chef 16.12.3-universal-mingw32 → 16.16.7-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +5 -2
- data/Rakefile +11 -0
- data/distro/ruby_bin_folder/AMD64/Chef.PowerShell.Wrapper.dll +0 -0
- data/distro/ruby_bin_folder/AMD64/Chef.PowerShell.dll +0 -0
- data/distro/ruby_bin_folder/AMD64/shared/Microsoft.NETCore.App/5.0.0/Chef.PowerShell.Wrapper.Core.dll +0 -0
- data/distro/ruby_bin_folder/AMD64/shared/Microsoft.NETCore.App/5.0.0/Chef.Powershell.Core.dll +0 -0
- data/distro/ruby_bin_folder/AMD64/shared/Microsoft.NETCore.App/5.0.0/Chef.Powershell.Core.pdb +0 -0
- data/distro/ruby_bin_folder/x86/Chef.PowerShell.dll +0 -0
- data/distro/ruby_bin_folder/x86/Chef.Powershell.Wrapper.dll +0 -0
- data/distro/ruby_bin_folder/x86/shared/Microsoft.NETCore.App/5.0.0/Chef.PowerShell.Wrapper.Core.dll +0 -0
- data/distro/ruby_bin_folder/x86/shared/Microsoft.NETCore.App/5.0.0/Chef.Powershell.Core.dll +0 -0
- data/distro/ruby_bin_folder/x86/shared/Microsoft.NETCore.App/5.0.0/Chef.Powershell.Core.pdb +0 -0
- data/lib/chef/cookbook/gem_installer.rb +5 -1
- data/lib/chef/cookbook_version.rb +26 -4
- data/lib/chef/data_collector/run_end_message.rb +1 -1
- data/lib/chef/deprecated.rb +14 -4
- data/lib/chef/exceptions.rb +3 -0
- data/lib/chef/formatters/error_mapper.rb +2 -2
- data/lib/chef/http.rb +5 -5
- data/lib/chef/knife/core/windows_bootstrap_context.rb +2 -3
- data/lib/chef/node.rb +20 -19
- data/lib/chef/policy_builder/policyfile.rb +5 -0
- data/lib/chef/provider/group/dscl.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +5 -0
- data/lib/chef/provider/package/rubygems.rb +2 -2
- data/lib/chef/provider/template/content.rb +1 -1
- data/lib/chef/resource/homebrew_cask.rb +13 -7
- data/lib/chef/resource/mount.rb +1 -1
- data/lib/chef/resource/rhsm_subscription.rb +5 -5
- data/lib/chef/resource/support/client.erb +6 -0
- data/lib/chef/resource/systemd_unit.rb +1 -1
- data/lib/chef/resource/user_ulimit.rb +1 -0
- data/lib/chef/resource/windows_security_policy.rb +55 -39
- data/lib/chef/resource/windows_uac.rb +3 -1
- data/lib/chef/resource/windows_user_privilege.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/api.rb +9 -2
- data/lib/chef/win32/version.rb +1 -0
- data/spec/functional/resource/group_spec.rb +5 -1
- data/spec/functional/resource/link_spec.rb +8 -0
- data/spec/unit/cookbook_version_spec.rb +52 -0
- data/spec/unit/data_collector_spec.rb +47 -1
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +3 -3
- data/spec/unit/policy_builder/policyfile_spec.rb +11 -1
- data/spec/unit/provider/package/powershell_spec.rb +74 -12
- data/spec/unit/provider/package/rubygems_spec.rb +3 -3
- data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
- data/spec/unit/resource/mount_spec.rb +10 -0
- data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
- data/spec/unit/resource/systemd_unit_spec.rb +1 -1
- data/spec/unit/resource/user_ulimit_spec.rb +14 -1
- data/tasks/rspec.rb +1 -1
- metadata +7 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e47582070f4d3fd517a865e074e02cbd0c68fc5767c053b6a9b2581588dd7241
|
4
|
+
data.tar.gz: a93af8e5739339dcd441ee28ac964d5daf01243ce1096961b8536b950cb6dae7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 74dffed03f8baca460ba1a64e2a71ddbd4949b3080b0744ea09a45b9019f516ecb4d790aad50edbbacab4e5113b64c8e7922c9d70f5aa8575241d29ab4676da7
|
7
|
+
data.tar.gz: 75dbdd247b44e7ba92d1be9ce1a0ca32270968da05c1a5581b83264da535d00ac939a95f7ca95db802f121b5df9eb30cdede1f3acf3d3eb30c75892ee91e074f
|
data/Gemfile
CHANGED
@@ -35,8 +35,11 @@ group(:omnibus_package) do
|
|
35
35
|
end
|
36
36
|
|
37
37
|
group(:omnibus_package, :pry) do
|
38
|
-
|
39
|
-
|
38
|
+
# Locked because pry-byebug is broken with 13+
|
39
|
+
# some work is ongoing? https://github.com/deivid-rodriguez/pry-byebug/issues/343
|
40
|
+
gem "pry", "= 0.13.0"
|
41
|
+
# byebug does not install on freebsd on ruby 3.0
|
42
|
+
gem "pry-byebug" unless RUBY_PLATFORM =~ /freebsd/i
|
40
43
|
gem "pry-stack_explorer"
|
41
44
|
end
|
42
45
|
|
data/Rakefile
CHANGED
@@ -74,6 +74,17 @@ task :install do
|
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
77
|
+
namespace :install do
|
78
|
+
task local: "pre_install:all"
|
79
|
+
|
80
|
+
task :local do
|
81
|
+
chef_bin_path = ::File.join(::File.dirname(__FILE__), "chef-bin")
|
82
|
+
Dir.chdir(chef_bin_path) do
|
83
|
+
sh("rake install:local")
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
77
88
|
task :pedant, :chef_zero_spec
|
78
89
|
|
79
90
|
task :build_eventlog do
|
Binary file
|
Binary file
|
Binary file
|
data/distro/ruby_bin_folder/AMD64/shared/Microsoft.NETCore.App/5.0.0/Chef.Powershell.Core.dll
CHANGED
Binary file
|
data/distro/ruby_bin_folder/AMD64/shared/Microsoft.NETCore.App/5.0.0/Chef.Powershell.Core.pdb
CHANGED
Binary file
|
Binary file
|
Binary file
|
data/distro/ruby_bin_folder/x86/shared/Microsoft.NETCore.App/5.0.0/Chef.PowerShell.Wrapper.Core.dll
CHANGED
Binary file
|
Binary file
|
Binary file
|
@@ -70,7 +70,11 @@ class Chef
|
|
70
70
|
unless Chef::Config[:skip_gem_metadata_installation]
|
71
71
|
# Add additional options to bundle install
|
72
72
|
cmd = [ "bundle", "install", Chef::Config[:gem_installer_bundler_options] ]
|
73
|
-
|
73
|
+
env = {
|
74
|
+
"PATH" => path_with_prepended_ruby_bin,
|
75
|
+
"BUNDLE_SILENCE_ROOT_WARNING" => "1",
|
76
|
+
}
|
77
|
+
so = shell_out!(cmd, cwd: dir, env: env)
|
74
78
|
Chef::Log.info(so.stdout)
|
75
79
|
end
|
76
80
|
end
|
@@ -138,11 +138,14 @@ class Chef
|
|
138
138
|
end
|
139
139
|
|
140
140
|
def recipe_yml_filenames_by_name
|
141
|
-
@
|
141
|
+
@recipe_yml_filenames_by_name ||= begin
|
142
142
|
name_map = yml_filenames_by_name(files_for("recipes"))
|
143
|
-
root_alias = cookbook_manifest.root_files.find { |record|
|
143
|
+
root_alias = cookbook_manifest.root_files.find { |record|
|
144
|
+
record[:name] == "root_files/recipe.yml" ||
|
145
|
+
record[:name] == "root_files/recipe.yaml"
|
146
|
+
}
|
144
147
|
if root_alias
|
145
|
-
Chef::Log.error("Cookbook #{name} contains both recipe.yml and
|
148
|
+
Chef::Log.error("Cookbook #{name} contains both recipe.yml and recipes/default.yml, ignoring recipes/default.yml") if name_map["default"]
|
146
149
|
name_map["default"] = root_alias[:full_path]
|
147
150
|
end
|
148
151
|
name_map
|
@@ -582,8 +585,27 @@ class Chef
|
|
582
585
|
records.select { |record| record[:name] =~ /\.rb$/ }.inject({}) { |memo, record| memo[File.basename(record[:name], ".rb")] = record[:full_path]; memo }
|
583
586
|
end
|
584
587
|
|
588
|
+
# Filters YAML files from the superset of provided files.
|
589
|
+
# Checks for duplicate basenames with differing extensions (eg yaml v yml)
|
590
|
+
# and raises error if any are detected.
|
591
|
+
# This prevents us from arbitrarily the ".yaml" or ".yml" version when both are present,
|
592
|
+
# because we don't know which is correct.
|
593
|
+
# This method runs in O(n^2) where N = number of yml files present. This number should be consistently
|
594
|
+
# low enough that there's no noticeable perf impact.
|
585
595
|
def yml_filenames_by_name(records)
|
586
|
-
records.select { |record| record[:name] =~ /\.
|
596
|
+
yml_files = records.select { |record| record[:name] =~ /\.(y[a]?ml)$/ }
|
597
|
+
result = yml_files.inject({}) do |acc, record|
|
598
|
+
filename = record[:name]
|
599
|
+
base_dup_name = File.join(File.dirname(filename), File.basename(filename, File.extname(filename)))
|
600
|
+
yml_files.each do |other|
|
601
|
+
if other[:name] =~ /#{(File.extname(filename) == ".yml") ? "#{base_dup_name}.yaml" : "#{base_dup_name}.yml"}$/
|
602
|
+
raise Chef::Exceptions::AmbiguousYAMLFile.new("Cookbook #{name}@#{version} contains ambiguous files: #{filename} and #{other[:name]}. Please update the cookbook to remove the incorrect file.")
|
603
|
+
end
|
604
|
+
end
|
605
|
+
acc[File.basename(record[:name], File.extname(record[:name]))] = record[:full_path]
|
606
|
+
acc
|
607
|
+
end
|
608
|
+
result
|
587
609
|
end
|
588
610
|
|
589
611
|
def file_vendor
|
@@ -51,7 +51,7 @@ class Chef
|
|
51
51
|
"id" => run_status&.run_id,
|
52
52
|
"message_version" => "1.1.0",
|
53
53
|
"message_type" => "run_converge",
|
54
|
-
"node" => node || {},
|
54
|
+
"node" => node&.data_for_save || {},
|
55
55
|
"node_name" => node&.name || data_collector.node_name,
|
56
56
|
"organization_name" => organization,
|
57
57
|
"resources" => all_action_records(action_collection),
|
data/lib/chef/deprecated.rb
CHANGED
@@ -79,10 +79,12 @@ class Chef
|
|
79
79
|
return true if location =~ /^(.*?):(\d+):in/ && begin
|
80
80
|
# Don't buffer the whole file in memory, so read it one line at a time.
|
81
81
|
line_no = $2.to_i
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
82
|
+
if File.exist?($1) # some stacktraces come from `eval` and not a file
|
83
|
+
location_file = ::File.open($1)
|
84
|
+
(line_no - 1).times { location_file.readline } # Read all the lines we don't care about.
|
85
|
+
relevant_line = location_file.readline
|
86
|
+
relevant_line.match?(/#.*chef:silence_deprecation($|[^:]|:#{self.class.deprecation_key})/)
|
87
|
+
end
|
86
88
|
end
|
87
89
|
|
88
90
|
false
|
@@ -249,6 +251,14 @@ class Chef
|
|
249
251
|
target 32
|
250
252
|
end
|
251
253
|
|
254
|
+
class PolicyfileCompatMode < Base
|
255
|
+
target 35
|
256
|
+
end
|
257
|
+
|
258
|
+
class AttributeWhitelistConfiguration < Base
|
259
|
+
target 34
|
260
|
+
end
|
261
|
+
|
252
262
|
class Generic < Base
|
253
263
|
def url
|
254
264
|
"https://docs.chef.io/chef_deprecations_client/"
|
data/lib/chef/exceptions.rb
CHANGED
@@ -174,6 +174,9 @@ class Chef
|
|
174
174
|
class CannotDetermineWindowsInstallerType < Package; end
|
175
175
|
class NoWindowsPackageSource < Package; end
|
176
176
|
|
177
|
+
# for example, if both recipes/default.yml, recipes/default.yaml are present
|
178
|
+
class AmbiguousYAMLFile < RuntimeError; end
|
179
|
+
|
177
180
|
# Can not create staging file during file deployment
|
178
181
|
class FileContentStagingError < RuntimeError
|
179
182
|
def initialize(errors)
|
@@ -27,7 +27,7 @@ class Chef
|
|
27
27
|
# Failed to register this client with the server.
|
28
28
|
def self.registration_failed(node_name, exception, config)
|
29
29
|
error_inspector = ErrorInspectors::RegistrationErrorInspector.new(node_name, exception, config)
|
30
|
-
headline = "Chef encountered an error attempting to create the client \"#{node_name}\""
|
30
|
+
headline = "Chef Infra Client encountered an error attempting to create the client \"#{node_name}\""
|
31
31
|
description = ErrorDescription.new(headline)
|
32
32
|
error_inspector.add_explanation(description)
|
33
33
|
description
|
@@ -35,7 +35,7 @@ class Chef
|
|
35
35
|
|
36
36
|
def self.node_load_failed(node_name, exception, config)
|
37
37
|
error_inspector = ErrorInspectors::NodeLoadErrorInspector.new(node_name, exception, config)
|
38
|
-
headline = "Chef encountered an error attempting to load the node data for \"#{node_name}\""
|
38
|
+
headline = "Chef Infra Client encountered an error attempting to load the node data for \"#{node_name}\""
|
39
39
|
description = ErrorDescription.new(headline)
|
40
40
|
error_inspector.add_explanation(description)
|
41
41
|
description
|
data/lib/chef/http.rb
CHANGED
@@ -423,7 +423,7 @@ class Chef
|
|
423
423
|
if response.is_a?(Net::HTTPServerError) && !Chef::Config.local_mode
|
424
424
|
if http_retry_count - http_attempts >= 0
|
425
425
|
sleep_time = 1 + (2**http_attempts) + rand(2**http_attempts)
|
426
|
-
Chef::Log.
|
426
|
+
Chef::Log.warn("Server returned error #{response.code} for #{url}, retrying #{http_attempts}/#{http_retry_count} in #{sleep_time}s") # Updated from error to warn
|
427
427
|
sleep(sleep_time)
|
428
428
|
redo
|
429
429
|
end
|
@@ -432,7 +432,7 @@ class Chef
|
|
432
432
|
end
|
433
433
|
rescue SocketError, Errno::ETIMEDOUT, Errno::ECONNRESET => e
|
434
434
|
if http_retry_count - http_attempts >= 0
|
435
|
-
Chef::Log.
|
435
|
+
Chef::Log.warn("Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
|
436
436
|
sleep(http_retry_delay)
|
437
437
|
retry
|
438
438
|
end
|
@@ -440,21 +440,21 @@ class Chef
|
|
440
440
|
raise e
|
441
441
|
rescue Errno::ECONNREFUSED
|
442
442
|
if http_retry_count - http_attempts >= 0
|
443
|
-
Chef::Log.
|
443
|
+
Chef::Log.warn("Connection refused connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
|
444
444
|
sleep(http_retry_delay)
|
445
445
|
retry
|
446
446
|
end
|
447
447
|
raise Errno::ECONNREFUSED, "Connection refused connecting to #{url}, giving up"
|
448
448
|
rescue Timeout::Error
|
449
449
|
if http_retry_count - http_attempts >= 0
|
450
|
-
Chef::Log.
|
450
|
+
Chef::Log.warn("Timeout connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
|
451
451
|
sleep(http_retry_delay)
|
452
452
|
retry
|
453
453
|
end
|
454
454
|
raise Timeout::Error, "Timeout connecting to #{url}, giving up"
|
455
455
|
rescue OpenSSL::SSL::SSLError => e
|
456
456
|
if (http_retry_count - http_attempts >= 0) && !e.message.include?("certificate verify failed")
|
457
|
-
Chef::Log.
|
457
|
+
Chef::Log.warn("SSL Error connecting to #{url}, retry #{http_attempts}/#{http_retry_count}") # Updated from error to warn
|
458
458
|
sleep(http_retry_delay)
|
459
459
|
retry
|
460
460
|
end
|
@@ -294,11 +294,10 @@ class Chef
|
|
294
294
|
"%TEMP%\\#{ChefUtils::Dist::Infra::CLIENT}-latest.msi"
|
295
295
|
end
|
296
296
|
|
297
|
-
# Build a URL
|
298
|
-
# Chef Infra msi download.
|
297
|
+
# Build a URL that will redirect to the correct Chef Infra msi download.
|
299
298
|
def msi_url(machine_os = nil, machine_arch = nil, download_context = nil)
|
300
299
|
if config[:msi_url].nil? || config[:msi_url].empty?
|
301
|
-
url = "https://
|
300
|
+
url = "https://omnitruck.chef.io/chef/download?p=windows"
|
302
301
|
url += "&pv=#{machine_os}" unless machine_os.nil?
|
303
302
|
url += "&m=#{machine_arch}" unless machine_arch.nil?
|
304
303
|
url += "&DownloadContext=#{download_context}" unless download_context.nil?
|
data/lib/chef/node.rb
CHANGED
@@ -687,6 +687,25 @@ class Chef
|
|
687
687
|
name <=> other.name
|
688
688
|
end
|
689
689
|
|
690
|
+
# Returns hash of node data with attributes based on whitelist/blacklist rules.
|
691
|
+
def data_for_save
|
692
|
+
data = for_json
|
693
|
+
%w{automatic default normal override}.each do |level|
|
694
|
+
allowlist = allowlist_or_whitelist_config(level)
|
695
|
+
unless allowlist.nil? # nil => save everything
|
696
|
+
logger.info("Allowing #{level} node attributes for save.")
|
697
|
+
data[level] = Chef::AttributeAllowlist.filter(data[level], allowlist)
|
698
|
+
end
|
699
|
+
|
700
|
+
blocklist = blocklist_or_blacklist_config(level)
|
701
|
+
unless blocklist.nil? # nil => remove nothing
|
702
|
+
logger.info("Blocking #{level} node attributes for save")
|
703
|
+
data[level] = Chef::AttributeBlocklist.filter(data[level], blocklist)
|
704
|
+
end
|
705
|
+
end
|
706
|
+
data
|
707
|
+
end
|
708
|
+
|
690
709
|
private
|
691
710
|
|
692
711
|
def save_without_policyfile_attrs
|
@@ -712,7 +731,7 @@ class Chef
|
|
712
731
|
# @param [String] level the attribute level
|
713
732
|
def allowlist_or_whitelist_config(level)
|
714
733
|
if Chef::Config["#{level}_attribute_whitelist".to_sym]
|
715
|
-
Chef.deprecated(:
|
734
|
+
Chef.deprecated(:attribute_whitelist_configuration, "Attribute whitelist configurations have been deprecated. Use the allowed_LEVEL_attribute configs instead")
|
716
735
|
Chef::Config["#{level}_attribute_whitelist".to_sym]
|
717
736
|
else
|
718
737
|
Chef::Config["allowed_#{level}_attributes".to_sym]
|
@@ -732,24 +751,6 @@ class Chef
|
|
732
751
|
end
|
733
752
|
end
|
734
753
|
|
735
|
-
def data_for_save
|
736
|
-
data = for_json
|
737
|
-
%w{automatic default normal override}.each do |level|
|
738
|
-
allowlist = allowlist_or_whitelist_config(level)
|
739
|
-
unless allowlist.nil? # nil => save everything
|
740
|
-
logger.info("Allowing #{level} node attributes for save.")
|
741
|
-
data[level] = Chef::AttributeAllowlist.filter(data[level], allowlist)
|
742
|
-
end
|
743
|
-
|
744
|
-
blocklist = blocklist_or_blacklist_config(level)
|
745
|
-
unless blocklist.nil? # nil => remove nothing
|
746
|
-
logger.info("Blocking #{level} node attributes for save")
|
747
|
-
data[level] = Chef::AttributeBlocklist.filter(data[level], blocklist)
|
748
|
-
end
|
749
|
-
end
|
750
|
-
data
|
751
|
-
end
|
752
|
-
|
753
754
|
# Returns a UUID that uniquely identifies this node for reporting reasons.
|
754
755
|
#
|
755
756
|
# The node is read in from disk if it exists, or it's generated if it does
|
@@ -148,6 +148,11 @@ class Chef
|
|
148
148
|
# consume_external_attrs may add items to the run_list. Save the
|
149
149
|
# expanded run_list, which we will pass to the server later to
|
150
150
|
# determine which versions of cookbooks to use.
|
151
|
+
|
152
|
+
unless Chef::Config[:policy_document_native_api]
|
153
|
+
Chef.deprecated(:policyfile_compat_mode, "The chef-server 11 policyfile compat mode is deprecated, please set policy_document_native_api to true in your config")
|
154
|
+
end
|
155
|
+
|
151
156
|
node.reset_defaults_and_overrides
|
152
157
|
|
153
158
|
node.consume_external_attrs(ohai_data, json_attribs)
|
@@ -158,7 +158,7 @@ class Chef
|
|
158
158
|
if new_resource.group_name && (current_resource.group_name != new_resource.group_name)
|
159
159
|
dscl_create_group
|
160
160
|
end
|
161
|
-
if new_resource.gid && (current_resource.gid != new_resource.gid)
|
161
|
+
if new_resource.gid && (current_resource.gid != new_resource.gid.to_s)
|
162
162
|
set_gid
|
163
163
|
end
|
164
164
|
if new_resource.members || new_resource.excluded_members
|
@@ -124,6 +124,11 @@ class Chef
|
|
124
124
|
command.push("-RequiredVersion #{version}") if version
|
125
125
|
command.push("-Source #{new_resource.source}") if new_resource.source && cmdlet_name =~ Regexp.union(/Install-Package/, /Find-Package/)
|
126
126
|
command.push("-SkipPublisherCheck") if new_resource.skip_publisher_check && cmdlet_name !~ /Find-Package/
|
127
|
+
if new_resource.options && cmdlet_name !~ Regexp.union(/Get-Package/, /Find-Package/)
|
128
|
+
new_resource.options.each do |arg|
|
129
|
+
command.push(arg) unless command.include?(arg)
|
130
|
+
end
|
131
|
+
end
|
127
132
|
command.push(").Version")
|
128
133
|
command.join(" ")
|
129
134
|
end
|
@@ -423,11 +423,11 @@ class Chef
|
|
423
423
|
end
|
424
424
|
|
425
425
|
def is_omnibus?
|
426
|
-
if %r{/(
|
426
|
+
if %r{/(#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}|#{ChefUtils::Dist::Infra::SHORT}|#{ChefUtils::Dist::Workstation::DIR_SUFFIX})/embedded/bin}.match?(RbConfig::CONFIG["bindir"])
|
427
427
|
logger.trace("#{new_resource} detected omnibus installation in #{RbConfig::CONFIG["bindir"]}")
|
428
428
|
# Omnibus installs to a static path because of linking on unix, find it.
|
429
429
|
true
|
430
|
-
elsif RbConfig::CONFIG["bindir"].sub(/^\w:/, "") == "/
|
430
|
+
elsif RbConfig::CONFIG["bindir"].sub(/^\w:/, "") == "/#{ChefUtils::Dist::Org::LEGACY_CONF_DIR}/#{ChefUtils::Dist::Infra::SHORT}/embedded/bin"
|
431
431
|
logger.trace("#{new_resource} detected omnibus installation in #{RbConfig::CONFIG["bindir"]}")
|
432
432
|
# windows, with the drive letter removed
|
433
433
|
true
|
@@ -65,7 +65,7 @@ class Chef
|
|
65
65
|
context[:template_finder] = template_finder
|
66
66
|
|
67
67
|
# helper variables
|
68
|
-
context[:cookbook_name] = new_resource.cookbook_name unless context.keys.include?(:
|
68
|
+
context[:cookbook_name] = new_resource.cookbook_name unless context.keys.include?(:cookbook_name)
|
69
69
|
context[:recipe_name] = new_resource.recipe_name unless context.keys.include?(:recipe_name)
|
70
70
|
context[:recipe_line_string] = new_resource.source_line unless context.keys.include?(:recipe_line_string)
|
71
71
|
context[:recipe_path] = new_resource.source_line_file unless context.keys.include?(:recipe_path)
|
@@ -34,7 +34,7 @@ class Chef
|
|
34
34
|
|
35
35
|
property :cask_name, String,
|
36
36
|
description: "An optional property to set the cask name if it differs from the resource block's name.",
|
37
|
-
regex: %r{^[\w
|
37
|
+
regex: %r{^[\w/\-@]+$},
|
38
38
|
validation_message: "The provided Homebrew cask name is not valid. Cask names can contain alphanumeric characters, _, -, or / only!",
|
39
39
|
name_property: true
|
40
40
|
|
@@ -54,9 +54,12 @@ class Chef
|
|
54
54
|
default: lazy { find_homebrew_username }
|
55
55
|
|
56
56
|
action :install do
|
57
|
-
|
58
|
-
|
59
|
-
|
57
|
+
if new_resource.install_cask
|
58
|
+
homebrew_tap "homebrew/cask" do
|
59
|
+
homebrew_path new_resource.homebrew_path
|
60
|
+
owner new_resource.owner
|
61
|
+
end
|
62
|
+
end
|
60
63
|
|
61
64
|
unless casked?
|
62
65
|
converge_by("install cask #{new_resource.cask_name} #{new_resource.options}") do
|
@@ -69,9 +72,12 @@ class Chef
|
|
69
72
|
end
|
70
73
|
|
71
74
|
action :remove do
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
+
if new_resource.install_cask
|
76
|
+
homebrew_tap "homebrew/cask" do
|
77
|
+
homebrew_path new_resource.homebrew_path
|
78
|
+
owner new_resource.owner
|
79
|
+
end
|
80
|
+
end
|
75
81
|
|
76
82
|
if casked?
|
77
83
|
converge_by("uninstall cask #{new_resource.cask_name}") do
|
data/lib/chef/resource/mount.rb
CHANGED
@@ -41,7 +41,7 @@ class Chef
|
|
41
41
|
sensitive: true
|
42
42
|
|
43
43
|
property :mount_point, String, name_property: true,
|
44
|
-
coerce: proc { |arg| arg.chomp("/") }, # Removed "/" from the end of str, because it was causing idempotency issue.
|
44
|
+
coerce: proc { |arg| (arg == "/" || arg.match?(":/$")) ? arg : arg.chomp("/") }, # Removed "/" from the end of str, because it was causing idempotency issue.
|
45
45
|
description: "The directory (or path) in which the device is to be mounted. Defaults to the name of the resource block if not provided."
|
46
46
|
|
47
47
|
property :device, String, identity: true,
|
@@ -34,11 +34,11 @@ class Chef
|
|
34
34
|
action :attach do
|
35
35
|
description "Attach the node to a subscription pool."
|
36
36
|
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
37
|
+
unless subscription_attached?(new_resource.pool_id)
|
38
|
+
converge_by("attach subscription pool #{new_resource.pool_id}") do
|
39
|
+
shell_out!("subscription-manager attach --pool=#{new_resource.pool_id}")
|
40
|
+
build_resource(:package, "rhsm_subscription-#{new_resource.pool_id}-flush_cache").run_action(:flush_cache)
|
41
|
+
end
|
42
42
|
end
|
43
43
|
end
|
44
44
|
|
@@ -22,6 +22,12 @@
|
|
22
22
|
<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
|
23
23
|
<%=prop.delete_prefix("@") %> <%= instance_variable_get(prop).inspect %>
|
24
24
|
<% end -%>
|
25
|
+
<%# ohai_disabled_plugins and ohai_optional_plugins properties don't match the config value perfectly-%>
|
26
|
+
<% %w(@ohai_disabled_plugins
|
27
|
+
@ohai_optional_plugins).each do |prop| -%>
|
28
|
+
<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
|
29
|
+
<%=prop.gsub("@ohai_", "ohai.") %> <%= instance_variable_get(prop).inspect %>
|
30
|
+
<% end -%>
|
25
31
|
<%# log_location is special due to STDOUT/STDERR from String -> IO Object -%>
|
26
32
|
<% unless @log_location.nil? %>
|
27
33
|
<% if @log_location.is_a?(String) && %w(STDOUT STDERR).include?(@log_location) -%>
|
@@ -113,7 +113,7 @@ class Chef
|
|
113
113
|
when Hash
|
114
114
|
IniParse.gen do |doc|
|
115
115
|
content.each_pair do |sect, opts|
|
116
|
-
doc.section(sect) do |section|
|
116
|
+
doc.section(sect, { option_sep: "=" }) do |section|
|
117
117
|
opts.each_pair do |opt, val|
|
118
118
|
[val].flatten.each do |v|
|
119
119
|
section.option(opt, v)
|
@@ -17,6 +17,7 @@
|
|
17
17
|
# limitations under the License.
|
18
18
|
|
19
19
|
require_relative "../resource"
|
20
|
+
require "tempfile" unless defined?(Tempfile)
|
20
21
|
|
21
22
|
class Chef
|
22
23
|
class Resource
|
@@ -27,6 +28,7 @@ class Chef
|
|
27
28
|
|
28
29
|
# The valid policy_names options found here
|
29
30
|
# https://github.com/ChrisAWalker/cSecurityOptions under 'AccountSettings'
|
31
|
+
# This needs to be revisited - the list at the link above is non-exhaustive and is missing a couple of items
|
30
32
|
policy_names = %w{LockoutDuration
|
31
33
|
MaximumPasswordAge
|
32
34
|
MinimumPasswordAge
|
@@ -35,6 +37,8 @@ class Chef
|
|
35
37
|
PasswordHistorySize
|
36
38
|
LockoutBadCount
|
37
39
|
ResetLockoutCount
|
40
|
+
AuditPolicyChange
|
41
|
+
LockoutDuration
|
38
42
|
RequireLogonToChangePassword
|
39
43
|
ForceLogoffWhenHourExpire
|
40
44
|
NewAdministratorName
|
@@ -43,7 +47,7 @@ class Chef
|
|
43
47
|
LSAAnonymousNameLookup
|
44
48
|
EnableAdminAccount
|
45
49
|
EnableGuestAccount
|
46
|
-
|
50
|
+
}
|
47
51
|
description "Use the **windows_security_policy** resource to set a security policy on the Microsoft Windows platform."
|
48
52
|
introduced "16.0"
|
49
53
|
|
@@ -83,6 +87,55 @@ class Chef
|
|
83
87
|
description: "Policy value to be set for policy name."
|
84
88
|
|
85
89
|
load_current_value do |desired|
|
90
|
+
current_state = load_security_options
|
91
|
+
|
92
|
+
if desired.secoption == "ResetLockoutCount"
|
93
|
+
if desired.secvalue.to_i > 30
|
94
|
+
raise Chef::Exceptions::ValidationFailed, "The \"ResetLockoutCount\" value cannot be greater than 30 minutes"
|
95
|
+
end
|
96
|
+
end
|
97
|
+
if (desired.secoption == "ResetLockoutCount" || desired.secoption == "LockoutDuration") && current_state["LockoutBadCount"] == "0"
|
98
|
+
raise Chef::Exceptions::ValidationFailed, "#{desired.secoption} cannot be set unless the \"LockoutBadCount\" security policy has been set to a non-zero value"
|
99
|
+
end
|
100
|
+
|
101
|
+
secvalue current_state[desired.secoption.to_s]
|
102
|
+
end
|
103
|
+
|
104
|
+
action :set do
|
105
|
+
converge_if_changed :secvalue do
|
106
|
+
security_option = new_resource.secoption
|
107
|
+
security_value = new_resource.secvalue
|
108
|
+
|
109
|
+
file = Tempfile.new(["#{security_option}", ".inf"])
|
110
|
+
case security_option
|
111
|
+
when "LockoutBadCount"
|
112
|
+
cmd = "net accounts /LockoutThreshold:#{security_value}"
|
113
|
+
when "ResetLockoutCount"
|
114
|
+
cmd = "net accounts /LockoutWindow:#{security_value}"
|
115
|
+
when "LockoutDuration"
|
116
|
+
cmd = "net accounts /LockoutDuration:#{security_value}"
|
117
|
+
when "NewAdministratorName", "NewGuestName"
|
118
|
+
policy_line = "#{security_option} = \"#{security_value}\""
|
119
|
+
file.write("[Unicode]\r\nUnicode=yes\r\n[System Access]\r\n#{policy_line}\r\n[Version]\r\nsignature=\"$CHICAGO$\"\r\nRevision=1\r\n")
|
120
|
+
file.close
|
121
|
+
file_path = file.path.gsub("/", '\\')
|
122
|
+
cmd = "C:\\Windows\\System32\\secedit /configure /db C:\\windows\\security\\new.sdb /cfg #{file_path} /areas SECURITYPOLICY"
|
123
|
+
else
|
124
|
+
policy_line = "#{security_option} = #{security_value}"
|
125
|
+
file.write("[Unicode]\r\nUnicode=yes\r\n[System Access]\r\n#{policy_line}\r\n[Version]\r\nsignature=\"$CHICAGO$\"\r\nRevision=1\r\n")
|
126
|
+
file.close
|
127
|
+
file_path = file.path.gsub("/", '\\')
|
128
|
+
cmd = "C:\\Windows\\System32\\secedit /configure /db C:\\windows\\security\\new.sdb /cfg #{file_path} /areas SECURITYPOLICY"
|
129
|
+
end
|
130
|
+
shell_out!(cmd)
|
131
|
+
file.unlink
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
private
|
136
|
+
|
137
|
+
# Loads powershell to get current state on security options
|
138
|
+
def load_security_options
|
86
139
|
powershell_code = <<-CODE
|
87
140
|
C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\secopts_export.inf | Out-Null
|
88
141
|
# cspell:disable-next-line
|
@@ -108,44 +161,7 @@ class Chef
|
|
108
161
|
LockoutBadCount = $security_options_hash.LockoutBadCount
|
109
162
|
})
|
110
163
|
CODE
|
111
|
-
|
112
|
-
current_value_does_not_exist! if output.result.empty?
|
113
|
-
state = output.result
|
114
|
-
|
115
|
-
if desired.secoption == "ResetLockoutCount" || desired.secoption == "LockoutDuration"
|
116
|
-
if state["LockoutBadCount"] == "0"
|
117
|
-
raise Chef::Exceptions::ValidationFailed.new "#{desired.secoption} cannot be set unless the \"LockoutBadCount\" security policy has been set to a non-zero value"
|
118
|
-
else
|
119
|
-
secvalue state[desired.secoption.to_s]
|
120
|
-
end
|
121
|
-
else
|
122
|
-
secvalue state[desired.secoption.to_s]
|
123
|
-
end
|
124
|
-
end
|
125
|
-
|
126
|
-
action :set do
|
127
|
-
converge_if_changed :secvalue do
|
128
|
-
security_option = new_resource.secoption
|
129
|
-
security_value = new_resource.secvalue
|
130
|
-
|
131
|
-
cmd = <<-EOH
|
132
|
-
$security_option = "#{security_option}"
|
133
|
-
C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
|
134
|
-
if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") )
|
135
|
-
{
|
136
|
-
$#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content $env:TEMP\\#{security_option}_Export.inf
|
137
|
-
C:\\Windows\\System32\\secedit /configure /db $env:windir\\security\\new.sdb /cfg $env:TEMP\\#{security_option}_Export.inf /areas SECURITYPOLICY
|
138
|
-
}
|
139
|
-
else
|
140
|
-
{
|
141
|
-
$#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace "#{security_option}\\s*=\\s*\\d*", "#{security_option} = #{security_value}" } | Set-Content $env:TEMP\\#{security_option}_Export.inf
|
142
|
-
C:\\Windows\\System32\\secedit /configure /db $env:windir\\security\\new.sdb /cfg $env:TEMP\\#{security_option}_Export.inf /areas SECURITYPOLICY
|
143
|
-
}
|
144
|
-
Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
|
145
|
-
EOH
|
146
|
-
|
147
|
-
powershell_exec!(cmd)
|
148
|
-
end
|
164
|
+
powershell_exec(powershell_code).result
|
149
165
|
end
|
150
166
|
end
|
151
167
|
end
|
@@ -106,7 +106,9 @@ class Chef
|
|
106
106
|
#
|
107
107
|
# @return [Integer]
|
108
108
|
def consent_behavior_users_symbol_to_reg(sym)
|
109
|
-
|
109
|
+
# Since 2 isn't a valid value for ConsentPromptBehaviorUser, assign the value at index as nil.
|
110
|
+
# https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings#registry-key-settings
|
111
|
+
[:auto_deny, :secure_prompt_for_creds, nil, :prompt_for_creds].index(sym)
|
110
112
|
end
|
111
113
|
end
|
112
114
|
end
|