excluded_members are removed. When false, group members are reset to the value of the members property."
+               description: "How members should be appended and/or removed from a group. When true, `members` are appended and `excluded_members` are removed. When `false`, group members are reset to the value of the `members` property."
 
       property :system, [ TrueClass, FalseClass ], default: false,
-               description: "Set if a group belongs to a system group. Set to true if the group belongs to a system group."
+               description: "Set to `true` if the group belongs to a system group."
 
       property :non_unique, [ TrueClass, FalseClass ], default: false,
-               description: "Allow gid duplication. May only be used with the Groupadd provider."
+               description: "Allow gid duplication. May only be used with the `Groupadd` user resource provider."
 
       property :comment, String,
         introduced: "14.9",

data/lib/chef/resource/homebrew_cask.rb

@@ -51,12 +51,16 @@ class Chef
 
       property :owner, [String, Integer],
         description: "The owner of the Homebrew installation.",
-        default: lazy { find_homebrew_username }
-
-      action :install do
-        description "Install an application packaged as a Homebrew cask."
-
-        homebrew_tap "homebrew/cask" if new_resource.install_cask
+        default: lazy { find_homebrew_username },
+        default_description: "Calculated default username"\
+
+      action :install, description: "Install an application that is packaged as a Homebrew cask." do
+        if new_resource.install_cask
+          homebrew_tap "homebrew/cask" do
+            homebrew_path new_resource.homebrew_path
+            owner new_resource.owner
+          end
+        end
 
         unless casked?
           converge_by("install cask #{new_resource.cask_name} #{new_resource.options}") do
@@ -68,10 +72,13 @@ class Chef
         end
       end
 
-      action :remove do
-        description "Remove an application packaged as a Homebrew cask."
-
-        homebrew_tap "homebrew/cask" if new_resource.install_cask
+      action :remove, description: "Remove an application that is packaged as a Homebrew cask." do
+        if new_resource.install_cask
+          homebrew_tap "homebrew/cask" do
+            homebrew_path new_resource.homebrew_path
+            owner new_resource.owner
+          end
+        end
 
         if casked?
           converge_by("uninstall cask #{new_resource.cask_name}") do

data/lib/chef/resource/homebrew_package.rb

@@ -62,7 +62,7 @@ class Chef
       DOC
 
       property :homebrew_user, [ String, Integer ],
-        description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command."
+        description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command.\n\n#{ChefUtils::Dist::Infra::PRODUCT}, by default, will attempt to execute a Homebrew command as the owner of the `/usr/local/bin/brew` executable. If that executable does not exist, #{ChefUtils::Dist::Infra::PRODUCT} will attempt to find the user by executing `which brew`. If that executable cannot be found, #{ChefUtils::Dist::Infra::PRODUCT} will print an error message: `Could not find the 'brew' executable in /usr/local/bin or anywhere on the path.`.\n\nSet this property to specify the Homebrew owner for situations where Chef Infra Client cannot automatically detect the correct owner.'"
 
     end
   end

data/lib/chef/resource/homebrew_tap.rb

@@ -51,11 +51,10 @@ class Chef
 
       property :owner, String,
         description: "The owner of the Homebrew installation.",
-        default: lazy { find_homebrew_username }
-
-      action :tap do
-        description "Add a Homebrew tap."
+        default: lazy { find_homebrew_username },
+        default_description: "Calculated default username"
 
+      action :tap, description: "Add a Homebrew tap." do
         unless tapped?(new_resource.tap_name)
           converge_by("tap #{new_resource.tap_name}") do
             shell_out!("#{new_resource.homebrew_path} tap #{new_resource.full ? "--full" : ""} #{new_resource.tap_name} #{new_resource.url || ""}",
@@ -66,9 +65,7 @@ class Chef
         end
       end
 
-      action :untap do
-        description "Remove a Homebrew tap."
-
+      action :untap, description: "Remove a Homebrew tap." do
         if tapped?(new_resource.tap_name)
           converge_by("untap #{new_resource.tap_name}") do
             shell_out!("#{new_resource.homebrew_path} untap #{new_resource.tap_name}",

data/lib/chef/resource/homebrew_update.rb

@@ -88,7 +88,7 @@ class Chef
         end
       end
 
-      action :periodic do
+      action :periodic, description: "Run a periodic update based on the frequency property." do
         return unless macos?
 
         unless brew_up_to_date?
@@ -98,7 +98,7 @@ class Chef
         end
       end
 
-      action :update do
+      action :update, description: "Run an immediate update." do
         return unless macos?
 
         converge_by "force update new lists of packages" do

data/lib/chef/resource/hostname.rb

@@ -44,12 +44,34 @@ class Chef
           ipaddress '198.51.100.2'
         end
         ```
+
+        **Change the hostname of a Windows, Non-Domain joined node**:
+
+        ```ruby
+        hostname 'renaming a workgroup computer' do
+          hostname 'Foo'
+        end
+        ```
+
+        **Change the hostname of a Windows, Domain-joined node (new in 17.2)**:
+
+        ```ruby
+        hostname 'renaming a domain-joined computer' do
+          hostname 'Foo'
+          domain_user "Domain\\Someone"
+          domain_password 'SomePassword'
+        end
+        ```
       DOC
 
       property :hostname, String,
         description: "An optional property to set the hostname if it differs from the resource block's name.",
         name_property: true
 
+      property :fqdn, String,
+        description: "An optional property to set the fqdn if it differs from the resource block's hostname.",
+        introduced: "17.0"
+
       property :ipaddress, String,
         description: "The IP address to use when configuring the hosts file.",
         default: lazy { node["ipaddress"] }, default_description: "The node's IP address as determined by Ohai."
@@ -67,6 +89,15 @@ class Chef
         description: "Determines whether or not Windows should be reboot after changing the hostname, as this is required for the change to take effect.",
         default: true
 
+      property :domain_user, String,
+        description: "A domain account specified in the form of DOMAIN\\user used when renaming a domain-joined device",
+        introduced: "17.2"
+
+      property :domain_password, String,
+        description: "The password to accompany the domain_user parameter",
+        sensitive: true,
+        introduced: "17.2"
+
       action_class do
         def append_replacing_matching_lines(path, regex, string)
           text = IO.read(path).split("\n")
@@ -99,9 +130,11 @@ class Chef
         end
       end
 
-      action :set do
-        description "Sets the node's hostname."
+      def is_domain_joined?
+        powershell_exec!("(Get-CIMInstance -Class Win32_ComputerSystem).PartofDomain").result
+      end
 
+      action :set, description: "Sets the node's hostname." do
         if !windows?
           ohai "reload hostname" do
             plugin "hostname"
@@ -109,7 +142,7 @@ class Chef
           end
 
           # set the hostname via /bin/hostname
-          declare_resource(:execute, "set hostname to #{new_resource.hostname}") do
+          execute "set hostname to #{new_resource.hostname}" do
             command "/bin/hostname #{new_resource.hostname}"
             not_if { shell_out!("hostname").stdout.chomp == new_resource.hostname }
             notifies :reload, "ohai[reload hostname]"
@@ -117,7 +150,9 @@ class Chef
 
           # make sure node['fqdn'] resolves via /etc/hosts
           unless new_resource.ipaddress.nil?
-            newline = "#{new_resource.ipaddress} #{new_resource.hostname}"
+            newline = "#{new_resource.ipaddress}"
+            newline << " #{new_resource.fqdn}" unless new_resource.fqdn.to_s.empty?
+            newline << " #{new_resource.hostname}"
             newline << " #{new_resource.aliases.join(" ")}" if new_resource.aliases && !new_resource.aliases.empty?
             newline << " #{new_resource.hostname[/[^\.]*/]}"
             r = append_replacing_matching_lines("/etc/hosts", /^#{new_resource.ipaddress}\s+|\s+#{new_resource.hostname}\s+/, newline)
@@ -127,20 +162,20 @@ class Chef
 
           # setup the hostname to persist on a reboot
           case
-          when ::File.exist?("/usr/sbin/scutil")
+          when darwin?
             # darwin
-            declare_resource(:execute, "set HostName via scutil") do
+            execute "set HostName via scutil" do
               command "/usr/sbin/scutil --set HostName #{new_resource.hostname}"
               not_if { shell_out("/usr/sbin/scutil --get HostName").stdout.chomp == new_resource.hostname }
               notifies :reload, "ohai[reload hostname]"
             end
-            declare_resource(:execute, "set ComputerName via scutil") do
+            execute "set ComputerName via scutil" do
               command "/usr/sbin/scutil --set ComputerName  #{new_resource.hostname}"
               not_if { shell_out("/usr/sbin/scutil --get ComputerName").stdout.chomp == new_resource.hostname }
               notifies :reload, "ohai[reload hostname]"
             end
             shortname = new_resource.hostname[/[^\.]*/]
-            declare_resource(:execute, "set LocalHostName via scutil") do
+            execute "set LocalHostName via scutil" do
               command "/usr/sbin/scutil --set LocalHostName #{shortname}"
               not_if { shell_out("/usr/sbin/scutil --get LocalHostName").stdout.chomp == shortname }
               notifies :reload, "ohai[reload hostname]"
@@ -150,7 +185,7 @@ class Chef
             when ::File.exist?("/usr/bin/hostnamectl") && !docker?
               # use hostnamectl whenever we find it on linux (as systemd takes over the world)
               # this must come before other methods like /etc/hostname and /etc/sysconfig/network
-              declare_resource(:execute, "hostnamectl set-hostname #{new_resource.hostname}") do
+              execute "hostnamectl set-hostname #{new_resource.hostname}" do
                 notifies :reload, "ohai[reload hostname]"
                 not_if { shell_out!("hostnamectl status", returns: [0, 1]).stdout =~ /Static hostname:\s*#{new_resource.hostname}\s*$/ }
               end
@@ -160,7 +195,7 @@ class Chef
               # the "platform: iox_xr, platform_family: wrlinux, os: linux" platform also hits this
               # the "platform: nexus, platform_family: wrlinux, os: linux" platform also hits this
               # this is also fallback for any linux systemd host in a docker container (where /usr/bin/hostnamectl will fail)
-              declare_resource(:file, "/etc/hostname") do
+              file "/etc/hostname" do
                 atomic_update false if docker?
                 content "#{new_resource.hostname}\n"
                 owner "root"
@@ -172,7 +207,7 @@ class Chef
               append_replacing_matching_lines("/etc/sysconfig/network", /^HOSTNAME\s*=/, "HOSTNAME=#{new_resource.hostname}")
             when ::File.exist?("/etc/HOSTNAME")
               # SuSE/openSUSE uses /etc/HOSTNAME
-              declare_resource(:file, "/etc/HOSTNAME") do
+              file "/etc/HOSTNAME" do
                 content "#{new_resource.hostname}\n"
                 owner "root"
                 group node["root_group"]
@@ -180,7 +215,7 @@ class Chef
               end
             when ::File.exist?("/etc/conf.d/hostname")
               # Gentoo
-              declare_resource(:file, "/etc/conf.d/hostname") do
+              file "/etc/conf.d/hostname" do
                 content "hostname=\"#{new_resource.hostname}\"\n"
                 owner "root"
                 group node["root_group"]
@@ -196,23 +231,23 @@ class Chef
             # *BSD systems with /etc/rc.conf + /etc/myname
             append_replacing_matching_lines("/etc/rc.conf", /^\s+hostname\s+=/, "hostname=#{new_resource.hostname}")
 
-            declare_resource(:file, "/etc/myname") do
+            file "/etc/myname" do
               content "#{new_resource.hostname}\n"
               owner "root"
               group node["root_group"]
               mode "0644"
             end
           when ::File.exist?("/usr/sbin/svccfg") # solaris 5.11
-            declare_resource(:execute, "svccfg -s system/identity:node setprop config/nodename=\'#{new_resource.hostname}\'") do
+            execute "svccfg -s system/identity:node setprop config/nodename=\'#{new_resource.hostname}\'" do
               notifies :run, "execute[svcadm refresh]", :immediately
               notifies :run, "execute[svcadm restart]", :immediately
               not_if { shell_out!("svccfg -s system/identity:node listprop config/nodename").stdout.chomp =~ %r{config/nodename\s+astring\s+#{new_resource.hostname}} }
             end
-            declare_resource(:execute, "svcadm refresh") do
+            execute "svcadm refresh" do
               command "svcadm refresh system/identity:node"
               action :nothing
             end
-            declare_resource(:execute, "svcadm restart") do
+            execute "svcadm restart" do
               command "svcadm restart system/identity:node"
               action :nothing
             end
@@ -239,13 +274,24 @@ class Chef
           end
 
           unless Socket.gethostbyname(Socket.gethostname).first == new_resource.hostname
-            converge_by "set hostname to #{new_resource.hostname}" do
-              powershell_exec! <<~EOH
-                $sysInfo = Get-WmiObject -Class Win32_ComputerSystem
-                $sysInfo.Rename("#{new_resource.hostname}")
-              EOH
+            if is_domain_joined?
+              if new_resource.domain_user.nil? || new_resource.domain_password.nil?
+                raise "The `domain_user` and `domain_password` properties are required to change the hostname of a domain-connected Windows system."
+              else
+                converge_by "set hostname to #{new_resource.hostname}" do
+                  powershell_exec! <<~EOH
+                    $user = #{new_resource.domain_user}
+                    $secure_password = #{new_resource.domain_password} | Convertto-SecureString -AsPlainText -Force
+                    $Credentials = New-Object System.Management.Automation.PSCredential -Argumentlist ($user, $secure_password)
+                    Rename-Computer -NewName #{new_resource.hostname} -DomainCredential $Credentials
+                  EOH
+                end
+              end
+            else
+              converge_by "set hostname to #{new_resource.hostname}" do
+                powershell_exec!("Rename-Computer -NewName #{new_resource.hostname}")
+              end
             end
-
             # reboot because $windows
             reboot "setting hostname" do
               reason "#{ChefUtils::Dist::Infra::PRODUCT} updated system hostname"

data/lib/chef/resource/http_request.rb

@@ -34,7 +34,7 @@ class Chef
       property :url, String, identity: true,
                description: "The URL to which an HTTP request is sent."
 
-      property :headers, Hash, default: lazy { {} },
+      property :headers, Hash, default: {},
                description: "A Hash of custom headers."
 
       def initialize(name, run_context = nil)

data/lib/chef/resource/inspec_waiver_file_entry.rb

@@ -0,0 +1,156 @@
+#
+# Author:: Davin Taddeo (<davin@chef.io>)
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+autoload :YAML, "yaml"
+require "date"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
+
+class Chef
+  class Resource
+    class InspecWaiverFileEntry < Chef::Resource
+      provides :inspec_waiver_file_entry
+      unified_mode true
+
+      description "Use the **inspec_waiver_file_entry** resource to add or remove entries from an InSpec waiver file. This can be used in conjunction with the Compliance Phase."
+      introduced "17.1"
+      examples <<~DOC
+      **Add an InSpec waiver entry to a given waiver file**:
+
+      ```ruby
+        inspec_waiver_file_entry 'Add waiver entry for control' do
+          file_path 'C:\\chef\\inspec_waiver_file.yml'
+          control 'my_inspec_control_01'
+          run_test false
+          justification "The subject of this control is not managed by #{ChefUtils::Dist::Infra::PRODUCT} on the systems in policy group \#{node['policy_group']}"
+          expiration '2022-01-01'
+          action :add
+        end
+      ```
+
+      **Add an InSpec waiver entry to a given waiver file using the 'name' property to identify the control**:
+
+      ```ruby
+        inspec_waiver_file_entry 'my_inspec_control_01' do
+          justification "The subject of this control is not managed by #{ChefUtils::Dist::Infra::PRODUCT} on the systems in policy group \#{node['policy_group']}"
+          action :add
+        end
+      ```
+
+      **Remove an InSpec waiver entry to a given waiver file**:
+
+      ```ruby
+        inspec_waiver_file_entry "my_inspec_control_01" do
+          action :remove
+        end
+      ```
+      DOC
+
+      property :control, String,
+        name_property: true,
+        description: "The name of the control being added or removed to the waiver file"
+
+      property :file_path, String,
+        required: true,
+        description: "The path to the waiver file being modified",
+        default: "#{ChefConfig::Config.etc_chef_dir}/inspec_waivers.yml",
+        default_description: "`/etc/chef/inspec_waivers.yml` on Linux/Unix and `C:\\chef\\inspec_waivers.yml` on Windows"
+
+      property :expiration, String,
+        description: "The expiration date of the given waiver - provided in YYYY-MM-DD format",
+        callbacks: {
+          "Expiration date should be a valid calendar date and match the following format: YYYY-MM-DD" => proc { |e|
+            re = Regexp.new('\d{4}-\d{2}-\d{2}$').freeze
+            if re.match?(e)
+              Date.valid_date?(*e.split("-").map(&:to_i))
+            else
+              e.nil?
+            end
+          },
+        }
+
+      property :run_test, [true, false],
+        description: "If present and true, the control will run and be reported, but failures in it won’t make the overall run fail. If absent or false, the control will not be run."
+
+      property :justification, String,
+        description: "Can be any text you want and might include a reason for the waiver as well as who signed off on the waiver."
+
+      property :backup, [false, Integer],
+        description: "The number of backups to be kept in /var/chef/backup (for UNIX- and Linux-based platforms) or C:/chef/backup (for the Microsoft Windows platform). Set to false to prevent backups from being kept.",
+        default: false
+
+      action :add do
+        if new_resource.justification.nil? || new_resource.justification == ""
+          raise Chef::Exceptions::ValidationFailed, "Entries in the InSpec waiver file must have a justification given, this parameter must have a value."
+        end
+
+        filename = new_resource.file_path
+        waiver_hash = load_waiver_file_to_hash(filename)
+        control_hash = {}
+        control_hash["expiration_date"] = new_resource.expiration.to_s unless new_resource.expiration.nil?
+        control_hash["run"] = new_resource.run_test unless new_resource.run_test.nil?
+        control_hash["justification"] = new_resource.justification.to_s
+
+        unless waiver_hash[new_resource.control] == control_hash
+          waiver_hash[new_resource.control] = control_hash
+          waiver_hash = waiver_hash.sort.to_h
+
+          file "Update Waiver File #{new_resource.file_path} to update waiver for control #{new_resource.control}" do
+            path new_resource.file_path
+            content ::YAML.dump(waiver_hash)
+            backup new_resource.backup
+            action :create
+          end
+        end
+      end
+
+      action :remove do
+        filename = new_resource.file_path
+        waiver_hash = load_waiver_file_to_hash(filename)
+        if waiver_hash.key?(new_resource.control)
+          waiver_hash.delete(new_resource.control)
+          waiver_hash = waiver_hash.sort.to_h
+          file "Update Waiver File #{new_resource.file_path} to remove waiver for control #{new_resource.control}" do
+            path new_resource.file_path
+            content ::YAML.dump(waiver_hash)
+            backup new_resource.backup
+            action :create
+          end
+        end
+      end
+
+      action_class do
+        def load_waiver_file_to_hash(file_name)
+          if file_name =~ %r{(/|C:\\).*(.yaml|.yml)}i
+            if ::File.exist?(file_name)
+              hash = ::YAML.load_file(file_name)
+              if hash == false || hash.nil? || hash == ""
+                {}
+              else
+                ::YAML.load_file(file_name)
+              end
+            else
+              {}
+            end
+          else
+            raise "Waiver files needs to be a YAML file which should have a .yaml or .yml extension -\"#{file_name}\" does not have an appropriate extension"
+          end
+        end
+      end
+    end
+  end
+end