chef 16.17.51-universal-mingw32 → 17.0.242-universal-mingw32

data/lib/chef/resource/windows_certificate.rb

@@ -19,6 +19,7 @@
 
 require_relative "../util/path_helper"
 require_relative "../resource"
+require_relative "../exceptions"
 module Win32
   autoload :Certstore, "win32-certstore" if Chef::Platform.windows?
 end
@@ -62,11 +63,11 @@ class Chef
       DOC
 
       property :source, String,
-        description: "The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete) if it differs from the resource block's name.",
+        description: "The source file (for `create` and `acl_add`), thumbprint (for `delete`, `export`, and `acl_add`), or subject (for `delete` or `export`) if it differs from the resource block's name.",
         name_property: true
 
       property :pfx_password, String,
-        description: "The password to access the source if it is a pfx file."
+        description: "The password to access the object with if it is a PFX file."
 
       property :private_key_acl, Array,
         description: "An array of 'domain\\account' entries to be granted read-only access to the certificate's private key. Not idempotent."
@@ -79,8 +80,7 @@ class Chef
         description: "Use the `CurrentUser` store instead of the default `LocalMachine` store. Note: Prior to #{ChefUtils::Dist::Infra::CLIENT}. 16.10 this property was ignored.",
         default: false
 
-      property :cert_path, String,
-        description: "The path to the certificate."
+      deprecated_property_alias :cert_path, :output_path, "The cert_path property was renamed output_path in the 17.0 release of #{ChefUtils::Dist::Infra::CLIENT}. Please update your cookbooks to use the new property name."
 
       # lazy used to set default value of sensitive to true if password is set
       property :sensitive, [TrueClass, FalseClass],
@@ -92,19 +92,20 @@ class Chef
         default: false,
         introduced: "16.8"
 
-      action :create do
-        description "Creates or updates a certificate."
+      property :output_path, String,
+        description: "A path on the node where a certificate object (PFX, PEM, CER, KEY, etc) can be exported to.",
+        introduced: "17.0"
 
-        # Extension of the certificate
-        ext = ::File.extname(new_resource.source)
+      action :create, description: "Creates or updates a certificate." do
+        ext = get_file_extension(new_resource.source)
 
         # PFX certificates contains private keys and we import them with some other approach
-        import_certificates(fetch_cert_object(ext), (ext == ".pfx"))
+        # import_certificates(fetch_cert_object(ext), (ext == ".pfx"))
+        import_certificates(fetch_cert_object_from_file(ext), (ext == ".pfx"))
       end
 
       # acl_add is a modify-if-exists operation : not idempotent
-      action :acl_add do
-        description "Adds read-only entries to a certificate's private key ACL."
+      action :acl_add, description: "Adds read-only entries to a certificate's private key ACL." do
 
         if ::File.exist?(new_resource.source)
           hash = "$cert.GetCertHashString()"
@@ -127,9 +128,9 @@ class Chef
         end
       end
 
-      action :delete do
-        description "Deletes a certificate."
+      action :delete, description: "Deletes a certificate." do
         cert_obj = fetch_cert
+
         if cert_obj
           converge_by("Deleting certificate #{new_resource.source} from Store #{new_resource.store_name}") do
             delete_cert
@@ -139,20 +140,27 @@ class Chef
         end
       end
 
-      action :fetch do
-        description "Fetches a certificate."
+      action :fetch, description: "Fetches a certificate." do
+        unless new_resource.output_path
+          raise Chef::Exceptions::ResourceNotFound, "You must include an output_path parameter when calling the fetch action"
+        end
+
+        if ::File.extname(new_resource.output_path) == ".pfx"
+          powershell_exec!(pfx_ps_cmd(resolve_thumbprint(new_resource.source), store_location: ps_cert_location, store_name: new_resource.store_name, output_path: new_resource.output_path, password: new_resource.pfx_password ))
+        else
+          cert_obj = fetch_cert
+        end
 
-        cert_obj = fetch_cert
         if cert_obj
-          show_or_store_cert(cert_obj)
+          converge_by("Fetching certificate #{new_resource.source} from Store \\#{ps_cert_location}\\#{new_resource.store_name}") do
+            export_cert(cert_obj, output_path: new_resource.output_path, store_name: new_resource.store_name , store_location: ps_cert_location, pfx_password: new_resource.pfx_password)
+          end
         else
           Chef::Log.debug("Certificate not found")
         end
       end
 
-      action :verify do
-        description ""
-
+      action :verify, description: "Verifies a certificate and logs the result" do
         out = verify_cert
         if !!out == out
           out = out ? "Certificate is valid" : "Certificate not valid"
@@ -161,6 +169,7 @@ class Chef
       end
 
       action_class do
+        @local_pfx_path = ""
 
         CERT_SYSTEM_STORE_LOCAL_MACHINE                    = 0x00020000
         CERT_SYSTEM_STORE_CURRENT_USER                     = 0x00010000
@@ -170,10 +179,10 @@ class Chef
           store.add(cert_obj)
         end
 
-        def add_pfx_cert
+        def add_pfx_cert(path)
           exportable = new_resource.exportable ? 1 : 0
           store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
-          store.add_pfx(new_resource.source, new_resource.pfx_password, exportable)
+          store.add_pfx(path, new_resource.pfx_password, exportable)
         end
 
         def delete_cert
@@ -183,12 +192,66 @@ class Chef
 
         def fetch_cert
           store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
-          store.get(resolve_thumbprint(new_resource.source))
+          if new_resource.output_path && ::File.extname(new_resource.output_path) == ".key"
+            fetch_key
+
+          else
+            store.get(resolve_thumbprint(new_resource.source), store_name: new_resource.store_name, store_location: native_cert_location)
+          end
+        end
+
+        def fetch_key
+          require "openssl" unless defined?(OpenSSL)
+          file_name = ::File.basename(new_resource.output_path, ::File.extname(new_resource.output_path))
+          directory = ::File.dirname(new_resource.output_path)
+          pfx_file = file_name + ".pfx"
+          new_pfx_output_path = ::File.join(Chef::FileCache.create_cache_path("pfx_files"), pfx_file)
+          powershell_exec(pfx_ps_cmd(resolve_thumbprint(new_resource.source), store_location: ps_cert_location, store_name: new_resource.store_name, output_path: new_pfx_output_path, password: new_resource.pfx_password ))
+          pkcs12 = OpenSSL::PKCS12.new(::File.binread(new_pfx_output_path), new_resource.pfx_password)
+          f = ::File.open(new_resource.output_path, "w")
+          f.write(pkcs12.key.to_s)
+          f.flush
+          f.close
+        end
+
+        def get_file_extension(file_name)
+          if is_file?(file_name)
+            ::File.extname(file_name)
+          elsif is_url?(file_name)
+            require "open-uri" unless defined?(OpenURI)
+            uri = URI.parse(file_name)
+            output_file = ::File.basename(uri.path)
+            ::File.extname(output_file)
+          end
+        end
+
+        def get_file_name(path_name)
+          if is_file?(path_name)
+            ::File.extname(path_name)
+          elsif is_url?(path_name)
+            require "open-uri" unless defined?(OpenURI)
+            uri = URI.parse(path_name)
+            ::File.basename(uri.path)
+          end
+        end
+
+        def is_url?(source)
+          require "uri" unless defined?(URI)
+          uri = URI.parse(source)
+          uri.is_a?(URI::HTTP) || uri.is_a?(URI::HTTPS)
+        end
+
+        def is_file?(source)
+          ::File.file?(source)
+        end
+
+        def is_file?(source)
+          ::File.file?(source)
         end
 
         # Thumbprints should be exactly 40 Hex characters
         def valid_thumbprint?(string)
-          string.scan(/\H/).empty? && string.length == 40
+          string.match?(/[0-9A-Fa-f]/) && string.length == 40
         end
 
         def get_thumbprint(store_name, location, source)
@@ -213,53 +276,27 @@ class Chef
 
         def verify_cert(thumbprint = new_resource.source)
           store = ::Win32::Certstore.open(new_resource.store_name, store_location: native_cert_location)
-          store.valid?(resolve_thumbprint(thumbprint))
-        end
-
-        def show_or_store_cert(cert_obj)
-          if new_resource.cert_path
-            export_cert(cert_obj, new_resource.cert_path)
-            if ::File.size(new_resource.cert_path) > 0
-              Chef::Log.info("Certificate export in #{new_resource.cert_path}")
-            else
-              ::File.delete(new_resource.cert_path)
-            end
+          if new_resource.pfx_password.nil?
+            store.valid?(resolve_thumbprint(thumbprint), store_location: native_cert_location, store_name: new_resource.store_name )
           else
-            Chef::Log.info(cert_obj.display)
+            store.valid?(resolve_thumbprint(thumbprint), store_location: native_cert_location, store_name: new_resource.store_name)
           end
         end
 
-        def export_cert(cert_obj, cert_path)
-          out_file = ::File.new(cert_path, "w+")
-          case ::File.extname(cert_path)
-          when ".pem"
-            out_file.puts(cert_obj.to_pem)
-          when ".der"
-            out_file.puts(cert_obj.to_der)
-          when ".cer"
-            cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout
-            out_file.puts(cert_out)
-          when ".crt"
-            cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CRT").stdout
-            out_file.puts(cert_out)
-          when ".pfx"
-            cert_out = shell_out("openssl pkcs12 -export -nokeys -in #{cert_obj.to_pem} -outform PFX").stdout
-            out_file.puts(cert_out)
-          when ".p7b"
-            cert_out = shell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout
-            out_file.puts(cert_out)
-          else
-            Chef::Log.info("Supported certificate format .pem, .der, .cer, .crt, .pfx and .p7b")
-          end
-          out_file.close
-        end
-
         # this array structure is solving 2 problems. The first is that we need to have support for both the CurrentUser AND LocalMachine stores
         # Secondly, we need to pass the proper constant name for each store to win32-certstore but also pass the short name to powershell scripts used here
         def ps_cert_location
           new_resource.user_store ? "CurrentUser" : "LocalMachine"
         end
 
+        def pfx_ps_cmd(thumbprint, store_location: "LocalMachine", store_name: "My", output_path:, password: )
+          <<-CMD
+            $my_pwd = ConvertTo-SecureString -String "#{password}" -Force -AsPlainText
+            $cert = Get-ChildItem -path cert:\\#{store_location}\\#{store_name} -Recurse | Where { $_.Thumbprint -eq "#{thumbprint.upcase}" }
+            Export-PfxCertificate -Cert $cert -FilePath "#{output_path}" -Password $my_pwd
+          CMD
+        end
+
         def native_cert_location
           new_resource.user_store ? CERT_SYSTEM_STORE_CURRENT_USER : CERT_SYSTEM_STORE_LOCAL_MACHINE
         end
@@ -338,8 +375,50 @@ class Chef
         #
         # @raise [OpenSSL::PKCS12::PKCS12Error] When incorrect password is provided for PFX certificate
         #
-        def fetch_cert_object(ext)
-          contents = ::File.binread(new_resource.source)
+
+        def fetch_cert_object_from_file(ext)
+          if is_file?(new_resource.source)
+            begin
+              ::File.exist?(new_resource.source)
+              contents = ::File.binread(new_resource.source)
+            rescue => exception
+              message = "Unable to load the certificate object from the specified local path : #{new_resource.source}\n"
+              message << exception.message
+              raise Chef::Exceptions::FileNotFound, message
+            end
+          elsif is_url?(new_resource.source)
+            require "uri" unless defined?(URI)
+            uri = URI(new_resource.source)
+            state = uri.is_a?(URI::HTTP) && !uri.host.nil? ? true : false
+            if state
+              begin
+                output_file_name = get_file_name(new_resource.source)
+                unless Dir.exist?(Chef::Config[:file_cache_path])
+                  Dir.mkdir(Chef::Config[:file_cache_path])
+                end
+                local_path = ::File.join(Chef::Config[:file_cache_path], output_file_name)
+                @local_pfx_path = local_path
+                ::File.open(local_path, "wb") do |file|
+                  file.write URI.open(new_resource.source).read
+                end
+              rescue => exception
+                message = "Not Able to Download Certificate Object at the URL specified : #{new_resource.source}\n"
+                message << exception.message
+                raise Chef::Exceptions::FileNotFound, message
+              end
+
+              contents = ::File.binread(local_path)
+
+            else
+              message = "Not Able to Download Certificate Object at the URL specified : #{new_resource.source}\n"
+              message << exception.message
+              raise Chef::Exceptions::InvalidRemoteFileURI, message
+            end
+          else
+            message = "You passed an invalid file or url to import. Please check the spelling and try again."
+            message << exception.message
+            raise Chef::Exceptions::ArgumentError, message
+          end
 
           case ext
           when ".pfx"
@@ -356,24 +435,79 @@ class Chef
           end
         end
 
+        def export_cert(cert_obj, output_path:, store_name:, store_location:, pfx_password:)
+          # Delete the cert if it exists. This is non-destructive in that it only removes the file and not the entire path.
+          # We want to ensure we're not randomly loading an old stinky cert.
+          if ::File.exists?(output_path)
+            ::File.delete(output_path)
+          end
+
+          unless ::File.directory?(::File.dirname(output_path))
+            FileUtils.mkdir_p(::File.dirname(output_path))
+          end
+
+          out_file = ::File.new(output_path, "w+")
+
+          case ::File.extname(output_path)
+          when ".pem"
+            out_file.puts(cert_obj)
+          when ".der"
+            out_file.puts(cert_obj.to_der)
+          when ".cer"
+            cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout
+            out_file.puts(cert_out)
+          when ".crt"
+            cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj} -outform CRT").stdout
+            out_file.puts(cert_out)
+          when ".pfx"
+            pfx_ps_cmd(resolve_thumbprint(new_resource.source), store_location: store_location, store_name: store_name, output_path: output_path, password: pfx_password )
+          when ".p7b"
+            cert_out = shell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout
+            out_file.puts(cert_out)
+          when ".key"
+            out_file.puts(cert_obj)
+          else
+            Chef::Log.info("Supported certificate format .pem, .der, .cer, .crt, and .p7b")
+          end
+
+          out_file.close
+        end
+
         # Imports the certificate object into cert store
         #
         # @param cert_objs [OpenSSL::X509::Certificate] Object containing certificate's attributes
         #
         # @param is_pfx [Boolean] true if we want to import a PFX certificate
         #
-        def import_certificates(cert_objs, is_pfx)
+        def import_certificates(cert_objs, is_pfx, store_name: new_resource.store_name, store_location: native_cert_location)
           [cert_objs].flatten.each do |cert_obj|
-            thumbprint = OpenSSL::Digest.new("SHA1", cert_obj.to_der).to_s # Fetch its thumbprint
-            # Need to check if return value is Boolean:true
-            # If not then the given certificate should be added in certstore
-            if verify_cert(thumbprint) == true
-              Chef::Log.debug("Certificate is already present")
-            else
-              converge_by("Adding certificate #{new_resource.source} into #{ps_cert_location} Store #{new_resource.store_name}") do
-                if is_pfx
-                  add_pfx_cert
+            # thumbprint = OpenSSL::Digest.new("SHA1", cert_obj.to_der).to_s
+            # pkcs = OpenSSL::PKCS12.new(cert_obj, new_resource.pfx_password)
+            # cert = OpenSSL::X509::Certificate.new(pkcs.certificate.to_pem)
+            thumbprint = OpenSSL::Digest.new("SHA1", cert_obj.to_der).to_s
+            if is_pfx
+              if verify_cert(thumbprint) == true
+                Chef::Log.debug("Certificate is already present")
+              else
+                if is_file?(new_resource.source)
+                  converge_by("Creating a PFX #{new_resource.source} for Store #{new_resource.store_name}") do
+                    add_pfx_cert(new_resource.source)
+                  end
+                elsif is_url?(new_resource.source)
+                  converge_by("Creating a PFX #{@local_pfx_path} for Store #{new_resource.store_name}") do
+                    add_pfx_cert(@local_pfx_path)
+                  end
                 else
+                  message = "You passed an invalid file or url to import. Please check the spelling and try again."
+                  message << exception.message
+                  raise Chef::Exceptions::ArgumentError, message
+                end
+              end
+            else
+              if verify_cert(thumbprint) == true
+                Chef::Log.debug("Certificate is already present")
+              else
+                converge_by("Creating a certificate #{new_resource.source} for Store #{new_resource.store_name}") do
                   add_cert(cert_obj)
                 end
               end

data/lib/chef/resource/windows_dfs_folder.rb

@@ -42,9 +42,7 @@ class Chef
       property :description, String,
         description: "Description for the share."
 
-      action :create do
-        description "Creates the folder in dfs namespace."
-
+      action :create, description: "Creates the folder in dfs namespace" do
         raise "target_path is required for install" unless property_is_set?(:target_path)
         raise "description is required for install" unless property_is_set?(:description)
 
@@ -62,9 +60,7 @@ class Chef
         end
       end
 
-      action :delete do
-        description "Deletes the folder in the dfs namespace."
-
+      action :delete, description: "Deletes the folder in the dfs namespace" do
         powershell_script "Delete DFS Namespace" do
           code <<-EOH
             Remove-DfsnFolder -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}\\#{new_resource.folder_path}' -Force

data/lib/chef/resource/windows_dfs_namespace.rb

@@ -52,9 +52,7 @@ class Chef
         description: "The root from which to create the DFS tree. Defaults to C:\\DFSRoots.",
         default: 'C:\\DFSRoots'
 
-      action :create do
-        description "Creates the dfs namespace on the server."
-
+      action :create, description: "Creates the dfs namespace on the server" do
         directory file_path do
           action :create
           recursive true
@@ -84,9 +82,7 @@ class Chef
         end
       end
 
-      action :delete do
-        description "Deletes a DFS Namespace including the directory on disk."
-
+      action :delete, description: "Deletes a DFS Namespace including the directory on disk" do
         powershell_script "Delete DFS Namespace" do
           code <<-EOH
             Remove-DfsnRoot -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}' -Force

data/lib/chef/resource/windows_dfs_server.rb

@@ -65,9 +65,7 @@ class Chef
         sync_interval_secs results["SyncIntervalSec"]
       end
 
-      action :configure do
-        description "Configure DFS settings."
-
+      action :configure, description: "Configure DFS settings" do
         converge_if_changed do
           dfs_cmd = "Set-DfsnServerConfiguration -ComputerName '#{ENV["COMPUTERNAME"]}' -UseFqdn $#{new_resource.use_fqdn} -LdapTimeoutSec #{new_resource.ldap_timeout_secs} -SyncIntervalSec #{new_resource.sync_interval_secs}"
           dfs_cmd << " -EnableSiteCostedReferrals $#{new_resource.enable_site_costed_referrals}" if new_resource.enable_site_costed_referrals != current_resource.enable_site_costed_referrals

data/lib/chef/resource/windows_dns_record.rb

@@ -49,9 +49,7 @@ class Chef
         default: "localhost",
         introduced: "16.3"
 
-      action :create do
-        description "Creates and updates the DNS entry."
-
+      action :create, description: "Creates and updates the DNS entry" do
         windows_feature "RSAT-DNS-Server" do
           not_if new_resource.dns_server.casecmp?("localhost")
         end
@@ -61,9 +59,7 @@ class Chef
         run_dsc_resource "Present"
       end
 
-      action :delete do
-        description "Deletes a DNS entry."
-
+      action :delete, description: "Deletes a DNS entry" do
         windows_feature "RSAT-DNS-Server" do
           not_if new_resource.dns_server.casecmp?("localhost")
         end

data/lib/chef/resource/windows_dns_zone.rb

@@ -40,17 +40,13 @@ class Chef
         description: "The type of DNS server, Domain or Standalone.",
         default: "Domain", equal_to: %w{Domain Standalone}
 
-      action :create do
-        description "Creates and updates a DNS Zone."
-
+      action :create, description: "Creates and updates a DNS Zone" do
         powershell_package "xDnsServer"
 
         run_dsc_resource "Present"
       end
 
-      action :delete do
-        description "Deletes a DNS Zone."
-
+      action :delete, description: "Deletes a DNS Zone" do
         powershell_package "xDnsServer"
 
         run_dsc_resource "Absent"

data/lib/chef/resource/windows_env.rb

@@ -19,6 +19,7 @@
 
 require_relative "../resource"
 require_relative "../mixin/windows_env_helper"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -28,7 +29,7 @@ class Chef
       provides :windows_env
       provides :env # backwards compat with the pre-Chef 14 resource name
 
-      description "Use the **windows_env** resource to manage environment keys in Microsoft Windows. After an environment key is set, Microsoft Windows must be restarted before the environment key will be available to the Task Scheduler."
+      description "Use the **windows_env** resource to manage environment keys in Microsoft Windows. After an environment key is set, Microsoft Windows must be restarted before the environment key will be available to the Task Scheduler.\n\nThis resource was previously called the **env** resource; its name was updated in #{ChefUtils::Dist::Infra::PRODUCT} 14.0 to reflect the fact that only Windows is supported. Existing cookbooks using `env` will continue to function, but should be updated to use the new name. Note: On UNIX-based systems, the best way to manipulate environment keys is with the `ENV` variable in Ruby; however, this approach does not have the same permanent effect as using the windows_env resource."
       examples <<~DOC
       **Set an environment variable**:
 
@@ -192,7 +193,7 @@ class Chef
         end
       end
 
-      action :create do
+      action :create, description: "Create an environment variable. If an environment variable already exists (but does not match), update that environment variable to match." do
         if key_exists?
           if requires_modify_or_create?
             modify_env
@@ -206,7 +207,7 @@ class Chef
         end
       end
 
-      action :delete do
+      action :delete, description: "Delete an environment variable." do
         if ( ENV[new_resource.key_name] || key_exists? ) && !delete_element
           delete_env
           logger.info("#{new_resource} deleted")
@@ -214,7 +215,7 @@ class Chef
         end
       end
 
-      action :modify do
+      action :modify, description: "Modify an existing environment variable. This prepends the new value to the existing value, using the delimiter specified by the `delim` property." do
         if key_exists?
           if requires_modify_or_create?
             modify_env

data/lib/chef/resource/windows_feature.rb

@@ -108,21 +108,15 @@ class Chef
         default: 600,
         desired_state: false
 
-      action :install do
-        description "Install a Windows role/feature"
-
+      action :install, description: "Install a Windows role / feature" do
         run_default_subresource :install
       end
 
-      action :remove do
-        description "Remove a Windows role/feature"
-
+      action :remove, description: "Remove a Windows role / feature" do
         run_default_subresource :remove
       end
 
-      action :delete do
-        description "Remove a Windows role/feature from the image"
-
+      action :delete, description: "Remove a Windows role/feature from the image" do
         run_default_subresource :delete
       end
 

data/lib/chef/resource/windows_feature_dism.rb

@@ -91,9 +91,7 @@ class Chef
         end
       end
 
-      action :remove do
-        description "Remove a Windows role/feature using DISM"
-
+      action :remove, description: "Remove a Windows role / feature using DISM" do
         reload_cached_dism_data unless node["dism_features_cache"]
 
         logger.trace("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
@@ -108,9 +106,7 @@ class Chef
         end
       end
 
-      action :delete do
-        description "Remove a Windows role/feature from the image using DISM"
-
+      action :delete, description: "Remove a Windows role / feature from the image using DISM" do
         reload_cached_dism_data unless node["dism_features_cache"]
 
         fail_if_unavailable # fail if the features don't exist

data/lib/chef/resource/windows_feature_powershell.rb

@@ -87,7 +87,7 @@ class Chef
         x.map(&:downcase)
       end
 
-      action :install do
+      action :install, description: "Install a Windows role / feature using PowerShell" do
         reload_cached_powershell_data unless node["powershell_features_cache"]
         fail_if_unavailable # fail if the features don't exist
         fail_if_removed # fail if the features are in removed state
@@ -108,7 +108,7 @@ class Chef
         end
       end
 
-      action :remove do
+      action :remove, description: "Remove a Windows role / feature using PowerShell" do
         reload_cached_powershell_data unless node["powershell_features_cache"]
 
         Chef::Log.debug("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
@@ -123,7 +123,7 @@ class Chef
         end
       end
 
-      action :delete do
+      action :delete, description: "Delete a Windows role / feature from the image using PowerShell" do
         reload_cached_powershell_data unless node["powershell_features_cache"]
 
         fail_if_unavailable # fail if the features don't exist

data/lib/chef/resource/windows_firewall_profile.rb

@@ -81,8 +81,8 @@ class Chef
       property :allow_unicast_response, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow unicast responses to multicast and broadcast messages"
       property :display_notification, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Display a notification when firewall blocks certain activity"
 
-      load_current_value do |desired|
-        ps_get_net_fw_profile = load_firewall_state(desired.profile)
+      load_current_value do |new_resource|
+        ps_get_net_fw_profile = load_firewall_state(new_resource.profile)
         output = powershell_exec(ps_get_net_fw_profile)
         if output.result.empty?
           current_value_does_not_exist!
@@ -121,7 +121,7 @@ class Chef
         end
       end
 
-      action :enable do
+      action :enable, description: "Enable and optionally configure a Windows Firewall profile" do
         converge_if_changed :default_inbound_action, :default_outbound_action, :allow_inbound_rules, :allow_local_firewall_rules,
           :allow_local_ipsec_rules, :allow_user_apps, :allow_user_ports, :allow_unicast_response, :display_notification do
             fw_cmd = firewall_command(new_resource.profile)
@@ -135,7 +135,7 @@ class Chef
         end
       end
 
-      action :disable do
+      action :disable, description: "Disable a Windows Firewall profile" do
         if firewall_enabled?(new_resource.profile)
           converge_by "Disable the #{new_resource.profile} Firewall Profile" do
             cmd = "Set-NetFirewallProfile -Profile #{new_resource.profile} -Enabled \"False\""