chef 16.13.16-universal-mingw32 → 17.3.48-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +11 -22
- data/README.md +1 -1
- data/Rakefile +2 -2
- data/chef-universal-mingw32.gemspec +1 -1
- data/chef.gemspec +12 -24
- data/lib/chef/action_collection.rb +6 -26
- data/lib/chef/application.rb +1 -1
- data/lib/chef/application/base.rb +16 -1
- data/lib/chef/applications.rb +0 -1
- data/lib/chef/chef_fs/command_line.rb +5 -2
- data/lib/chef/chef_fs/file_pattern.rb +2 -2
- data/lib/chef/chef_fs/file_system.rb +9 -10
- data/lib/chef/client.rb +9 -3
- data/lib/chef/compliance/default_attributes.rb +5 -4
- data/lib/chef/compliance/fetcher/automate.rb +0 -7
- data/lib/chef/compliance/reporter/automate.rb +17 -7
- data/lib/chef/compliance/reporter/chef_server_automate.rb +11 -6
- data/lib/chef/compliance/reporter/cli.rb +77 -0
- data/lib/chef/compliance/reporter/compliance_enforcer.rb +4 -0
- data/lib/chef/compliance/reporter/json_file.rb +8 -1
- data/lib/chef/compliance/runner.rb +65 -27
- data/lib/chef/cookbook/cookbook_version_loader.rb +3 -3
- data/lib/chef/cookbook/gem_installer.rb +5 -1
- data/lib/chef/cookbook/synchronizer.rb +3 -5
- data/lib/chef/cookbook_loader.rb +2 -4
- data/lib/chef/cookbook_uploader.rb +0 -1
- data/lib/chef/cookbook_version.rb +26 -4
- data/lib/chef/data_bag_item.rb +11 -2
- data/lib/chef/data_collector.rb +0 -1
- data/lib/chef/data_collector/run_end_message.rb +1 -1
- data/lib/chef/delayed_evaluator.rb +4 -0
- data/lib/chef/deprecated.rb +18 -4
- data/lib/chef/dsl.rb +1 -0
- data/lib/chef/dsl/chef_vault.rb +6 -6
- data/lib/chef/dsl/declare_resource.rb +5 -10
- data/lib/chef/dsl/reboot_pending.rb +1 -2
- data/lib/chef/{knife/group_list.rb → dsl/render_helpers.rb} +18 -17
- data/lib/chef/dsl/secret.rb +64 -0
- data/lib/chef/dsl/toml.rb +116 -0
- data/lib/chef/dsl/universal.rb +5 -0
- data/lib/chef/event_dispatch/base.rb +2 -1
- data/lib/chef/exceptions.rb +25 -0
- data/lib/chef/formatters/doc.rb +2 -1
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +20 -22
- data/lib/chef/group.rb +75 -0
- data/lib/chef/handler.rb +46 -8
- data/lib/chef/handler/slow_report.rb +66 -0
- data/lib/chef/json_compat.rb +1 -1
- data/lib/chef/mixin/get_source_from_package.rb +1 -1
- data/lib/chef/node.rb +21 -20
- data/lib/chef/node/attribute.rb +6 -4
- data/lib/chef/node/immutable_collections.rb +13 -0
- data/lib/chef/node/mixin/deep_merge_cache.rb +11 -7
- data/lib/chef/org.rb +3 -2
- data/lib/chef/policy_builder/policyfile.rb +88 -45
- data/lib/chef/property.rb +18 -0
- data/lib/chef/provider.rb +1 -1
- data/lib/chef/provider/cron.rb +1 -1
- data/lib/chef/provider/directory.rb +6 -6
- data/lib/chef/provider/execute.rb +2 -1
- data/lib/chef/provider/file.rb +3 -3
- data/lib/chef/provider/git.rb +5 -7
- data/lib/chef/provider/group/groupadd.rb +3 -3
- data/lib/chef/provider/group/groupmod.rb +3 -3
- data/lib/chef/provider/group/pw.rb +3 -3
- data/lib/chef/provider/ifconfig.rb +2 -2
- data/lib/chef/provider/link.rb +3 -3
- data/lib/chef/provider/lwrp_base.rb +1 -1
- data/lib/chef/provider/mount.rb +5 -5
- data/lib/chef/provider/mount/aix.rb +3 -3
- data/lib/chef/provider/mount/mount.rb +5 -5
- data/lib/chef/provider/mount/windows.rb +1 -1
- data/lib/chef/provider/package.rb +17 -21
- data/lib/chef/provider/package/apt.rb +27 -1
- data/lib/chef/provider/package/deb.rb +3 -3
- data/lib/chef/provider/package/dnf/dnf_helper.py +12 -11
- data/lib/chef/provider/package/dnf/python_helper.rb +9 -8
- data/lib/chef/provider/package/habitat.rb +168 -0
- data/lib/chef/provider/package/portage.rb +2 -2
- data/lib/chef/provider/package/powershell.rb +5 -0
- data/lib/chef/provider/package/rubygems.rb +11 -17
- data/lib/chef/provider/package/windows.rb +2 -4
- data/lib/chef/provider/package/yum.rb +1 -4
- data/lib/chef/provider/package/yum/python_helper.rb +15 -10
- data/lib/chef/provider/package/yum/yum_helper.py +47 -63
- data/lib/chef/provider/registry_key.rb +1 -1
- data/lib/chef/provider/route.rb +2 -2
- data/lib/chef/provider/service.rb +6 -6
- data/lib/chef/provider/service/aixinit.rb +1 -1
- data/lib/chef/provider/service/debian.rb +1 -1
- data/lib/chef/provider/service/freebsd.rb +15 -21
- data/lib/chef/provider/service/macosx.rb +4 -4
- data/lib/chef/provider/service/systemd.rb +43 -14
- data/lib/chef/provider/service/upstart.rb +2 -13
- data/lib/chef/provider/service/windows.rb +12 -12
- data/lib/chef/provider/subversion.rb +10 -12
- data/lib/chef/provider/support/zypper_repo.erb +4 -2
- data/lib/chef/provider/systemd_unit.rb +36 -10
- data/lib/chef/provider/template/content.rb +3 -7
- data/lib/chef/provider/user.rb +2 -2
- data/lib/chef/provider/user/dscl.rb +1 -1
- data/lib/chef/provider/user/mac.rb +17 -20
- data/lib/chef/provider/user/pw.rb +1 -1
- data/lib/chef/provider/user/windows.rb +1 -1
- data/lib/chef/provider/windows_script.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +28 -32
- data/lib/chef/providers.rb +1 -1
- data/lib/chef/resource.rb +6 -7
- data/lib/chef/resource/alternatives.rb +6 -6
- data/lib/chef/resource/apt_package.rb +1 -1
- data/lib/chef/resource/apt_preference.rb +2 -2
- data/lib/chef/resource/apt_repository.rb +6 -6
- data/lib/chef/resource/apt_update.rb +5 -4
- data/lib/chef/resource/archive_file.rb +2 -3
- data/lib/chef/resource/breakpoint.rb +1 -1
- data/lib/chef/resource/build_essential.rb +2 -6
- data/lib/chef/resource/chef_client_config.rb +10 -5
- data/lib/chef/resource/chef_client_cron.rb +5 -5
- data/lib/chef/resource/chef_client_launchd.rb +6 -6
- data/lib/chef/resource/chef_client_scheduled_task.rb +16 -16
- data/lib/chef/resource/chef_client_systemd_timer.rb +5 -5
- data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
- data/lib/chef/resource/chef_handler.rb +3 -7
- data/lib/chef/resource/chef_sleep.rb +1 -1
- data/lib/chef/resource/chef_vault_secret.rb +5 -10
- data/lib/chef/resource/chocolatey_config.rb +2 -6
- data/lib/chef/resource/chocolatey_feature.rb +2 -6
- data/lib/chef/resource/chocolatey_source.rb +4 -10
- data/lib/chef/resource/cron/_cron_shared.rb +2 -2
- data/lib/chef/resource/cron/cron_d.rb +4 -6
- data/lib/chef/resource/cron_access.rb +2 -4
- data/lib/chef/resource/dmg_package.rb +6 -10
- data/lib/chef/resource/dpkg_package.rb +1 -1
- data/lib/chef/resource/dsc_resource.rb +1 -1
- data/lib/chef/resource/execute.rb +11 -6
- data/lib/chef/resource/file.rb +1 -1
- data/lib/chef/resource/gem_package.rb +2 -1
- data/lib/chef/resource/group.rb +6 -6
- data/lib/chef/{knife/recipe_list.rb → resource/habitat/_habitat_shared.rb} +13 -17
- data/lib/chef/resource/habitat/habitat_package.rb +129 -0
- data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
- data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
- data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
- data/lib/chef/resource/habitat_config.rb +107 -0
- data/lib/chef/resource/habitat_install.rb +247 -0
- data/lib/chef/resource/habitat_service.rb +451 -0
- data/lib/chef/resource/habitat_user_toml.rb +92 -0
- data/lib/chef/resource/homebrew_cask.rb +17 -10
- data/lib/chef/resource/homebrew_package.rb +1 -1
- data/lib/chef/resource/homebrew_tap.rb +4 -7
- data/lib/chef/resource/homebrew_update.rb +2 -2
- data/lib/chef/resource/hostname.rb +68 -22
- data/lib/chef/resource/http_request.rb +1 -1
- data/lib/chef/resource/inspec_waiver_file_entry.rb +156 -0
- data/lib/chef/resource/kernel_module.rb +6 -17
- data/lib/chef/resource/locale.rb +2 -3
- data/lib/chef/resource/lwrp_base.rb +20 -1
- data/lib/chef/resource/macos_userdefaults.rb +10 -14
- data/lib/chef/resource/mdadm.rb +53 -7
- data/lib/chef/resource/mount.rb +2 -1
- data/lib/chef/resource/ohai_hint.rb +2 -6
- data/lib/chef/resource/openbsd_package.rb +17 -0
- data/lib/chef/resource/openssl_dhparam.rb +1 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +3 -5
- data/lib/chef/resource/openssl_ec_public_key.rb +1 -3
- data/lib/chef/resource/openssl_rsa_private_key.rb +2 -4
- data/lib/chef/resource/openssl_rsa_public_key.rb +1 -3
- data/lib/chef/resource/openssl_x509_certificate.rb +3 -6
- data/lib/chef/resource/openssl_x509_crl.rb +1 -3
- data/lib/chef/resource/openssl_x509_request.rb +1 -3
- data/lib/chef/resource/osx_profile.rb +3 -3
- data/lib/chef/resource/plist.rb +8 -8
- data/lib/chef/resource/powershell_package_source.rb +2 -4
- data/lib/chef/resource/powershell_script.rb +1 -1
- data/lib/chef/resource/reboot.rb +38 -9
- data/lib/chef/resource/remote_directory.rb +2 -2
- data/lib/chef/resource/remote_file.rb +3 -3
- data/lib/chef/resource/rhsm_errata.rb +16 -3
- data/lib/chef/resource/rhsm_errata_level.rb +11 -6
- data/lib/chef/resource/rhsm_register.rb +12 -6
- data/lib/chef/resource/rhsm_repo.rb +17 -6
- data/lib/chef/resource/rhsm_subscription.rb +2 -6
- data/lib/chef/resource/scm/git.rb +1 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +4 -7
- data/lib/chef/resource/sudo.rb +8 -12
- data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
- data/lib/chef/resource/support/client.erb +8 -1
- data/lib/chef/resource/support/sup.toml.erb +179 -0
- data/lib/chef/resource/swap_file.rb +2 -6
- data/lib/chef/resource/sysctl.rb +2 -6
- data/lib/chef/resource/systemd_unit.rb +2 -2
- data/lib/chef/resource/template.rb +1 -1
- data/lib/chef/resource/timezone.rb +1 -3
- data/lib/chef/resource/user/mac_user.rb +1 -1
- data/lib/chef/resource/user_ulimit.rb +2 -2
- data/lib/chef/resource/windows_ad_join.rb +2 -6
- data/lib/chef/resource/windows_audit_policy.rb +2 -2
- data/lib/chef/resource/windows_auto_run.rb +2 -5
- data/lib/chef/resource/windows_certificate.rb +207 -73
- data/lib/chef/resource/windows_defender.rb +163 -0
- data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
- data/lib/chef/resource/windows_dfs_folder.rb +2 -6
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -6
- data/lib/chef/resource/windows_dfs_server.rb +1 -3
- data/lib/chef/resource/windows_dns_record.rb +2 -6
- data/lib/chef/resource/windows_dns_zone.rb +2 -6
- data/lib/chef/resource/windows_env.rb +6 -5
- data/lib/chef/resource/windows_feature.rb +3 -9
- data/lib/chef/resource/windows_feature_dism.rb +3 -9
- data/lib/chef/resource/windows_feature_powershell.rb +3 -3
- data/lib/chef/resource/windows_firewall_profile.rb +4 -4
- data/lib/chef/resource/windows_firewall_rule.rb +20 -9
- data/lib/chef/resource/windows_font.rb +3 -5
- data/lib/chef/resource/windows_pagefile.rb +104 -69
- data/lib/chef/resource/windows_path.rb +4 -4
- data/lib/chef/resource/windows_printer.rb +80 -61
- data/lib/chef/resource/windows_printer_port.rb +49 -66
- data/lib/chef/resource/windows_security_policy.rb +56 -40
- data/lib/chef/resource/windows_share.rb +14 -21
- data/lib/chef/resource/windows_shortcut.rb +4 -6
- data/lib/chef/resource/windows_task.rb +19 -7
- data/lib/chef/resource/windows_uac.rb +3 -5
- data/lib/chef/resource/windows_update_settings.rb +259 -0
- data/lib/chef/resource/windows_user_privilege.rb +4 -4
- data/lib/chef/resource/windows_workgroup.rb +3 -4
- data/lib/chef/resource/yum_package.rb +10 -10
- data/lib/chef/resource/zypper_package.rb +4 -4
- data/lib/chef/resource/zypper_repository.rb +28 -8
- data/lib/chef/resource_builder.rb +8 -2
- data/lib/chef/resource_reporter.rb +0 -1
- data/lib/chef/resources.rb +13 -2
- data/lib/chef/run_lock.rb +1 -1
- data/lib/chef/runner.rb +1 -1
- data/lib/chef/secret_fetcher.rb +54 -0
- data/lib/chef/secret_fetcher/aws_secrets_manager.rb +53 -0
- data/lib/chef/secret_fetcher/azure_key_vault.rb +56 -0
- data/lib/chef/secret_fetcher/base.rb +72 -0
- data/lib/chef/secret_fetcher/example.rb +46 -0
- data/lib/chef/shell/ext.rb +3 -3
- data/lib/chef/user.rb +0 -1
- data/lib/chef/user_v1.rb +3 -4
- data/lib/chef/util/dsc/configuration_generator.rb +1 -0
- data/lib/chef/util/dsc/local_configuration_manager.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/api.rb +9 -2
- data/lib/chef/win32/registry.rb +4 -2
- data/spec/data/cookbooks/openldap/libraries/openldap.rb +1 -1
- data/spec/data/lwrp/resources/bar.rb +2 -0
- data/spec/data/lwrp/resources/buck_passer.rb +1 -0
- data/spec/data/lwrp/resources/buck_passer_2.rb +1 -0
- data/spec/data/lwrp/resources/embedded_resource_accesses_providers_scope.rb +1 -0
- data/spec/data/lwrp/resources/foo.rb +2 -0
- data/spec/data/lwrp/resources/inline_compiler.rb +1 -0
- data/spec/data/lwrp/resources/monkey_name_printer.rb +1 -0
- data/spec/data/lwrp/resources/paint_drying_watcher.rb +1 -0
- data/spec/data/lwrp/resources/thumb_twiddler.rb +1 -0
- data/spec/data/lwrp/resources_with_default_attributes/nodeattr.rb +2 -0
- data/spec/data/lwrp_const_scoping/resources/conflict.rb +1 -0
- data/spec/data/lwrp_override/resources/foo.rb +1 -0
- data/spec/data/rubygems.org/nonexistent_gem-info +1 -0
- data/spec/data/rubygems.org/sexp_processor-info +49 -0
- data/spec/data/run_context/cookbooks/circular-dep1/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/circular-dep2/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/dependency1/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/dependency2/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/no-default-attr/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/test-with-circular-deps/resources/resource.rb +2 -0
- data/spec/data/run_context/cookbooks/test-with-deps/resources/resource.rb +1 -0
- data/spec/data/run_context/cookbooks/test/resources/resource.rb +2 -0
- data/spec/functional/dsl/registry_helper_spec.rb +1 -1
- data/spec/functional/mixin/from_file_spec.rb +1 -1
- data/spec/functional/resource/aixinit_service_spec.rb +7 -7
- data/spec/functional/resource/apt_package_spec.rb +1 -1
- data/spec/functional/resource/chocolatey_package_spec.rb +13 -0
- data/spec/functional/resource/dnf_package_spec.rb +857 -534
- data/spec/functional/resource/group_spec.rb +1 -1
- data/spec/functional/resource/link_spec.rb +1 -1
- data/spec/functional/resource/registry_spec.rb +8 -8
- data/spec/functional/resource/remote_file_spec.rb +1 -1
- data/spec/functional/resource/user/mac_user_spec.rb +2 -2
- data/spec/functional/resource/windows_certificate_spec.rb +92 -35
- data/spec/functional/resource/windows_env_spec.rb +2 -2
- data/spec/functional/resource/windows_hostname_spec.rb +91 -0
- data/spec/functional/resource/windows_pagefile_spec.rb +98 -0
- data/spec/functional/resource/yum_package_spec.rb +495 -428
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +5 -22
- data/spec/integration/client/exit_code_spec.rb +1 -1
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +1 -1
- data/spec/integration/ohai/ohai_spec.rb +7 -6
- data/spec/integration/recipes/accumulator_spec.rb +13 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +5 -1
- data/spec/integration/recipes/lwrp_spec.rb +3 -1
- data/spec/integration/recipes/notifies_spec.rb +15 -1
- data/spec/integration/recipes/notifying_block_spec.rb +2 -1
- data/spec/integration/recipes/recipe_dsl_spec.rb +10 -10
- data/spec/integration/recipes/resource_action_spec.rb +4 -4
- data/spec/integration/recipes/unified_mode_spec.rb +71 -1
- data/spec/integration/recipes/use_partial_spec.rb +4 -1
- data/spec/spec_helper.rb +13 -13
- data/spec/support/chef_helpers.rb +1 -17
- data/spec/support/lib/chef/resource/with_state.rb +0 -1
- data/spec/support/lib/chef/resource/zen_follower.rb +0 -1
- data/spec/support/lib/chef/resource/zen_master.rb +0 -1
- data/spec/support/matchers/leak.rb +7 -9
- data/spec/support/platform_helpers.rb +1 -8
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/integration/integration_helper.rb +0 -1
- data/spec/support/shared/unit/provider/file.rb +3 -9
- data/spec/support/shared/unit/script_resource.rb +2 -2
- data/spec/unit/application/solo_spec.rb +2 -2
- data/spec/unit/chef_fs/diff_spec.rb +1 -1
- data/spec/unit/chef_fs/file_system/repository/directory_spec.rb +1 -1
- data/spec/unit/chef_fs/file_system_spec.rb +1 -1
- data/spec/unit/compliance/fetcher/automate_spec.rb +0 -16
- data/spec/unit/compliance/reporter/automate_spec.rb +26 -2
- data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +20 -0
- data/spec/unit/compliance/reporter/compliance_enforcer_spec.rb +1 -0
- data/spec/unit/compliance/runner_spec.rb +31 -5
- data/spec/unit/cookbook_version_spec.rb +52 -0
- data/spec/unit/data_bag_item_spec.rb +1 -6
- data/spec/unit/data_collector_spec.rb +47 -1
- data/spec/unit/dsl/reboot_pending_spec.rb +2 -2
- data/spec/unit/dsl/registry_helper_spec.rb +1 -1
- data/spec/unit/dsl/render_helpers_spec.rb +102 -0
- data/spec/unit/dsl/secret_spec.rb +65 -0
- data/spec/unit/handler_spec.rb +8 -2
- data/spec/unit/lwrp_spec.rb +1 -1
- data/spec/unit/mixin/params_validate_spec.rb +4 -3
- data/spec/unit/node/attribute_spec.rb +1 -1
- data/spec/unit/node_spec.rb +78 -0
- data/spec/unit/org_group_spec.rb +45 -0
- data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
- data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
- data/spec/unit/property_spec.rb +23 -22
- data/spec/unit/provider/apt_update_spec.rb +3 -1
- data/spec/unit/provider/cron_spec.rb +1 -1
- data/spec/unit/provider/group/gpasswd_spec.rb +2 -2
- data/spec/unit/provider/group/groupmod_spec.rb +2 -2
- data/spec/unit/provider/group/pw_spec.rb +2 -2
- data/spec/unit/provider/group_spec.rb +1 -1
- data/spec/unit/provider/link_spec.rb +1 -1
- data/spec/unit/provider/mount/aix_spec.rb +1 -1
- data/spec/unit/provider/package/apt_spec.rb +84 -18
- data/spec/unit/provider/package/deb_spec.rb +3 -3
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -0
- data/spec/unit/provider/package/powershell_spec.rb +74 -12
- data/spec/unit/provider/package/rubygems_spec.rb +21 -33
- data/spec/unit/provider/package/yum/python_helper_spec.rb +1 -0
- data/spec/unit/provider/service/arch_service_spec.rb +1 -0
- data/spec/unit/provider/service/debian_service_spec.rb +1 -0
- data/spec/unit/provider/service/macosx_spec.rb +2 -2
- data/spec/unit/provider/service/systemd_service_spec.rb +138 -23
- data/spec/unit/provider/service/upstart_service_spec.rb +0 -29
- data/spec/unit/provider/service/windows_spec.rb +2 -2
- data/spec/unit/provider/subversion_spec.rb +2 -2
- data/spec/unit/provider/systemd_unit_spec.rb +79 -60
- data/spec/unit/provider/zypper_repository_spec.rb +5 -12
- data/spec/unit/provider_spec.rb +0 -8
- data/spec/unit/resource/inspec_waiver_file_entry_spec.rb +80 -0
- data/spec/unit/resource/powershell_script_spec.rb +2 -2
- data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
- data/spec/unit/resource/windows_defender_spec.rb +71 -0
- data/spec/unit/resource/windows_firewall_rule_spec.rb +12 -7
- data/spec/unit/resource/windows_pagefile_spec.rb +4 -9
- data/spec/unit/resource/windows_task_spec.rb +1 -1
- data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
- data/spec/unit/resource/zypper_repository_spec.rb +1 -1
- data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +63 -0
- data/spec/unit/secret_fetcher_spec.rb +82 -0
- data/spec/unit/user_spec.rb +1 -1
- data/spec/unit/user_v1_spec.rb +6 -4
- data/tasks/rspec.rb +9 -6
- metadata +59 -519
- data/bin/knife +0 -24
- data/lib/chef/application/knife.rb +0 -234
- data/lib/chef/application/windows_service.rb +0 -338
- data/lib/chef/application/windows_service_manager.rb +0 -205
- data/lib/chef/chef_fs/knife.rb +0 -160
- data/lib/chef/chef_fs/parallelizer.rb +0 -102
- data/lib/chef/chef_fs/parallelizer/flatten_enumerable.rb +0 -35
- data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +0 -278
- data/lib/chef/cookbook_site_streaming_uploader.rb +0 -244
- data/lib/chef/knife.rb +0 -665
- data/lib/chef/knife/acl_add.rb +0 -57
- data/lib/chef/knife/acl_base.rb +0 -183
- data/lib/chef/knife/acl_bulk_add.rb +0 -78
- data/lib/chef/knife/acl_bulk_remove.rb +0 -83
- data/lib/chef/knife/acl_remove.rb +0 -62
- data/lib/chef/knife/acl_show.rb +0 -56
- data/lib/chef/knife/bootstrap.rb +0 -1192
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +0 -162
- data/lib/chef/knife/bootstrap/client_builder.rb +0 -212
- data/lib/chef/knife/bootstrap/templates/README.md +0 -11
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +0 -242
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +0 -278
- data/lib/chef/knife/bootstrap/train_connector.rb +0 -336
- data/lib/chef/knife/client_bulk_delete.rb +0 -104
- data/lib/chef/knife/client_create.rb +0 -101
- data/lib/chef/knife/client_delete.rb +0 -62
- data/lib/chef/knife/client_edit.rb +0 -52
- data/lib/chef/knife/client_key_create.rb +0 -73
- data/lib/chef/knife/client_key_delete.rb +0 -80
- data/lib/chef/knife/client_key_edit.rb +0 -83
- data/lib/chef/knife/client_key_list.rb +0 -73
- data/lib/chef/knife/client_key_show.rb +0 -80
- data/lib/chef/knife/client_list.rb +0 -41
- data/lib/chef/knife/client_reregister.rb +0 -58
- data/lib/chef/knife/client_show.rb +0 -48
- data/lib/chef/knife/config_get.rb +0 -39
- data/lib/chef/knife/config_get_profile.rb +0 -37
- data/lib/chef/knife/config_list.rb +0 -139
- data/lib/chef/knife/config_list_profiles.rb +0 -37
- data/lib/chef/knife/config_show.rb +0 -127
- data/lib/chef/knife/config_use.rb +0 -61
- data/lib/chef/knife/config_use_profile.rb +0 -47
- data/lib/chef/knife/configure.rb +0 -150
- data/lib/chef/knife/configure_client.rb +0 -48
- data/lib/chef/knife/cookbook_bulk_delete.rb +0 -71
- data/lib/chef/knife/cookbook_delete.rb +0 -151
- data/lib/chef/knife/cookbook_download.rb +0 -142
- data/lib/chef/knife/cookbook_list.rb +0 -47
- data/lib/chef/knife/cookbook_metadata.rb +0 -106
- data/lib/chef/knife/cookbook_metadata_from_file.rb +0 -49
- data/lib/chef/knife/cookbook_show.rb +0 -98
- data/lib/chef/knife/cookbook_upload.rb +0 -292
- data/lib/chef/knife/core/bootstrap_context.rb +0 -264
- data/lib/chef/knife/core/cookbook_scm_repo.rb +0 -159
- data/lib/chef/knife/core/formatting_options.rb +0 -49
- data/lib/chef/knife/core/gem_glob_loader.rb +0 -138
- data/lib/chef/knife/core/generic_presenter.rb +0 -232
- data/lib/chef/knife/core/hashed_command_loader.rb +0 -100
- data/lib/chef/knife/core/node_editor.rb +0 -130
- data/lib/chef/knife/core/node_presenter.rb +0 -133
- data/lib/chef/knife/core/object_loader.rb +0 -115
- data/lib/chef/knife/core/status_presenter.rb +0 -147
- data/lib/chef/knife/core/subcommand_loader.rb +0 -203
- data/lib/chef/knife/core/text_formatter.rb +0 -85
- data/lib/chef/knife/core/ui.rb +0 -338
- data/lib/chef/knife/core/windows_bootstrap_context.rb +0 -406
- data/lib/chef/knife/data_bag_create.rb +0 -81
- data/lib/chef/knife/data_bag_delete.rb +0 -49
- data/lib/chef/knife/data_bag_edit.rb +0 -74
- data/lib/chef/knife/data_bag_from_file.rb +0 -113
- data/lib/chef/knife/data_bag_list.rb +0 -42
- data/lib/chef/knife/data_bag_secret_options.rb +0 -122
- data/lib/chef/knife/data_bag_show.rb +0 -69
- data/lib/chef/knife/delete.rb +0 -125
- data/lib/chef/knife/deps.rb +0 -156
- data/lib/chef/knife/diff.rb +0 -83
- data/lib/chef/knife/download.rb +0 -84
- data/lib/chef/knife/edit.rb +0 -88
- data/lib/chef/knife/environment_compare.rb +0 -128
- data/lib/chef/knife/environment_create.rb +0 -52
- data/lib/chef/knife/environment_delete.rb +0 -44
- data/lib/chef/knife/environment_edit.rb +0 -44
- data/lib/chef/knife/environment_from_file.rb +0 -84
- data/lib/chef/knife/environment_list.rb +0 -41
- data/lib/chef/knife/environment_show.rb +0 -47
- data/lib/chef/knife/exec.rb +0 -99
- data/lib/chef/knife/group_add.rb +0 -55
- data/lib/chef/knife/group_create.rb +0 -49
- data/lib/chef/knife/group_destroy.rb +0 -53
- data/lib/chef/knife/group_remove.rb +0 -56
- data/lib/chef/knife/group_show.rb +0 -49
- data/lib/chef/knife/key_create.rb +0 -112
- data/lib/chef/knife/key_create_base.rb +0 -50
- data/lib/chef/knife/key_delete.rb +0 -55
- data/lib/chef/knife/key_edit.rb +0 -118
- data/lib/chef/knife/key_edit_base.rb +0 -55
- data/lib/chef/knife/key_list.rb +0 -90
- data/lib/chef/knife/key_list_base.rb +0 -45
- data/lib/chef/knife/key_show.rb +0 -53
- data/lib/chef/knife/list.rb +0 -177
- data/lib/chef/knife/node_bulk_delete.rb +0 -75
- data/lib/chef/knife/node_create.rb +0 -47
- data/lib/chef/knife/node_delete.rb +0 -46
- data/lib/chef/knife/node_edit.rb +0 -70
- data/lib/chef/knife/node_environment_set.rb +0 -53
- data/lib/chef/knife/node_from_file.rb +0 -51
- data/lib/chef/knife/node_list.rb +0 -44
- data/lib/chef/knife/node_policy_set.rb +0 -79
- data/lib/chef/knife/node_run_list_add.rb +0 -104
- data/lib/chef/knife/node_run_list_remove.rb +0 -67
- data/lib/chef/knife/node_run_list_set.rb +0 -66
- data/lib/chef/knife/node_show.rb +0 -63
- data/lib/chef/knife/null.rb +0 -12
- data/lib/chef/knife/raw.rb +0 -123
- data/lib/chef/knife/rehash.rb +0 -50
- data/lib/chef/knife/role_bulk_delete.rb +0 -66
- data/lib/chef/knife/role_create.rb +0 -53
- data/lib/chef/knife/role_delete.rb +0 -46
- data/lib/chef/knife/role_edit.rb +0 -45
- data/lib/chef/knife/role_env_run_list_add.rb +0 -87
- data/lib/chef/knife/role_env_run_list_clear.rb +0 -55
- data/lib/chef/knife/role_env_run_list_remove.rb +0 -57
- data/lib/chef/knife/role_env_run_list_replace.rb +0 -60
- data/lib/chef/knife/role_env_run_list_set.rb +0 -70
- data/lib/chef/knife/role_from_file.rb +0 -51
- data/lib/chef/knife/role_list.rb +0 -42
- data/lib/chef/knife/role_run_list_add.rb +0 -87
- data/lib/chef/knife/role_run_list_clear.rb +0 -55
- data/lib/chef/knife/role_run_list_remove.rb +0 -56
- data/lib/chef/knife/role_run_list_replace.rb +0 -60
- data/lib/chef/knife/role_run_list_set.rb +0 -69
- data/lib/chef/knife/role_show.rb +0 -48
- data/lib/chef/knife/search.rb +0 -194
- data/lib/chef/knife/serve.rb +0 -65
- data/lib/chef/knife/show.rb +0 -72
- data/lib/chef/knife/ssh.rb +0 -645
- data/lib/chef/knife/ssl_check.rb +0 -284
- data/lib/chef/knife/ssl_fetch.rb +0 -161
- data/lib/chef/knife/status.rb +0 -95
- data/lib/chef/knife/supermarket_download.rb +0 -121
- data/lib/chef/knife/supermarket_install.rb +0 -192
- data/lib/chef/knife/supermarket_list.rb +0 -76
- data/lib/chef/knife/supermarket_search.rb +0 -53
- data/lib/chef/knife/supermarket_share.rb +0 -166
- data/lib/chef/knife/supermarket_show.rb +0 -66
- data/lib/chef/knife/supermarket_unshare.rb +0 -61
- data/lib/chef/knife/tag_create.rb +0 -52
- data/lib/chef/knife/tag_delete.rb +0 -60
- data/lib/chef/knife/tag_list.rb +0 -47
- data/lib/chef/knife/upload.rb +0 -86
- data/lib/chef/knife/user_create.rb +0 -107
- data/lib/chef/knife/user_delete.rb +0 -44
- data/lib/chef/knife/user_dissociate.rb +0 -42
- data/lib/chef/knife/user_edit.rb +0 -52
- data/lib/chef/knife/user_invite_add.rb +0 -43
- data/lib/chef/knife/user_invite_list.rb +0 -34
- data/lib/chef/knife/user_invite_rescind.rb +0 -63
- data/lib/chef/knife/user_key_create.rb +0 -73
- data/lib/chef/knife/user_key_delete.rb +0 -80
- data/lib/chef/knife/user_key_edit.rb +0 -83
- data/lib/chef/knife/user_key_list.rb +0 -73
- data/lib/chef/knife/user_key_show.rb +0 -80
- data/lib/chef/knife/user_list.rb +0 -42
- data/lib/chef/knife/user_reregister.rb +0 -59
- data/lib/chef/knife/user_show.rb +0 -48
- data/lib/chef/knife/xargs.rb +0 -282
- data/lib/chef/knife/yaml_convert.rb +0 -91
- data/lib/chef/provider/package/yum/simplejson/LICENSE.txt +0 -79
- data/lib/chef/provider/package/yum/simplejson/__init__.py +0 -318
- data/lib/chef/provider/package/yum/simplejson/__init__.pyc +0 -0
- data/lib/chef/provider/package/yum/simplejson/decoder.py +0 -354
- data/lib/chef/provider/package/yum/simplejson/decoder.pyc +0 -0
- data/lib/chef/provider/package/yum/simplejson/encoder.py +0 -440
- data/lib/chef/provider/package/yum/simplejson/encoder.pyc +0 -0
- data/lib/chef/provider/package/yum/simplejson/scanner.py +0 -65
- data/lib/chef/provider/package/yum/simplejson/scanner.pyc +0 -0
- data/lib/chef/provider/package/yum/simplejson/tool.py +0 -37
- data/lib/chef/resource/user/dscl_user.rb +0 -35
- data/spec/functional/knife/configure_spec.rb +0 -33
- data/spec/functional/knife/cookbook_delete_spec.rb +0 -156
- data/spec/functional/knife/exec_spec.rb +0 -55
- data/spec/functional/knife/rehash_spec.rb +0 -39
- data/spec/functional/knife/smoke_test.rb +0 -42
- data/spec/functional/knife/ssh_spec.rb +0 -352
- data/spec/functional/resource/user/dscl_spec.rb +0 -188
- data/spec/functional/resource/windows_service_spec.rb +0 -105
- data/spec/functional/win32/service_manager_spec.rb +0 -220
- data/spec/integration/knife/chef_fs_data_store_spec.rb +0 -557
- data/spec/integration/knife/chef_repo_path_spec.rb +0 -962
- data/spec/integration/knife/chef_repository_file_system_spec.rb +0 -200
- data/spec/integration/knife/chefignore_spec.rb +0 -301
- data/spec/integration/knife/client_bulk_delete_spec.rb +0 -131
- data/spec/integration/knife/client_create_spec.rb +0 -70
- data/spec/integration/knife/client_delete_spec.rb +0 -64
- data/spec/integration/knife/client_key_create_spec.rb +0 -66
- data/spec/integration/knife/client_key_delete_spec.rb +0 -43
- data/spec/integration/knife/client_key_list_spec.rb +0 -61
- data/spec/integration/knife/client_key_show_spec.rb +0 -45
- data/spec/integration/knife/client_list_spec.rb +0 -49
- data/spec/integration/knife/client_show_spec.rb +0 -37
- data/spec/integration/knife/common_options_spec.rb +0 -174
- data/spec/integration/knife/config_list_spec.rb +0 -220
- data/spec/integration/knife/config_show_spec.rb +0 -192
- data/spec/integration/knife/config_use_spec.rb +0 -198
- data/spec/integration/knife/cookbook_api_ipv6_spec.rb +0 -113
- data/spec/integration/knife/cookbook_bulk_delete_spec.rb +0 -65
- data/spec/integration/knife/cookbook_download_spec.rb +0 -72
- data/spec/integration/knife/cookbook_list_spec.rb +0 -55
- data/spec/integration/knife/cookbook_show_spec.rb +0 -149
- data/spec/integration/knife/cookbook_upload_spec.rb +0 -128
- data/spec/integration/knife/data_bag_create_spec.rb +0 -125
- data/spec/integration/knife/data_bag_delete_spec.rb +0 -59
- data/spec/integration/knife/data_bag_edit_spec.rb +0 -105
- data/spec/integration/knife/data_bag_from_file_spec.rb +0 -116
- data/spec/integration/knife/data_bag_list_spec.rb +0 -44
- data/spec/integration/knife/data_bag_show_spec.rb +0 -95
- data/spec/integration/knife/delete_spec.rb +0 -1018
- data/spec/integration/knife/deps_spec.rb +0 -703
- data/spec/integration/knife/diff_spec.rb +0 -605
- data/spec/integration/knife/download_spec.rb +0 -1336
- data/spec/integration/knife/environment_compare_spec.rb +0 -75
- data/spec/integration/knife/environment_create_spec.rb +0 -41
- data/spec/integration/knife/environment_delete_spec.rb +0 -37
- data/spec/integration/knife/environment_from_file_spec.rb +0 -116
- data/spec/integration/knife/environment_list_spec.rb +0 -42
- data/spec/integration/knife/environment_show_spec.rb +0 -77
- data/spec/integration/knife/list_spec.rb +0 -1060
- data/spec/integration/knife/node_bulk_delete_spec.rb +0 -52
- data/spec/integration/knife/node_create_spec.rb +0 -47
- data/spec/integration/knife/node_delete_spec.rb +0 -48
- data/spec/integration/knife/node_environment_set_spec.rb +0 -46
- data/spec/integration/knife/node_from_file_spec.rb +0 -59
- data/spec/integration/knife/node_list_spec.rb +0 -45
- data/spec/integration/knife/node_run_list_add_spec.rb +0 -54
- data/spec/integration/knife/node_run_list_remove_spec.rb +0 -36
- data/spec/integration/knife/node_run_list_set_spec.rb +0 -41
- data/spec/integration/knife/node_show_spec.rb +0 -36
- data/spec/integration/knife/raw_spec.rb +0 -297
- data/spec/integration/knife/redirection_spec.rb +0 -64
- data/spec/integration/knife/role_bulk_delete_spec.rb +0 -52
- data/spec/integration/knife/role_create_spec.rb +0 -41
- data/spec/integration/knife/role_delete_spec.rb +0 -48
- data/spec/integration/knife/role_from_file_spec.rb +0 -96
- data/spec/integration/knife/role_list_spec.rb +0 -45
- data/spec/integration/knife/role_show_spec.rb +0 -51
- data/spec/integration/knife/search_node_spec.rb +0 -40
- data/spec/integration/knife/serve_spec.rb +0 -92
- data/spec/integration/knife/show_spec.rb +0 -197
- data/spec/integration/knife/upload_spec.rb +0 -1617
- data/spec/support/shared/functional/win32_service.rb +0 -57
- data/spec/unit/application/knife_spec.rb +0 -241
- data/spec/unit/chef_fs/parallelizer_spec.rb +0 -479
- data/spec/unit/cookbook_site_streaming_uploader_spec.rb +0 -198
- data/spec/unit/knife/bootstrap/chef_vault_handler_spec.rb +0 -152
- data/spec/unit/knife/bootstrap/client_builder_spec.rb +0 -207
- data/spec/unit/knife/bootstrap/train_connector_spec.rb +0 -244
- data/spec/unit/knife/bootstrap_spec.rb +0 -2220
- data/spec/unit/knife/client_bulk_delete_spec.rb +0 -166
- data/spec/unit/knife/client_create_spec.rb +0 -169
- data/spec/unit/knife/client_delete_spec.rb +0 -99
- data/spec/unit/knife/client_edit_spec.rb +0 -53
- data/spec/unit/knife/client_list_spec.rb +0 -34
- data/spec/unit/knife/client_reregister_spec.rb +0 -62
- data/spec/unit/knife/client_show_spec.rb +0 -52
- data/spec/unit/knife/configure_client_spec.rb +0 -81
- data/spec/unit/knife/configure_spec.rb +0 -190
- data/spec/unit/knife/cookbook_bulk_delete_spec.rb +0 -87
- data/spec/unit/knife/cookbook_delete_spec.rb +0 -239
- data/spec/unit/knife/cookbook_download_spec.rb +0 -255
- data/spec/unit/knife/cookbook_list_spec.rb +0 -88
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +0 -72
- data/spec/unit/knife/cookbook_metadata_spec.rb +0 -182
- data/spec/unit/knife/cookbook_show_spec.rb +0 -253
- data/spec/unit/knife/cookbook_upload_spec.rb +0 -364
- data/spec/unit/knife/core/bootstrap_context_spec.rb +0 -287
- data/spec/unit/knife/core/cookbook_scm_repo_spec.rb +0 -187
- data/spec/unit/knife/core/gem_glob_loader_spec.rb +0 -209
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +0 -112
- data/spec/unit/knife/core/node_editor_spec.rb +0 -211
- data/spec/unit/knife/core/object_loader_spec.rb +0 -81
- data/spec/unit/knife/core/status_presenter_spec.rb +0 -54
- data/spec/unit/knife/core/subcommand_loader_spec.rb +0 -64
- data/spec/unit/knife/core/ui_spec.rb +0 -656
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +0 -238
- data/spec/unit/knife/data_bag_create_spec.rb +0 -175
- data/spec/unit/knife/data_bag_edit_spec.rb +0 -126
- data/spec/unit/knife/data_bag_from_file_spec.rb +0 -174
- data/spec/unit/knife/data_bag_secret_options_spec.rb +0 -173
- data/spec/unit/knife/data_bag_show_spec.rb +0 -139
- data/spec/unit/knife/environment_compare_spec.rb +0 -112
- data/spec/unit/knife/environment_create_spec.rb +0 -91
- data/spec/unit/knife/environment_delete_spec.rb +0 -71
- data/spec/unit/knife/environment_edit_spec.rb +0 -79
- data/spec/unit/knife/environment_from_file_spec.rb +0 -90
- data/spec/unit/knife/environment_list_spec.rb +0 -54
- data/spec/unit/knife/environment_show_spec.rb +0 -52
- data/spec/unit/knife/key_create_spec.rb +0 -223
- data/spec/unit/knife/key_delete_spec.rb +0 -133
- data/spec/unit/knife/key_edit_spec.rb +0 -264
- data/spec/unit/knife/key_helper.rb +0 -74
- data/spec/unit/knife/key_list_spec.rb +0 -216
- data/spec/unit/knife/key_show_spec.rb +0 -126
- data/spec/unit/knife/node_bulk_delete_spec.rb +0 -94
- data/spec/unit/knife/node_delete_spec.rb +0 -77
- data/spec/unit/knife/node_edit_spec.rb +0 -116
- data/spec/unit/knife/node_environment_set_spec.rb +0 -61
- data/spec/unit/knife/node_from_file_spec.rb +0 -59
- data/spec/unit/knife/node_list_spec.rb +0 -62
- data/spec/unit/knife/node_policy_set_spec.rb +0 -122
- data/spec/unit/knife/node_run_list_add_spec.rb +0 -145
- data/spec/unit/knife/node_run_list_remove_spec.rb +0 -106
- data/spec/unit/knife/node_run_list_set_spec.rb +0 -115
- data/spec/unit/knife/node_show_spec.rb +0 -65
- data/spec/unit/knife/raw_spec.rb +0 -43
- data/spec/unit/knife/role_bulk_delete_spec.rb +0 -80
- data/spec/unit/knife/role_create_spec.rb +0 -80
- data/spec/unit/knife/role_delete_spec.rb +0 -67
- data/spec/unit/knife/role_edit_spec.rb +0 -77
- data/spec/unit/knife/role_env_run_list_add_spec.rb +0 -217
- data/spec/unit/knife/role_env_run_list_clear_spec.rb +0 -94
- data/spec/unit/knife/role_env_run_list_remove_spec.rb +0 -102
- data/spec/unit/knife/role_env_run_list_replace_spec.rb +0 -105
- data/spec/unit/knife/role_env_run_list_set_spec.rb +0 -99
- data/spec/unit/knife/role_from_file_spec.rb +0 -69
- data/spec/unit/knife/role_list_spec.rb +0 -54
- data/spec/unit/knife/role_run_list_add_spec.rb +0 -179
- data/spec/unit/knife/role_run_list_clear_spec.rb +0 -84
- data/spec/unit/knife/role_run_list_remove_spec.rb +0 -92
- data/spec/unit/knife/role_run_list_replace_spec.rb +0 -98
- data/spec/unit/knife/role_run_list_set_spec.rb +0 -89
- data/spec/unit/knife/role_show_spec.rb +0 -59
- data/spec/unit/knife/ssh_spec.rb +0 -403
- data/spec/unit/knife/ssl_check_spec.rb +0 -256
- data/spec/unit/knife/ssl_fetch_spec.rb +0 -222
- data/spec/unit/knife/status_spec.rb +0 -112
- data/spec/unit/knife/supermarket_download_spec.rb +0 -152
- data/spec/unit/knife/supermarket_install_spec.rb +0 -202
- data/spec/unit/knife/supermarket_list_spec.rb +0 -70
- data/spec/unit/knife/supermarket_search_spec.rb +0 -85
- data/spec/unit/knife/supermarket_share_spec.rb +0 -208
- data/spec/unit/knife/supermarket_unshare_spec.rb +0 -78
- data/spec/unit/knife/tag_create_spec.rb +0 -23
- data/spec/unit/knife/tag_delete_spec.rb +0 -25
- data/spec/unit/knife/tag_list_spec.rb +0 -23
- data/spec/unit/knife/user_create_spec.rb +0 -184
- data/spec/unit/knife/user_delete_spec.rb +0 -46
- data/spec/unit/knife/user_edit_spec.rb +0 -48
- data/spec/unit/knife/user_list_spec.rb +0 -36
- data/spec/unit/knife/user_reregister_spec.rb +0 -56
- data/spec/unit/knife/user_show_spec.rb +0 -46
- data/spec/unit/knife_spec.rb +0 -634
- data/spec/unit/provider/user/dscl_spec.rb +0 -699
- data/spec/unit/windows_service_spec.rb +0 -118
@@ -0,0 +1,19 @@
|
|
1
|
+
<?xml version="1.0" encoding="utf-8"?>
|
2
|
+
<configuration>
|
3
|
+
<appSettings>
|
4
|
+
<add key="debug" value="false" />
|
5
|
+
<% if @auth_token %>
|
6
|
+
<add key="ENV_HAB_AUTH_TOKEN" value="<%= @auth_token %>" />
|
7
|
+
<% end %>
|
8
|
+
<% if @gateway_auth_token %>
|
9
|
+
<add key="ENV_HAB_SUP_GATEWAY_AUTH_TOKEN" value="<%= @gateway_auth_token %>" />
|
10
|
+
<% end %>
|
11
|
+
<% if @bldr_url %>
|
12
|
+
<add key="ENV_HAB_BLDR_URL" value="<%= @bldr_url %>" />
|
13
|
+
<% end %>
|
14
|
+
<%if @exec_start_options %>
|
15
|
+
<add key="launcherArgs" value="--no-color <%= @exec_start_options %>" />
|
16
|
+
<% end %>
|
17
|
+
<add key="launcherPath" value="C:\Hab\pkgs\<%= `hab pkg list core/hab-launcher`.split().last %>\bin\hab-launch.exe"/>
|
18
|
+
</appSettings>
|
19
|
+
</configuration>
|
@@ -18,10 +18,17 @@
|
|
18
18
|
@pid_file
|
19
19
|
@policy_group
|
20
20
|
@policy_name
|
21
|
-
@ssl_verify_mode
|
21
|
+
@ssl_verify_mode
|
22
|
+
@policy_persist_run_list).each do |prop| -%>
|
22
23
|
<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
|
23
24
|
<%=prop.delete_prefix("@") %> <%= instance_variable_get(prop).inspect %>
|
24
25
|
<% end -%>
|
26
|
+
<%# ohai_disabled_plugins and ohai_optional_plugins properties don't match the config value perfectly-%>
|
27
|
+
<% %w(@ohai_disabled_plugins
|
28
|
+
@ohai_optional_plugins).each do |prop| -%>
|
29
|
+
<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
|
30
|
+
<%=prop.gsub("@ohai_", "ohai.") %> <%= instance_variable_get(prop).inspect %>
|
31
|
+
<% end -%>
|
25
32
|
<%# log_location is special due to STDOUT/STDERR from String -> IO Object -%>
|
26
33
|
<% unless @log_location.nil? %>
|
27
34
|
<% if @log_location.is_a?(String) && %w(STDOUT STDERR).include?(@log_location) -%>
|
@@ -0,0 +1,179 @@
|
|
1
|
+
# sup.toml
|
2
|
+
# Used for passing configuration options to the Chef Habitat supervisor
|
3
|
+
# This file is controlled by the 'habitat' cookbook and should not be modified by hand -- local modifications may be overwritten.
|
4
|
+
|
5
|
+
### The listen address for the Gossip Gateway
|
6
|
+
<% if @listen_gossip %>
|
7
|
+
listen_gossip = "<%= @listen_gossip %>"
|
8
|
+
<% end %>
|
9
|
+
|
10
|
+
### Start the supervisor in local mode
|
11
|
+
# local_gossip_mode =
|
12
|
+
|
13
|
+
### The listen address for the HTTP Gateway
|
14
|
+
<% if @listen_http %>
|
15
|
+
listen_http = "<%= @listen_http %>"
|
16
|
+
<% end %>
|
17
|
+
### Disable the HTTP Gateway completely
|
18
|
+
# http_disable =
|
19
|
+
|
20
|
+
### The listen address for the Control Gateway
|
21
|
+
<% if @listen_ctl %>
|
22
|
+
listen_ctl = "<%= @listen_ctl %>"
|
23
|
+
<% end %>
|
24
|
+
### The organization the Supervisor and its services are part of
|
25
|
+
<% if @organization %>
|
26
|
+
organization = "<%= @organization %>"
|
27
|
+
<% end %>
|
28
|
+
### The listen address of one or more initial peers (IP[:PORT])
|
29
|
+
<% if @peer %>
|
30
|
+
peer = <%= @peer %>
|
31
|
+
<% end %>
|
32
|
+
### Make this Supervisor a permanent peer
|
33
|
+
<% if @permanent_peer %>
|
34
|
+
permanent_peer = <%= @permanent_peer %>
|
35
|
+
<% end %>
|
36
|
+
### Watch this file for connecting to the ring
|
37
|
+
# peer_watch_file =
|
38
|
+
|
39
|
+
### Cache for creating and searching for encryption keys
|
40
|
+
# cache_key_path =
|
41
|
+
|
42
|
+
### The name of the ring used by the Supervisor when running with wire encryption
|
43
|
+
<% if @ring %>
|
44
|
+
ring = "<%= @ring %>"
|
45
|
+
<% end %>
|
46
|
+
### Use the package config from this path rather than the package itself
|
47
|
+
# config_from =
|
48
|
+
|
49
|
+
### Enable automatic updates for the Supervisor itself
|
50
|
+
<% if @auto_update %>
|
51
|
+
auto_update = <%= @auto_update %>
|
52
|
+
<% end %>
|
53
|
+
### The period of time in seconds between Supervisor update checks
|
54
|
+
# auto_update_period =
|
55
|
+
|
56
|
+
### The period of time in seconds between service update checks
|
57
|
+
# service_update_period =
|
58
|
+
|
59
|
+
### The private key for HTTP Gateway TLS encryption
|
60
|
+
###
|
61
|
+
### Read the private key from KEY_FILE. This should be an RSA private key or PKCS8-encoded private key in PEM format.
|
62
|
+
# key_file =
|
63
|
+
|
64
|
+
### The server certificates for HTTP Gateway TLS encryption
|
65
|
+
###
|
66
|
+
### Read server certificates from CERT_FILE. This should contain PEM-format certificates in the right order. The first certificate should certify KEY_FILE. The last should be a root CA.
|
67
|
+
# cert_file =
|
68
|
+
|
69
|
+
### The CA certificate for HTTP Gateway TLS encryption
|
70
|
+
###
|
71
|
+
### Read the CA certificate from CA_CERT_FILE. This should contain PEM-format certificate that can be used to validate client requests
|
72
|
+
# ca_cert_file =
|
73
|
+
|
74
|
+
### Load a Habitat package as part of the Supervisor startup
|
75
|
+
###
|
76
|
+
### The package can be specified by a package identifier (ex: core/redis) or filepath to a Habitat artifact (ex: /home/core-redis-3.0.7-21120102031201-x86_64-linux.hart).
|
77
|
+
# pkg_ident_or_artifact =
|
78
|
+
|
79
|
+
### Verbose output showing file and line/column numbers
|
80
|
+
# verbose =
|
81
|
+
|
82
|
+
### Turn ANSI color off
|
83
|
+
# no_color =
|
84
|
+
|
85
|
+
### Use structured JSON logging for the Supervisor
|
86
|
+
###
|
87
|
+
### This option also sets NO_COLOR.
|
88
|
+
# json_logging =
|
89
|
+
|
90
|
+
### The IPv4 address to use as the `sys.ip` template variable
|
91
|
+
###
|
92
|
+
### If this argument is not set, the supervisor tries to dynamically determine an IP address. If that fails, the supervisor defaults to using `127.0.0.1`.
|
93
|
+
# sys_ip_address =
|
94
|
+
|
95
|
+
### The name of the application for event stream purposes
|
96
|
+
###
|
97
|
+
### This will be attached to all events generated by this Supervisor.
|
98
|
+
<% if @event_stream_application %>
|
99
|
+
event_stream_application = "<%= @event_stream_application %>"
|
100
|
+
<% end %>
|
101
|
+
### The name of the environment for event stream purposes
|
102
|
+
###
|
103
|
+
### This will be attached to all events generated by this Supervisor.
|
104
|
+
<% if @event_stream_environment %>
|
105
|
+
event_stream_environment = "<%= @event_stream_environment %>"
|
106
|
+
<% end %>
|
107
|
+
### Event stream connection timeout before exiting the Supervisor
|
108
|
+
###
|
109
|
+
### Set to '0' to immediately start the Supervisor and continue running regardless of the initial connection status.
|
110
|
+
# event_stream_connect_timeout =
|
111
|
+
|
112
|
+
### The event stream connection url used to send events to Chef Automate
|
113
|
+
###
|
114
|
+
### This enables the event stream and requires EVENT_STREAM_APPLICATION, EVENT_STREAM_ENVIRONMENT, and EVENT_STREAM_TOKEN also be set.
|
115
|
+
<% if @event_stream_url %>
|
116
|
+
event_stream_url = "<%= @event_stream_url %>"
|
117
|
+
<% end %>
|
118
|
+
### The name of the site where this Supervisor is running for event stream purposes
|
119
|
+
<% if @event_stream_site %>
|
120
|
+
event_stream_site = "<%= @event_stream_site %>"
|
121
|
+
<% end %>
|
122
|
+
### The authentication token for connecting the event stream to Chef Automate
|
123
|
+
<% if @event_stream_token %>
|
124
|
+
event_stream_token = "<%= @event_stream_token %>"
|
125
|
+
<% end %>
|
126
|
+
### An arbitrary key-value pair to add to each event generated by this Supervisor
|
127
|
+
# event_meta = []
|
128
|
+
|
129
|
+
### The path to Chef Automate's event stream certificate used to establish a TLS connection
|
130
|
+
###
|
131
|
+
### The certificate should be in PEM format.
|
132
|
+
<% if @event_stream_server_certificate %>
|
133
|
+
event_stream_server_certificate = "<%= @event_stream_server_certificate %>"
|
134
|
+
<% end %>
|
135
|
+
### Automatically cleanup old packages
|
136
|
+
###
|
137
|
+
### The Supervisor will automatically cleanup old packages only keeping the KEEP_LATEST_PACKAGES latest packages. If this argument is not specified, no automatic package cleanup is performed.
|
138
|
+
<% if @keep_latest_packages %>
|
139
|
+
keep_latest_packages = "<%= @keep_latest_packages %>"
|
140
|
+
<% end %>
|
141
|
+
### Receive updates from the specified release channel
|
142
|
+
# channel =
|
143
|
+
|
144
|
+
### Specify an alternate Builder endpoint. If not specified, the value will be taken from the HAB_BLDR_URL environment variable if defined. (default: https://bldr.habitat.sh)
|
145
|
+
<% if @bldr_url %>
|
146
|
+
bldr_url = "<%= @bldr_url %>"
|
147
|
+
<% end %>
|
148
|
+
### The service group with shared config and topology
|
149
|
+
# group =
|
150
|
+
|
151
|
+
### Service topology
|
152
|
+
# topology =
|
153
|
+
|
154
|
+
### The update strategy
|
155
|
+
# strategy =
|
156
|
+
|
157
|
+
### The condition dictating when this service should update
|
158
|
+
###
|
159
|
+
### latest: Runs the latest package that can be found in the configured channel and local packages.
|
160
|
+
###
|
161
|
+
### track-channel: Always run what is at the head of a given channel. This enables service rollback where demoting a package from a channel will cause the package to rollback to an older version of the package. A ramification of enabling this condition is packages newer than the package at the head of the channel will be automatically uninstalled during a service rollback.
|
162
|
+
<% if @update_condition %>
|
163
|
+
update_condition = "<%= @update_condition %>"
|
164
|
+
<% end %>
|
165
|
+
### One or more service groups to bind to a configuration
|
166
|
+
# bind = []
|
167
|
+
|
168
|
+
### Governs how the presence or absence of binds affects service startup
|
169
|
+
###
|
170
|
+
### strict: blocks startup until all binds are present.
|
171
|
+
# binding_mode =
|
172
|
+
|
173
|
+
### The interval in seconds on which to run health checks
|
174
|
+
# health_check_interval =
|
175
|
+
|
176
|
+
### The delay in seconds after sending the shutdown signal to wait before killing the service process
|
177
|
+
###
|
178
|
+
### The default value can be set in the packages plan file.
|
179
|
+
# shutdown_timeout =
|
@@ -63,9 +63,7 @@ class Chef
|
|
63
63
|
property :swappiness, Integer,
|
64
64
|
description: "The swappiness value to set on the system."
|
65
65
|
|
66
|
-
action :create do
|
67
|
-
description "Create a swapfile."
|
68
|
-
|
66
|
+
action :create, description: "Create a swapfile." do
|
69
67
|
if swap_enabled?
|
70
68
|
Chef::Log.debug("#{new_resource} already created - nothing to do")
|
71
69
|
else
|
@@ -85,9 +83,7 @@ class Chef
|
|
85
83
|
end
|
86
84
|
end
|
87
85
|
|
88
|
-
action :remove do
|
89
|
-
description "Remove a swapfile and disable swap."
|
90
|
-
|
86
|
+
action :remove, description: "Remove a swapfile and disable swap." do
|
91
87
|
swapoff if swap_enabled?
|
92
88
|
remove_swapfile if ::File.exist?(new_resource.path)
|
93
89
|
end
|
data/lib/chef/resource/sysctl.rb
CHANGED
@@ -131,9 +131,7 @@ class Chef
|
|
131
131
|
|
132
132
|
end
|
133
133
|
|
134
|
-
action :apply do
|
135
|
-
description "Apply a sysctl value."
|
136
|
-
|
134
|
+
action :apply, description: "Apply a sysctl value." do
|
137
135
|
converge_if_changed do
|
138
136
|
# set it temporarily
|
139
137
|
set_sysctl_param(new_resource.key, new_resource.value)
|
@@ -152,9 +150,7 @@ class Chef
|
|
152
150
|
end
|
153
151
|
end
|
154
152
|
|
155
|
-
action :remove do
|
156
|
-
description "Remove a sysctl value."
|
157
|
-
|
153
|
+
action :remove, description: "Remove a sysctl value." do
|
158
154
|
# only converge the resource if the file actually exists to delete
|
159
155
|
if ::File.exist?("#{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf")
|
160
156
|
converge_by "removing sysctl config at #{new_resource.conf_dir}/99-chef-#{new_resource.key.tr("/", ".")}.conf" do
|
@@ -34,7 +34,7 @@ class Chef
|
|
34
34
|
|
35
35
|
```ruby
|
36
36
|
systemd_unit 'etcd.service' do
|
37
|
-
content(
|
37
|
+
content(Unit: {
|
38
38
|
Description: 'Etcd',
|
39
39
|
Documentation: ['https://coreos.com/etcd', 'man:etcd(1)'],
|
40
40
|
After: 'network.target',
|
@@ -46,7 +46,7 @@ class Chef
|
|
46
46
|
},
|
47
47
|
Install: {
|
48
48
|
WantedBy: 'multi-user.target',
|
49
|
-
}
|
49
|
+
})
|
50
50
|
action [:create, :enable]
|
51
51
|
end
|
52
52
|
```
|
@@ -61,7 +61,7 @@ class Chef
|
|
61
61
|
|
62
62
|
property :variables, Hash,
|
63
63
|
description: "The variables property of the template resource can be used to reference a partial template file by using a Hash.",
|
64
|
-
default:
|
64
|
+
default: {}
|
65
65
|
|
66
66
|
property :cookbook, String,
|
67
67
|
description: "The cookbook in which a file is located (if it is not located in the current cookbook). The default value is the current cookbook.",
|
@@ -119,9 +119,7 @@ class Chef
|
|
119
119
|
end
|
120
120
|
end
|
121
121
|
|
122
|
-
action :set do
|
123
|
-
description "Set the timezone."
|
124
|
-
|
122
|
+
action :set, description: "Set the system timezone." do
|
125
123
|
# we have to check windows first since the value isn't case sensitive here
|
126
124
|
if windows?
|
127
125
|
unless current_windows_tz.casecmp?(new_resource.timezone)
|
@@ -78,7 +78,7 @@ class Chef
|
|
78
78
|
coerce: proc { |m| m.end_with?(".conf") ? m : m + ".conf" },
|
79
79
|
default: lazy { |r| r.username == "*" ? "00_all_limits.conf" : "#{r.username}_limits.conf" }
|
80
80
|
|
81
|
-
action :create do
|
81
|
+
action :create, description: "Create a ulimit configuration file." do
|
82
82
|
template "/etc/security/limits.d/#{new_resource.filename}" do
|
83
83
|
source ::File.expand_path("support/ulimit.erb", __dir__)
|
84
84
|
local true
|
@@ -106,7 +106,7 @@ class Chef
|
|
106
106
|
end
|
107
107
|
end
|
108
108
|
|
109
|
-
action :delete do
|
109
|
+
action :delete, description: "Delete an existing ulimit configuration file." do
|
110
110
|
file "/etc/security/limits.d/#{new_resource.filename}" do
|
111
111
|
action :delete
|
112
112
|
end
|
@@ -97,9 +97,7 @@ class Chef
|
|
97
97
|
property :sensitive, [TrueClass, FalseClass],
|
98
98
|
default: true, desired_state: false
|
99
99
|
|
100
|
-
action :join do
|
101
|
-
description "Join the Active Directory domain."
|
102
|
-
|
100
|
+
action :join, description: "Join the Active Directory domain." do
|
103
101
|
unless on_desired_domain?
|
104
102
|
cmd = "$pswd = ConvertTo-SecureString \'#{new_resource.domain_password}\' -AsPlainText -Force;"
|
105
103
|
cmd << "$credential = New-Object System.Management.Automation.PSCredential (\"#{sanitize_usename}\",$pswd);"
|
@@ -129,9 +127,7 @@ class Chef
|
|
129
127
|
end
|
130
128
|
end
|
131
129
|
|
132
|
-
action :leave do
|
133
|
-
description "Leave the Active Directory domain."
|
134
|
-
|
130
|
+
action :leave, description: "Leave an Active Directory domain and re-join a workgroup." do
|
135
131
|
if joined_to_domain?
|
136
132
|
cmd = ""
|
137
133
|
cmd << "$pswd = ConvertTo-SecureString \'#{new_resource.domain_password}\' -AsPlainText -Force;"
|
@@ -106,7 +106,7 @@ class Chef
|
|
106
106
|
|
107
107
|
```ruby
|
108
108
|
windows_audit_policy "Set Audit Policy for 'Credential Validation' actions to 'Success'" do
|
109
|
-
subcategory
|
109
|
+
subcategory 'Credential Validation'
|
110
110
|
success true
|
111
111
|
failure false
|
112
112
|
action :set
|
@@ -152,7 +152,7 @@ class Chef
|
|
152
152
|
property :audit_base_directories, [true, false],
|
153
153
|
description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of container objects such as directories."
|
154
154
|
|
155
|
-
action :set do
|
155
|
+
action :set, description: "Configure an audit policy." do
|
156
156
|
unless new_resource.subcategory.nil?
|
157
157
|
new_resource.subcategory.each do |subcategory|
|
158
158
|
next if subcategory_configured?(subcategory, new_resource.success, new_resource.failure)
|
@@ -57,8 +57,7 @@ class Chef
|
|
57
57
|
|
58
58
|
alias_method :program, :path
|
59
59
|
|
60
|
-
action :create do
|
61
|
-
description "Create an item to be run at login."
|
60
|
+
action :create, description: "Create an item to be run at login." do
|
62
61
|
|
63
62
|
data = "\"#{new_resource.path}\""
|
64
63
|
data << " #{new_resource.args}" if new_resource.args
|
@@ -73,9 +72,7 @@ class Chef
|
|
73
72
|
end
|
74
73
|
end
|
75
74
|
|
76
|
-
action :remove do
|
77
|
-
description "Remove an item that was previously setup to run at login"
|
78
|
-
|
75
|
+
action :remove, description: "Remove an item that was previously configured to run at login." do
|
79
76
|
registry_key registry_path do
|
80
77
|
values [{
|
81
78
|
name: new_resource.program_name,
|
@@ -19,6 +19,7 @@
|
|
19
19
|
|
20
20
|
require_relative "../util/path_helper"
|
21
21
|
require_relative "../resource"
|
22
|
+
require_relative "../exceptions"
|
22
23
|
module Win32
|
23
24
|
autoload :Certstore, "win32-certstore" if Chef::Platform.windows?
|
24
25
|
end
|
@@ -62,11 +63,11 @@ class Chef
|
|
62
63
|
DOC
|
63
64
|
|
64
65
|
property :source, String,
|
65
|
-
description: "The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete) if it differs from the resource block's name.",
|
66
|
+
description: "The source file (for `create` and `acl_add`), thumbprint (for `delete`, `export`, and `acl_add`), or subject (for `delete` or `export`) if it differs from the resource block's name.",
|
66
67
|
name_property: true
|
67
68
|
|
68
69
|
property :pfx_password, String,
|
69
|
-
description: "The password to access the
|
70
|
+
description: "The password to access the object with if it is a PFX file."
|
70
71
|
|
71
72
|
property :private_key_acl, Array,
|
72
73
|
description: "An array of 'domain\\account' entries to be granted read-only access to the certificate's private key. Not idempotent."
|
@@ -79,8 +80,7 @@ class Chef
|
|
79
80
|
description: "Use the `CurrentUser` store instead of the default `LocalMachine` store. Note: Prior to #{ChefUtils::Dist::Infra::CLIENT}. 16.10 this property was ignored.",
|
80
81
|
default: false
|
81
82
|
|
82
|
-
|
83
|
-
description: "The path to the certificate."
|
83
|
+
deprecated_property_alias :cert_path, :output_path, "The cert_path property was renamed output_path in the 17.0 release of #{ChefUtils::Dist::Infra::CLIENT}. Please update your cookbooks to use the new property name."
|
84
84
|
|
85
85
|
# lazy used to set default value of sensitive to true if password is set
|
86
86
|
property :sensitive, [TrueClass, FalseClass],
|
@@ -92,19 +92,20 @@ class Chef
|
|
92
92
|
default: false,
|
93
93
|
introduced: "16.8"
|
94
94
|
|
95
|
-
|
96
|
-
description "
|
95
|
+
property :output_path, String,
|
96
|
+
description: "A path on the node where a certificate object (PFX, PEM, CER, KEY, etc) can be exported to.",
|
97
|
+
introduced: "17.0"
|
97
98
|
|
98
|
-
|
99
|
-
ext =
|
99
|
+
action :create, description: "Creates or updates a certificate." do
|
100
|
+
ext = get_file_extension(new_resource.source)
|
100
101
|
|
101
102
|
# PFX certificates contains private keys and we import them with some other approach
|
102
|
-
import_certificates(fetch_cert_object(ext), (ext == ".pfx"))
|
103
|
+
# import_certificates(fetch_cert_object(ext), (ext == ".pfx"))
|
104
|
+
import_certificates(fetch_cert_object_from_file(ext), (ext == ".pfx"))
|
103
105
|
end
|
104
106
|
|
105
107
|
# acl_add is a modify-if-exists operation : not idempotent
|
106
|
-
action :acl_add do
|
107
|
-
description "Adds read-only entries to a certificate's private key ACL."
|
108
|
+
action :acl_add, description: "Adds read-only entries to a certificate's private key ACL." do
|
108
109
|
|
109
110
|
if ::File.exist?(new_resource.source)
|
110
111
|
hash = "$cert.GetCertHashString()"
|
@@ -127,9 +128,9 @@ class Chef
|
|
127
128
|
end
|
128
129
|
end
|
129
130
|
|
130
|
-
action :delete do
|
131
|
-
description "Deletes a certificate."
|
131
|
+
action :delete, description: "Deletes a certificate." do
|
132
132
|
cert_obj = fetch_cert
|
133
|
+
|
133
134
|
if cert_obj
|
134
135
|
converge_by("Deleting certificate #{new_resource.source} from Store #{new_resource.store_name}") do
|
135
136
|
delete_cert
|
@@ -139,20 +140,27 @@ class Chef
|
|
139
140
|
end
|
140
141
|
end
|
141
142
|
|
142
|
-
action :fetch do
|
143
|
-
|
143
|
+
action :fetch, description: "Fetches a certificate." do
|
144
|
+
unless new_resource.output_path
|
145
|
+
raise Chef::Exceptions::ResourceNotFound, "You must include an output_path parameter when calling the fetch action"
|
146
|
+
end
|
147
|
+
|
148
|
+
if ::File.extname(new_resource.output_path) == ".pfx"
|
149
|
+
powershell_exec!(pfx_ps_cmd(resolve_thumbprint(new_resource.source), store_location: ps_cert_location, store_name: new_resource.store_name, output_path: new_resource.output_path, password: new_resource.pfx_password ))
|
150
|
+
else
|
151
|
+
cert_obj = fetch_cert
|
152
|
+
end
|
144
153
|
|
145
|
-
cert_obj = fetch_cert
|
146
154
|
if cert_obj
|
147
|
-
|
155
|
+
converge_by("Fetching certificate #{new_resource.source} from Store \\#{ps_cert_location}\\#{new_resource.store_name}") do
|
156
|
+
export_cert(cert_obj, output_path: new_resource.output_path, store_name: new_resource.store_name , store_location: ps_cert_location, pfx_password: new_resource.pfx_password)
|
157
|
+
end
|
148
158
|
else
|
149
159
|
Chef::Log.debug("Certificate not found")
|
150
160
|
end
|
151
161
|
end
|
152
162
|
|
153
|
-
action :verify do
|
154
|
-
description ""
|
155
|
-
|
163
|
+
action :verify, description: "Verifies a certificate and logs the result." do
|
156
164
|
out = verify_cert
|
157
165
|
if !!out == out
|
158
166
|
out = out ? "Certificate is valid" : "Certificate not valid"
|
@@ -161,6 +169,7 @@ class Chef
|
|
161
169
|
end
|
162
170
|
|
163
171
|
action_class do
|
172
|
+
@local_pfx_path = ""
|
164
173
|
|
165
174
|
CERT_SYSTEM_STORE_LOCAL_MACHINE = 0x00020000
|
166
175
|
CERT_SYSTEM_STORE_CURRENT_USER = 0x00010000
|
@@ -170,10 +179,10 @@ class Chef
|
|
170
179
|
store.add(cert_obj)
|
171
180
|
end
|
172
181
|
|
173
|
-
def add_pfx_cert
|
182
|
+
def add_pfx_cert(path)
|
174
183
|
exportable = new_resource.exportable ? 1 : 0
|
175
184
|
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
|
176
|
-
store.add_pfx(
|
185
|
+
store.add_pfx(path, new_resource.pfx_password, exportable)
|
177
186
|
end
|
178
187
|
|
179
188
|
def delete_cert
|
@@ -183,12 +192,66 @@ class Chef
|
|
183
192
|
|
184
193
|
def fetch_cert
|
185
194
|
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
|
186
|
-
|
195
|
+
if new_resource.output_path && ::File.extname(new_resource.output_path) == ".key"
|
196
|
+
fetch_key
|
197
|
+
|
198
|
+
else
|
199
|
+
store.get(resolve_thumbprint(new_resource.source), store_name: new_resource.store_name, store_location: native_cert_location)
|
200
|
+
end
|
201
|
+
end
|
202
|
+
|
203
|
+
def fetch_key
|
204
|
+
require "openssl" unless defined?(OpenSSL)
|
205
|
+
file_name = ::File.basename(new_resource.output_path, ::File.extname(new_resource.output_path))
|
206
|
+
directory = ::File.dirname(new_resource.output_path)
|
207
|
+
pfx_file = file_name + ".pfx"
|
208
|
+
new_pfx_output_path = ::File.join(Chef::FileCache.create_cache_path("pfx_files"), pfx_file)
|
209
|
+
powershell_exec(pfx_ps_cmd(resolve_thumbprint(new_resource.source), store_location: ps_cert_location, store_name: new_resource.store_name, output_path: new_pfx_output_path, password: new_resource.pfx_password ))
|
210
|
+
pkcs12 = OpenSSL::PKCS12.new(::File.binread(new_pfx_output_path), new_resource.pfx_password)
|
211
|
+
f = ::File.open(new_resource.output_path, "w")
|
212
|
+
f.write(pkcs12.key.to_s)
|
213
|
+
f.flush
|
214
|
+
f.close
|
215
|
+
end
|
216
|
+
|
217
|
+
def get_file_extension(file_name)
|
218
|
+
if is_file?(file_name)
|
219
|
+
::File.extname(file_name)
|
220
|
+
elsif is_url?(file_name)
|
221
|
+
require "open-uri" unless defined?(OpenURI)
|
222
|
+
uri = URI.parse(file_name)
|
223
|
+
output_file = ::File.basename(uri.path)
|
224
|
+
::File.extname(output_file)
|
225
|
+
end
|
226
|
+
end
|
227
|
+
|
228
|
+
def get_file_name(path_name)
|
229
|
+
if is_file?(path_name)
|
230
|
+
::File.extname(path_name)
|
231
|
+
elsif is_url?(path_name)
|
232
|
+
require "open-uri" unless defined?(OpenURI)
|
233
|
+
uri = URI.parse(path_name)
|
234
|
+
::File.basename(uri.path)
|
235
|
+
end
|
236
|
+
end
|
237
|
+
|
238
|
+
def is_url?(source)
|
239
|
+
require "uri" unless defined?(URI)
|
240
|
+
uri = URI.parse(source)
|
241
|
+
uri.is_a?(URI::HTTP) || uri.is_a?(URI::HTTPS)
|
242
|
+
end
|
243
|
+
|
244
|
+
def is_file?(source)
|
245
|
+
::File.file?(source)
|
246
|
+
end
|
247
|
+
|
248
|
+
def is_file?(source)
|
249
|
+
::File.file?(source)
|
187
250
|
end
|
188
251
|
|
189
252
|
# Thumbprints should be exactly 40 Hex characters
|
190
253
|
def valid_thumbprint?(string)
|
191
|
-
string.
|
254
|
+
string.match?(/[0-9A-Fa-f]/) && string.length == 40
|
192
255
|
end
|
193
256
|
|
194
257
|
def get_thumbprint(store_name, location, source)
|
@@ -213,53 +276,27 @@ class Chef
|
|
213
276
|
|
214
277
|
def verify_cert(thumbprint = new_resource.source)
|
215
278
|
store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
|
216
|
-
|
217
|
-
|
218
|
-
|
219
|
-
def show_or_store_cert(cert_obj)
|
220
|
-
if new_resource.cert_path
|
221
|
-
export_cert(cert_obj, new_resource.cert_path)
|
222
|
-
if ::File.size(new_resource.cert_path) > 0
|
223
|
-
Chef::Log.info("Certificate export in #{new_resource.cert_path}")
|
224
|
-
else
|
225
|
-
::File.delete(new_resource.cert_path)
|
226
|
-
end
|
279
|
+
if new_resource.pfx_password.nil?
|
280
|
+
store.valid?(resolve_thumbprint(thumbprint), store_location: native_cert_location, store_name: new_resource.store_name )
|
227
281
|
else
|
228
|
-
|
282
|
+
store.valid?(resolve_thumbprint(thumbprint), store_location: native_cert_location, store_name: new_resource.store_name)
|
229
283
|
end
|
230
284
|
end
|
231
285
|
|
232
|
-
def export_cert(cert_obj, cert_path)
|
233
|
-
out_file = ::File.new(cert_path, "w+")
|
234
|
-
case ::File.extname(cert_path)
|
235
|
-
when ".pem"
|
236
|
-
out_file.puts(cert_obj.to_pem)
|
237
|
-
when ".der"
|
238
|
-
out_file.puts(cert_obj.to_der)
|
239
|
-
when ".cer"
|
240
|
-
cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout
|
241
|
-
out_file.puts(cert_out)
|
242
|
-
when ".crt"
|
243
|
-
cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CRT").stdout
|
244
|
-
out_file.puts(cert_out)
|
245
|
-
when ".pfx"
|
246
|
-
cert_out = shell_out("openssl pkcs12 -export -nokeys -in #{cert_obj.to_pem} -outform PFX").stdout
|
247
|
-
out_file.puts(cert_out)
|
248
|
-
when ".p7b"
|
249
|
-
cert_out = shell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout
|
250
|
-
out_file.puts(cert_out)
|
251
|
-
else
|
252
|
-
Chef::Log.info("Supported certificate format .pem, .der, .cer, .crt, .pfx and .p7b")
|
253
|
-
end
|
254
|
-
out_file.close
|
255
|
-
end
|
256
|
-
|
257
286
|
# this array structure is solving 2 problems. The first is that we need to have support for both the CurrentUser AND LocalMachine stores
|
258
287
|
# Secondly, we need to pass the proper constant name for each store to win32-certstore but also pass the short name to powershell scripts used here
|
259
288
|
def ps_cert_location
|
260
289
|
new_resource.user_store ? "CurrentUser" : "LocalMachine"
|
261
290
|
end
|
262
291
|
|
292
|
+
def pfx_ps_cmd(thumbprint, store_location: "LocalMachine", store_name: "My", output_path:, password: )
|
293
|
+
<<-CMD
|
294
|
+
$my_pwd = ConvertTo-SecureString -String "#{password}" -Force -AsPlainText
|
295
|
+
$cert = Get-ChildItem -path cert:\\#{store_location}\\#{store_name} -Recurse | Where { $_.Thumbprint -eq "#{thumbprint.upcase}" }
|
296
|
+
Export-PfxCertificate -Cert $cert -FilePath "#{output_path}" -Password $my_pwd
|
297
|
+
CMD
|
298
|
+
end
|
299
|
+
|
263
300
|
def native_cert_location
|
264
301
|
new_resource.user_store ? CERT_SYSTEM_STORE_CURRENT_USER : CERT_SYSTEM_STORE_LOCAL_MACHINE
|
265
302
|
end
|
@@ -338,8 +375,50 @@ class Chef
|
|
338
375
|
#
|
339
376
|
# @raise [OpenSSL::PKCS12::PKCS12Error] When incorrect password is provided for PFX certificate
|
340
377
|
#
|
341
|
-
|
342
|
-
|
378
|
+
|
379
|
+
def fetch_cert_object_from_file(ext)
|
380
|
+
if is_file?(new_resource.source)
|
381
|
+
begin
|
382
|
+
::File.exist?(new_resource.source)
|
383
|
+
contents = ::File.binread(new_resource.source)
|
384
|
+
rescue => exception
|
385
|
+
message = "Unable to load the certificate object from the specified local path : #{new_resource.source}\n"
|
386
|
+
message << exception.message
|
387
|
+
raise Chef::Exceptions::FileNotFound, message
|
388
|
+
end
|
389
|
+
elsif is_url?(new_resource.source)
|
390
|
+
require "uri" unless defined?(URI)
|
391
|
+
uri = URI(new_resource.source)
|
392
|
+
state = uri.is_a?(URI::HTTP) && !uri.host.nil? ? true : false
|
393
|
+
if state
|
394
|
+
begin
|
395
|
+
output_file_name = get_file_name(new_resource.source)
|
396
|
+
unless Dir.exist?(Chef::Config[:file_cache_path])
|
397
|
+
Dir.mkdir(Chef::Config[:file_cache_path])
|
398
|
+
end
|
399
|
+
local_path = ::File.join(Chef::Config[:file_cache_path], output_file_name)
|
400
|
+
@local_pfx_path = local_path
|
401
|
+
::File.open(local_path, "wb") do |file|
|
402
|
+
file.write URI.open(new_resource.source).read
|
403
|
+
end
|
404
|
+
rescue => exception
|
405
|
+
message = "Not Able to Download Certificate Object at the URL specified : #{new_resource.source}\n"
|
406
|
+
message << exception.message
|
407
|
+
raise Chef::Exceptions::FileNotFound, message
|
408
|
+
end
|
409
|
+
|
410
|
+
contents = ::File.binread(local_path)
|
411
|
+
|
412
|
+
else
|
413
|
+
message = "Not Able to Download Certificate Object at the URL specified : #{new_resource.source}\n"
|
414
|
+
message << exception.message
|
415
|
+
raise Chef::Exceptions::InvalidRemoteFileURI, message
|
416
|
+
end
|
417
|
+
else
|
418
|
+
message = "You passed an invalid file or url to import. Please check the spelling and try again."
|
419
|
+
message << exception.message
|
420
|
+
raise Chef::Exceptions::ArgumentError, message
|
421
|
+
end
|
343
422
|
|
344
423
|
case ext
|
345
424
|
when ".pfx"
|
@@ -356,24 +435,79 @@ class Chef
|
|
356
435
|
end
|
357
436
|
end
|
358
437
|
|
438
|
+
def export_cert(cert_obj, output_path:, store_name:, store_location:, pfx_password:)
|
439
|
+
# Delete the cert if it exists. This is non-destructive in that it only removes the file and not the entire path.
|
440
|
+
# We want to ensure we're not randomly loading an old stinky cert.
|
441
|
+
if ::File.exists?(output_path)
|
442
|
+
::File.delete(output_path)
|
443
|
+
end
|
444
|
+
|
445
|
+
unless ::File.directory?(::File.dirname(output_path))
|
446
|
+
FileUtils.mkdir_p(::File.dirname(output_path))
|
447
|
+
end
|
448
|
+
|
449
|
+
out_file = ::File.new(output_path, "w+")
|
450
|
+
|
451
|
+
case ::File.extname(output_path)
|
452
|
+
when ".pem"
|
453
|
+
out_file.puts(cert_obj)
|
454
|
+
when ".der"
|
455
|
+
out_file.puts(cert_obj.to_der)
|
456
|
+
when ".cer"
|
457
|
+
cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout
|
458
|
+
out_file.puts(cert_out)
|
459
|
+
when ".crt"
|
460
|
+
cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj} -outform CRT").stdout
|
461
|
+
out_file.puts(cert_out)
|
462
|
+
when ".pfx"
|
463
|
+
pfx_ps_cmd(resolve_thumbprint(new_resource.source), store_location: store_location, store_name: store_name, output_path: output_path, password: pfx_password )
|
464
|
+
when ".p7b"
|
465
|
+
cert_out = shell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout
|
466
|
+
out_file.puts(cert_out)
|
467
|
+
when ".key"
|
468
|
+
out_file.puts(cert_obj)
|
469
|
+
else
|
470
|
+
Chef::Log.info("Supported certificate format .pem, .der, .cer, .crt, and .p7b")
|
471
|
+
end
|
472
|
+
|
473
|
+
out_file.close
|
474
|
+
end
|
475
|
+
|
359
476
|
# Imports the certificate object into cert store
|
360
477
|
#
|
361
478
|
# @param cert_objs [OpenSSL::X509::Certificate] Object containing certificate's attributes
|
362
479
|
#
|
363
480
|
# @param is_pfx [Boolean] true if we want to import a PFX certificate
|
364
481
|
#
|
365
|
-
def import_certificates(cert_objs, is_pfx)
|
482
|
+
def import_certificates(cert_objs, is_pfx, store_name: new_resource.store_name, store_location: native_cert_location)
|
366
483
|
[cert_objs].flatten.each do |cert_obj|
|
367
|
-
thumbprint = OpenSSL::Digest.new("SHA1", cert_obj.to_der).to_s
|
368
|
-
#
|
369
|
-
#
|
370
|
-
|
371
|
-
|
372
|
-
|
373
|
-
|
374
|
-
|
375
|
-
|
484
|
+
# thumbprint = OpenSSL::Digest.new("SHA1", cert_obj.to_der).to_s
|
485
|
+
# pkcs = OpenSSL::PKCS12.new(cert_obj, new_resource.pfx_password)
|
486
|
+
# cert = OpenSSL::X509::Certificate.new(pkcs.certificate.to_pem)
|
487
|
+
thumbprint = OpenSSL::Digest.new("SHA1", cert_obj.to_der).to_s
|
488
|
+
if is_pfx
|
489
|
+
if verify_cert(thumbprint) == true
|
490
|
+
Chef::Log.debug("Certificate is already present")
|
491
|
+
else
|
492
|
+
if is_file?(new_resource.source)
|
493
|
+
converge_by("Creating a PFX #{new_resource.source} for Store #{new_resource.store_name}") do
|
494
|
+
add_pfx_cert(new_resource.source)
|
495
|
+
end
|
496
|
+
elsif is_url?(new_resource.source)
|
497
|
+
converge_by("Creating a PFX #{@local_pfx_path} for Store #{new_resource.store_name}") do
|
498
|
+
add_pfx_cert(@local_pfx_path)
|
499
|
+
end
|
376
500
|
else
|
501
|
+
message = "You passed an invalid file or url to import. Please check the spelling and try again."
|
502
|
+
message << exception.message
|
503
|
+
raise Chef::Exceptions::ArgumentError, message
|
504
|
+
end
|
505
|
+
end
|
506
|
+
else
|
507
|
+
if verify_cert(thumbprint) == true
|
508
|
+
Chef::Log.debug("Certificate is already present")
|
509
|
+
else
|
510
|
+
converge_by("Creating a certificate #{new_resource.source} for Store #{new_resource.store_name}") do
|
377
511
|
add_cert(cert_obj)
|
378
512
|
end
|
379
513
|
end
|