chef 16.2.44-universal-mingw32 → 16.4.35-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/Rakefile +3 -16
- data/chef-universal-mingw32.gemspec +2 -3
- data/chef.gemspec +4 -3
- data/lib/chef/action_collection.rb +4 -0
- data/lib/chef/api_client/registration.rb +2 -2
- data/lib/chef/application.rb +13 -1
- data/lib/chef/application/apply.rb +6 -5
- data/lib/chef/application/windows_service.rb +27 -27
- data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
- data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
- data/lib/chef/chef_class.rb +0 -1
- data/lib/chef/chef_fs/chef_fs_data_store.rb +54 -54
- data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
- data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
- data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
- data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
- data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
- data/lib/chef/client.rb +14 -14
- data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
- data/lib/chef/cookbook/syntax_check.rb +1 -2
- data/lib/chef/cookbook_loader.rb +15 -29
- data/lib/chef/data_bag.rb +1 -2
- data/lib/chef/data_collector/run_end_message.rb +11 -1
- data/lib/chef/deprecated.rb +8 -0
- data/lib/chef/digester.rb +3 -2
- data/lib/chef/dsl/platform_introspection.rb +9 -7
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
- data/lib/chef/environment.rb +3 -4
- data/lib/chef/exceptions.rb +4 -1
- data/lib/chef/file_access_control/windows.rb +2 -2
- data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
- data/lib/chef/file_content_management/tempfile.rb +9 -9
- data/lib/chef/handler.rb +2 -0
- data/lib/chef/http.rb +12 -12
- data/lib/chef/http/authenticator.rb +3 -1
- data/lib/chef/json_compat.rb +1 -1
- data/lib/chef/knife.rb +4 -4
- data/lib/chef/knife/bootstrap.rb +18 -15
- data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
- data/lib/chef/knife/config_get.rb +1 -0
- data/lib/chef/knife/config_list_profiles.rb +4 -1
- data/lib/chef/knife/config_use_profile.rb +15 -5
- data/lib/chef/knife/configure.rb +1 -1
- data/lib/chef/knife/cookbook_download.rb +1 -1
- data/lib/chef/knife/cookbook_metadata.rb +1 -1
- data/lib/chef/knife/cookbook_upload.rb +29 -37
- data/lib/chef/knife/core/bootstrap_context.rb +1 -1
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/generic_presenter.rb +1 -1
- data/lib/chef/knife/core/hashed_command_loader.rb +3 -2
- data/lib/chef/knife/core/subcommand_loader.rb +20 -1
- data/lib/chef/knife/core/ui.rb +8 -2
- data/lib/chef/knife/core/windows_bootstrap_context.rb +33 -26
- data/lib/chef/knife/delete.rb +15 -15
- data/lib/chef/knife/exec.rb +2 -2
- data/lib/chef/knife/rehash.rb +3 -21
- data/lib/chef/knife/ssh.rb +11 -7
- data/lib/chef/knife/xargs.rb +19 -19
- data/lib/chef/knife/yaml_convert.rb +1 -1
- data/lib/chef/log.rb +7 -2
- data/lib/chef/mixin/checksum.rb +0 -1
- data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
- data/lib/chef/mixin/deep_merge.rb +35 -6
- data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
- data/lib/chef/mixin/openssl_helper.rb +30 -6
- data/lib/chef/mixin/path_sanity.rb +5 -4
- data/lib/chef/mixin/shell_out.rb +4 -188
- data/lib/chef/mixin/template.rb +1 -0
- data/lib/chef/mixin/which.rb +6 -3
- data/lib/chef/mixins.rb +1 -0
- data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
- data/lib/chef/node.rb +36 -12
- data/lib/chef/node/attribute.rb +2 -4
- data/lib/chef/node_map.rb +21 -18
- data/lib/chef/platform/service_helpers.rb +31 -28
- data/lib/chef/property.rb +1 -1
- data/lib/chef/provider/cron/unix.rb +0 -2
- data/lib/chef/provider/git.rb +17 -9
- data/lib/chef/provider/group.rb +0 -2
- data/lib/chef/provider/group/suse.rb +5 -5
- data/lib/chef/provider/ifconfig.rb +1 -4
- data/lib/chef/provider/mount.rb +0 -2
- data/lib/chef/provider/mount/solaris.rb +0 -1
- data/lib/chef/provider/package.rb +0 -2
- data/lib/chef/provider/package/rubygems.rb +1 -1
- data/lib/chef/provider/package/snap.rb +3 -4
- data/lib/chef/provider/package/windows.rb +9 -4
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +9 -9
- data/lib/chef/provider/package/zypper.rb +0 -1
- data/lib/chef/provider/powershell_script.rb +21 -5
- data/lib/chef/provider/route.rb +1 -1
- data/lib/chef/provider/service.rb +2 -2
- data/lib/chef/provider/service/arch.rb +1 -1
- data/lib/chef/provider/service/debian.rb +1 -1
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +2 -2
- data/lib/chef/provider/service/openbsd.rb +1 -4
- data/lib/chef/provider/service/redhat.rb +2 -2
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +10 -10
- data/lib/chef/provider/systemd_unit.rb +0 -2
- data/lib/chef/provider/template/content.rb +1 -0
- data/lib/chef/provider/user/dscl.rb +2 -2
- data/lib/chef/provider/user/mac.rb +9 -9
- data/lib/chef/provider/windows_task.rb +0 -3
- data/lib/chef/provider/yum_repository.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +1 -2
- data/lib/chef/providers.rb +0 -1
- data/lib/chef/recipe.rb +1 -1
- data/lib/chef/resource.rb +9 -11
- data/lib/chef/resource/alternatives.rb +1 -1
- data/lib/chef/resource/apt_repository.rb +1 -10
- data/lib/chef/resource/build_essential.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
- data/lib/chef/resource/chef_client_systemd_timer.rb +2 -2
- data/lib/chef/resource/chef_gem.rb +57 -21
- data/lib/chef/resource/chef_vault_secret.rb +13 -13
- data/lib/chef/resource/chocolatey_feature.rb +1 -2
- data/lib/chef/resource/cron/cron_d.rb +1 -1
- data/lib/chef/resource/cron_access.rb +2 -2
- data/lib/chef/resource/dmg_package.rb +2 -2
- data/lib/chef/resource/execute.rb +4 -5
- data/lib/chef/resource/gem_package.rb +35 -2
- data/lib/chef/resource/homebrew_update.rb +2 -2
- data/lib/chef/resource/hostname.rb +18 -18
- data/lib/chef/resource/launchd.rb +1 -1
- data/lib/chef/resource/lwrp_base.rb +1 -0
- data/lib/chef/resource/macos_userdefaults.rb +176 -61
- data/lib/chef/resource/openssl_dhparam.rb +2 -0
- data/lib/chef/resource/openssl_ec_private_key.rb +2 -0
- data/lib/chef/resource/openssl_ec_public_key.rb +2 -0
- data/lib/chef/resource/openssl_rsa_private_key.rb +2 -0
- data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
- data/lib/chef/resource/openssl_x509_certificate.rb +35 -35
- data/lib/chef/resource/openssl_x509_crl.rb +3 -2
- data/lib/chef/resource/openssl_x509_request.rb +23 -20
- data/lib/chef/resource/osx_profile.rb +227 -5
- data/lib/chef/resource/powershell_package_source.rb +1 -1
- data/lib/chef/resource/powershell_script.rb +24 -30
- data/lib/chef/resource/service.rb +2 -2
- data/lib/chef/resource/ssh_known_hosts_entry.rb +16 -1
- data/lib/chef/resource/sudo.rb +31 -4
- data/lib/chef/resource/swap_file.rb +17 -0
- data/lib/chef/resource/sysctl.rb +5 -5
- data/lib/chef/resource/timezone.rb +15 -0
- data/lib/chef/resource/user_ulimit.rb +1 -1
- data/lib/chef/resource/windows_ad_join.rb +2 -0
- data/lib/chef/resource/windows_audit_policy.rb +3 -0
- data/lib/chef/resource/windows_auto_run.rb +2 -0
- data/lib/chef/resource/windows_certificate.rb +2 -0
- data/lib/chef/resource/windows_dfs_folder.rb +2 -0
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
- data/lib/chef/resource/windows_dfs_server.rb +2 -0
- data/lib/chef/resource/windows_dns_record.rb +25 -5
- data/lib/chef/resource/windows_dns_zone.rb +12 -7
- data/lib/chef/resource/windows_feature.rb +2 -0
- data/lib/chef/resource/windows_feature_dism.rb +10 -0
- data/lib/chef/resource/windows_feature_powershell.rb +14 -2
- data/lib/chef/resource/windows_firewall_profile.rb +199 -0
- data/lib/chef/resource/windows_firewall_rule.rb +5 -3
- data/lib/chef/resource/windows_font.rb +3 -1
- data/lib/chef/resource/windows_pagefile.rb +4 -0
- data/lib/chef/resource/windows_printer.rb +17 -18
- data/lib/chef/resource/windows_printer_port.rb +14 -13
- data/lib/chef/resource/windows_security_policy.rb +52 -21
- data/lib/chef/resource/windows_share.rb +5 -3
- data/lib/chef/resource/windows_shortcut.rb +2 -0
- data/lib/chef/resource/windows_uac.rb +2 -0
- data/lib/chef/resource/windows_user_privilege.rb +27 -2
- data/lib/chef/resource/windows_workgroup.rb +2 -3
- data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
- data/lib/chef/resource_inspector.rb +7 -1
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/role.rb +3 -4
- data/lib/chef/run_context/cookbook_compiler.rb +20 -20
- data/lib/chef/run_status.rb +2 -6
- data/lib/chef/server_api_versions.rb +4 -0
- data/lib/chef/shell.rb +1 -1
- data/lib/chef/shell/shell_session.rb +2 -0
- data/lib/chef/util/backup.rb +1 -1
- data/lib/chef/util/diff.rb +11 -12
- data/lib/chef/util/powershell/cmdlet.rb +1 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/win32/file.rb +2 -2
- data/lib/chef/win32/file/version_info.rb +5 -5
- data/lib/chef/win32/registry.rb +1 -2
- data/spec/data/ssl/chef-rspec.cert +15 -15
- data/spec/functional/knife/configure_spec.rb +1 -1
- data/spec/functional/knife/ssh_spec.rb +5 -16
- data/spec/functional/resource/aix_service_spec.rb +9 -2
- data/spec/functional/resource/aixinit_service_spec.rb +8 -9
- data/spec/functional/resource/apt_package_spec.rb +0 -1
- data/spec/functional/resource/bash_spec.rb +3 -2
- data/spec/functional/resource/bff_spec.rb +3 -3
- data/spec/functional/resource/chocolatey_package_spec.rb +4 -0
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +10 -2
- data/spec/functional/resource/dnf_package_spec.rb +4 -1
- data/spec/functional/resource/dsc_resource_spec.rb +1 -1
- data/spec/functional/resource/dsc_script_spec.rb +0 -1
- data/spec/functional/resource/execute_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +23 -1
- data/spec/functional/resource/group_spec.rb +21 -9
- data/spec/functional/resource/ifconfig_spec.rb +9 -1
- data/spec/functional/resource/insserv_spec.rb +7 -7
- data/spec/functional/resource/link_spec.rb +22 -25
- data/spec/functional/resource/mount_spec.rb +9 -1
- data/spec/functional/resource/msu_package_spec.rb +9 -3
- data/spec/functional/resource/powershell_script_spec.rb +8 -8
- data/spec/functional/resource/remote_file_spec.rb +7 -13
- data/spec/functional/resource/rpm_spec.rb +3 -3
- data/spec/functional/resource/timezone_spec.rb +2 -0
- data/spec/functional/resource/windows_certificate_spec.rb +3 -3
- data/spec/functional/resource/windows_font_spec.rb +49 -0
- data/spec/functional/resource/windows_package_spec.rb +0 -1
- data/spec/functional/resource/windows_path_spec.rb +4 -0
- data/spec/functional/resource/windows_security_policy_spec.rb +0 -4
- data/spec/functional/resource/windows_service_spec.rb +4 -0
- data/spec/functional/resource/windows_task_spec.rb +4 -3
- data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
- data/spec/functional/resource/yum_package_spec.rb +4 -1
- data/spec/functional/resource/zypper_package_spec.rb +4 -1
- data/spec/functional/run_lock_spec.rb +26 -25
- data/spec/functional/shell_spec.rb +5 -6
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/crypto_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +8 -8
- data/spec/functional/win32/service_manager_spec.rb +1 -1
- data/spec/integration/knife/common_options_spec.rb +12 -12
- data/spec/integration/knife/config_get_profile_spec.rb +69 -68
- data/spec/integration/knife/config_get_spec.rb +126 -125
- data/spec/integration/knife/config_list_profiles_spec.rb +181 -152
- data/spec/integration/knife/config_use_profile_spec.rb +115 -61
- data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
- data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
- data/spec/integration/knife/diff_spec.rb +3 -1
- data/spec/integration/knife/download_spec.rb +3 -1
- data/spec/integration/knife/environment_from_file_spec.rb +1 -1
- data/spec/integration/knife/node_from_file_spec.rb +1 -1
- data/spec/integration/knife/role_from_file_spec.rb +1 -1
- data/spec/integration/knife/serve_spec.rb +5 -5
- data/spec/integration/knife/upload_spec.rb +3 -1
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +2 -2
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/recipe_dsl_spec.rb +5 -1
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
- data/spec/integration/recipes/resource_load_spec.rb +4 -2
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +1 -1
- data/spec/scripts/ssl-serve.rb +1 -1
- data/spec/spec_helper.rb +16 -10
- data/spec/support/chef_helpers.rb +1 -20
- data/spec/support/platform_helpers.rb +9 -11
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/shared/functional/directory_resource.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/file_resource.rb +20 -21
- data/spec/support/shared/functional/securable_resource.rb +1 -2
- data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
- data/spec/support/shared/functional/win32_service.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +5 -5
- data/spec/support/shared/integration/integration_helper.rb +22 -52
- data/spec/support/shared/integration/knife_support.rb +2 -9
- data/spec/support/shared/unit/application_dot_d.rb +0 -1
- data/spec/support/shared/unit/provider/file.rb +12 -8
- data/spec/support/shared/unit/script_resource.rb +6 -20
- data/spec/support/shared/unit/windows_script_resource.rb +15 -28
- data/spec/unit/application/solo_spec.rb +4 -2
- data/spec/unit/application_spec.rb +4 -2
- data/spec/unit/chef_fs/config_spec.rb +2 -2
- data/spec/unit/chef_fs/diff_spec.rb +8 -8
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
- data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
- data/spec/unit/client_spec.rb +4 -1
- data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
- data/spec/unit/cookbook/synchronizer_spec.rb +26 -24
- data/spec/unit/data_bag_spec.rb +6 -3
- data/spec/unit/data_collector_spec.rb +23 -1
- data/spec/unit/decorator_spec.rb +23 -23
- data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
- data/spec/unit/environment_spec.rb +12 -8
- data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
- data/spec/unit/guard_interpreter_spec.rb +1 -1
- data/spec/unit/http/api_versions_spec.rb +20 -2
- data/spec/unit/json_compat_spec.rb +1 -1
- data/spec/unit/knife/bootstrap_spec.rb +17 -20
- data/spec/unit/knife/cookbook_download_spec.rb +6 -6
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
- data/spec/unit/knife/cookbook_show_spec.rb +6 -7
- data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +21 -12
- data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
- data/spec/unit/knife/supermarket_share_spec.rb +1 -1
- data/spec/unit/log/syslog_spec.rb +6 -10
- data/spec/unit/log/winevt_spec.rb +21 -13
- data/spec/unit/lwrp_spec.rb +9 -6
- data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
- data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
- data/spec/unit/mixin/powershell_out_spec.rb +2 -4
- data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
- data/spec/unit/mixin/securable_spec.rb +0 -1
- data/spec/unit/mixin/shell_out_spec.rb +25 -26
- data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
- data/spec/unit/mixin/template_spec.rb +30 -30
- data/spec/unit/mixin/unformatter_spec.rb +2 -2
- data/spec/unit/mixin/uris_spec.rb +1 -1
- data/spec/unit/mixin/which.rb +8 -0
- data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
- data/spec/unit/node/immutable_collections_spec.rb +6 -2
- data/spec/unit/node_spec.rb +103 -16
- data/spec/unit/property_spec.rb +5 -5
- data/spec/unit/provider/batch_spec.rb +1 -1
- data/spec/unit/provider/cron/unix_spec.rb +1 -1
- data/spec/unit/provider/dsc_resource_spec.rb +22 -38
- data/spec/unit/provider/dsc_script_spec.rb +10 -10
- data/spec/unit/provider/execute_spec.rb +1 -8
- data/spec/unit/provider/git_spec.rb +3 -3
- data/spec/unit/provider/ifconfig_spec.rb +0 -1
- data/spec/unit/provider/mdadm_spec.rb +1 -3
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
- data/spec/unit/provider/package/openbsd_spec.rb +1 -1
- data/spec/unit/provider/package/pacman_spec.rb +17 -20
- data/spec/unit/provider/package/rubygems_spec.rb +5 -10
- data/spec/unit/provider/package/smartos_spec.rb +1 -1
- data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
- data/spec/unit/provider/package/windows_spec.rb +30 -53
- data/spec/unit/provider/powershell_script_spec.rb +11 -4
- data/spec/unit/provider/remote_directory_spec.rb +9 -9
- data/spec/unit/provider/service/arch_service_spec.rb +3 -2
- data/spec/unit/provider/service/debian_service_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
- data/spec/unit/provider/service/macosx_spec.rb +3 -3
- data/spec/unit/provider/service/redhat_spec.rb +3 -3
- data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
- data/spec/unit/provider/service/windows_spec.rb +2 -6
- data/spec/unit/provider/systemd_unit_spec.rb +28 -24
- data/spec/unit/provider/user/dscl_spec.rb +2 -2
- data/spec/unit/provider/windows_env_spec.rb +5 -4
- data/spec/unit/provider_resolver_spec.rb +6 -6
- data/spec/unit/provider_spec.rb +1 -0
- data/spec/unit/resource/batch_spec.rb +6 -6
- data/spec/unit/resource/chef_client_cron_spec.rb +23 -7
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +7 -4
- data/spec/unit/resource/execute_spec.rb +123 -118
- data/spec/unit/resource/file/verification_spec.rb +2 -1
- data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
- data/spec/unit/resource/osx_profile_spec.rb +233 -0
- data/spec/unit/resource/powershell_script_spec.rb +11 -29
- data/spec/unit/resource/script_spec.rb +6 -1
- data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
- data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
- data/spec/unit/resource/windows_package_spec.rb +1 -0
- data/spec/unit/resource_reporter_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +25 -8
- data/spec/unit/role_spec.rb +30 -28
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_lock_spec.rb +1 -1
- data/spec/unit/scan_access_control_spec.rb +1 -1
- data/spec/unit/server_api_spec.rb +43 -16
- data/spec/unit/util/backup_spec.rb +1 -1
- data/spec/unit/util/diff_spec.rb +1 -15
- data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
- data/spec/unit/util/selinux_spec.rb +2 -1
- data/spec/unit/win32/security_spec.rb +4 -3
- data/tasks/rspec.rb +1 -1
- metadata +53 -40
- data/lib/chef/provider/osx_profile.rb +0 -255
- data/spec/unit/provider/osx_profile_spec.rb +0 -255
@@ -21,7 +21,9 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsSecurityPolicy < Chef::Resource
|
24
|
-
|
24
|
+
unified_mode true
|
25
|
+
|
26
|
+
provides :windows_security_policy
|
25
27
|
|
26
28
|
# The valid policy_names options found here
|
27
29
|
# https://github.com/ChrisAWalker/cSecurityOptions under 'AccountSettings'
|
@@ -80,13 +82,55 @@ class Chef
|
|
80
82
|
property :secvalue, String, required: true,
|
81
83
|
description: "Policy value to be set for policy name."
|
82
84
|
|
85
|
+
load_current_value do |desired|
|
86
|
+
powershell_code = <<-CODE
|
87
|
+
C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\secopts_export.inf | Out-Null
|
88
|
+
# cspell:disable-next-line
|
89
|
+
$security_options_data = (Get-Content $env:TEMP\\secopts_export.inf | Select-String -Pattern "^[CEFLMNPR].* =.*$" | Out-String)
|
90
|
+
Remove-Item $env:TEMP\\secopts_export.inf -force
|
91
|
+
$security_options_hash = ($security_options_data -Replace '"'| ConvertFrom-StringData)
|
92
|
+
([PSCustomObject]@{
|
93
|
+
RequireLogonToChangePassword = $security_options_hash.RequireLogonToChangePassword
|
94
|
+
PasswordComplexity = $security_options_hash.PasswordComplexity
|
95
|
+
LSAAnonymousNameLookup = $security_options_hash.LSAAnonymousNameLookup
|
96
|
+
EnableAdminAccount = $security_options_hash.EnableAdminAccount
|
97
|
+
PasswordHistorySize = $security_options_hash.PasswordHistorySize
|
98
|
+
MinimumPasswordLength = $security_options_hash.MinimumPasswordLength
|
99
|
+
ResetLockoutCount = $security_options_hash.ResetLockoutCount
|
100
|
+
MaximumPasswordAge = $security_options_hash.MaximumPasswordAge
|
101
|
+
ClearTextPassword = $security_options_hash.ClearTextPassword
|
102
|
+
NewAdministratorName = $security_options_hash.NewAdministratorName
|
103
|
+
LockoutDuration = $security_options_hash.LockoutDuration
|
104
|
+
EnableGuestAccount = $security_options_hash.EnableGuestAccount
|
105
|
+
ForceLogoffWhenHourExpire = $security_options_hash.ForceLogoffWhenHourExpire
|
106
|
+
MinimumPasswordAge = $security_options_hash.MinimumPasswordAge
|
107
|
+
NewGuestName = $security_options_hash.NewGuestName
|
108
|
+
LockoutBadCount = $security_options_hash.LockoutBadCount
|
109
|
+
}) | ConvertTo-Json
|
110
|
+
CODE
|
111
|
+
output = powershell_out(powershell_code)
|
112
|
+
current_value_does_not_exist! if output.stdout.empty?
|
113
|
+
state = Chef::JSONCompat.from_json(output.stdout)
|
114
|
+
|
115
|
+
if desired.secoption == "ResetLockoutCount" || desired.secoption == "LockoutDuration"
|
116
|
+
if state["LockoutBadCount"] == "0"
|
117
|
+
raise Chef::Exceptions::ValidationFailed.new "#{desired.secoption} cannot be set unless the \"LockoutBadCount\" security policy has been set to a non-zero value"
|
118
|
+
else
|
119
|
+
secvalue state[desired.secoption.to_s]
|
120
|
+
end
|
121
|
+
else
|
122
|
+
secvalue state[desired.secoption.to_s]
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
83
126
|
action :set do
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
127
|
+
converge_if_changed :secvalue do
|
128
|
+
security_option = new_resource.secoption
|
129
|
+
security_value = new_resource.secvalue
|
130
|
+
|
131
|
+
cmd = <<-EOH
|
89
132
|
$security_option = "#{security_option}"
|
133
|
+
C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
|
90
134
|
if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") )
|
91
135
|
{
|
92
136
|
$#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content $env:TEMP\\#{security_option}_Export.inf
|
@@ -99,21 +143,8 @@ class Chef
|
|
99
143
|
}
|
100
144
|
Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
|
101
145
|
EOH
|
102
|
-
|
103
|
-
|
104
|
-
$ExportAudit = (Get-Content $env:TEMP\\#{security_option}_Export.inf | Select-String -Pattern #{security_option})
|
105
|
-
$check_digit = $ExportAudit -match '#{security_option} = #{security_value}'
|
106
|
-
$check_string = $ExportAudit -match '#{security_option} = "#{security_value}"'
|
107
|
-
if ( $check_string -Or $check_digit )
|
108
|
-
{
|
109
|
-
Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
|
110
|
-
$true
|
111
|
-
}
|
112
|
-
else
|
113
|
-
{
|
114
|
-
$false
|
115
|
-
}
|
116
|
-
EOH
|
146
|
+
|
147
|
+
powershell_out!(cmd)
|
117
148
|
end
|
118
149
|
end
|
119
150
|
end
|
@@ -26,6 +26,8 @@ require_relative "../util/path_helper"
|
|
26
26
|
class Chef
|
27
27
|
class Resource
|
28
28
|
class WindowsShare < Chef::Resource
|
29
|
+
unified_mode true
|
30
|
+
|
29
31
|
provides :windows_share
|
30
32
|
|
31
33
|
description "Use the **windows_share** resource to create, modify and remove Windows shares."
|
@@ -59,7 +61,7 @@ class Chef
|
|
59
61
|
# Specifies the path of the location of the folder to share. The path must be fully qualified. Relative paths or paths that contain wildcard characters are not permitted.
|
60
62
|
property :path, String,
|
61
63
|
description: "The path of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created.",
|
62
|
-
coerce: proc { |p| p.
|
64
|
+
coerce: proc { |p| p.tr("/", "\\") || p }
|
63
65
|
|
64
66
|
# Specifies an optional description of the SMB share. A description of the share is displayed by running the Get-SmbShare cmdlet. The description may not contain more than 256 characters.
|
65
67
|
property :description, String,
|
@@ -117,8 +119,6 @@ class Chef
|
|
117
119
|
# Specifies which files and folders in the SMB share are visible to users. AccessBased: SMB does not the display the files and folders for a share to a user unless that user has rights to access the files and folders. By default, access-based enumeration is disabled for new SMB shares. Unrestricted: SMB displays files and folders to a user even when the user does not have permission to access the items.
|
118
120
|
# property :folder_enumeration_mode, String, equal_to: %(AccessBased Unrestricted)
|
119
121
|
|
120
|
-
include Chef::Mixin::PowershellOut
|
121
|
-
|
122
122
|
load_current_value do |desired|
|
123
123
|
# this command selects individual objects because EncryptData & CachingMode have underlying
|
124
124
|
# types that get converted to their Integer values by ConvertTo-Json & we need to make sure
|
@@ -233,6 +233,8 @@ class Chef
|
|
233
233
|
end
|
234
234
|
|
235
235
|
action_class do
|
236
|
+
private
|
237
|
+
|
236
238
|
def different_path?
|
237
239
|
return false if current_resource.nil? # going from nil to something isn't different for our concerns
|
238
240
|
return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path)
|
@@ -21,6 +21,8 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsShortcut < Chef::Resource
|
24
|
+
unified_mode true
|
25
|
+
|
24
26
|
provides(:windows_shortcut) { true }
|
25
27
|
|
26
28
|
description "Use the **windows_shortcut** resource to create shortcut files on Windows."
|
@@ -20,6 +20,8 @@ require_relative "../resource"
|
|
20
20
|
class Chef
|
21
21
|
class Resource
|
22
22
|
class WindowsUac < Chef::Resource
|
23
|
+
unified_mode true
|
24
|
+
|
23
25
|
provides :windows_uac
|
24
26
|
|
25
27
|
description 'The *windows_uac* resource configures UAC on Windows hosts by setting registry keys at `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`'
|
@@ -21,6 +21,8 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsUserPrivilege < Chef::Resource
|
24
|
+
unified_mode true
|
25
|
+
|
24
26
|
privilege_opts = %w{SeTrustedCredManAccessPrivilege
|
25
27
|
SeNetworkLogonRight
|
26
28
|
SeTcbPrivilege
|
@@ -112,6 +114,15 @@ class Chef
|
|
112
114
|
action :remove
|
113
115
|
end
|
114
116
|
```
|
117
|
+
|
118
|
+
**Clear all users from the SeDenyNetworkLogonRight Privilege**:
|
119
|
+
|
120
|
+
```ruby
|
121
|
+
windows_user_privilege 'Allow any user the Network Logon right' do
|
122
|
+
privilege 'SeDenyNetworkLogonRight'
|
123
|
+
action :clear
|
124
|
+
end
|
125
|
+
```
|
115
126
|
DOC
|
116
127
|
|
117
128
|
property :principal, String,
|
@@ -132,8 +143,8 @@ class Chef
|
|
132
143
|
}
|
133
144
|
|
134
145
|
load_current_value do |new_resource|
|
135
|
-
|
136
|
-
privilege Chef::ReservedNames::Win32::Security.get_account_right(new_resource.principal)
|
146
|
+
if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove))
|
147
|
+
privilege Chef::ReservedNames::Win32::Security.get_account_right(new_resource.principal)
|
137
148
|
end
|
138
149
|
end
|
139
150
|
|
@@ -180,6 +191,20 @@ class Chef
|
|
180
191
|
end
|
181
192
|
end
|
182
193
|
|
194
|
+
action :clear do
|
195
|
+
new_resource.privilege.each do |privilege|
|
196
|
+
accounts = Chef::ReservedNames::Win32::Security.get_account_with_user_rights(privilege)
|
197
|
+
|
198
|
+
# comparing the existing accounts for privilege with users
|
199
|
+
# Removing only accounts which is not matching with users in new_resource
|
200
|
+
accounts.each do |account|
|
201
|
+
converge_by("removing user '#{account}' from privilege #{privilege}") do
|
202
|
+
Chef::ReservedNames::Win32::Security.remove_account_right(account, privilege)
|
203
|
+
end
|
204
|
+
end
|
205
|
+
end
|
206
|
+
end
|
207
|
+
|
183
208
|
action :remove do
|
184
209
|
curr_res_privilege = current_resource.privilege
|
185
210
|
missing_res_privileges = (new_resource.privilege - curr_res_privilege)
|
@@ -16,7 +16,6 @@
|
|
16
16
|
#
|
17
17
|
|
18
18
|
require_relative "../resource"
|
19
|
-
require_relative "../mixin/powershell_out"
|
20
19
|
require_relative "../dist"
|
21
20
|
|
22
21
|
class Chef
|
@@ -24,8 +23,6 @@ class Chef
|
|
24
23
|
class WindowsWorkgroup < Chef::Resource
|
25
24
|
provides :windows_workgroup
|
26
25
|
|
27
|
-
include Chef::Mixin::PowershellOut
|
28
|
-
|
29
26
|
description "Use the **windows_workgroup** resource to join or change the workgroup of a Windows host."
|
30
27
|
introduced "14.5"
|
31
28
|
examples <<~DOC
|
@@ -57,6 +54,7 @@ class Chef
|
|
57
54
|
|
58
55
|
property :password, String,
|
59
56
|
description: "The password for the local administrator user. Required if using the `user` property.",
|
57
|
+
sensitive: true,
|
60
58
|
desired_state: false
|
61
59
|
|
62
60
|
property :reboot, Symbol,
|
@@ -83,6 +81,7 @@ class Chef
|
|
83
81
|
end
|
84
82
|
|
85
83
|
# define this again so we can default it to true. Otherwise failures print the password
|
84
|
+
# FIXME: this should now be unnecessary with the password property itself marked sensitive?
|
86
85
|
property :sensitive, [TrueClass, FalseClass],
|
87
86
|
default: true, desired_state: false
|
88
87
|
|
@@ -59,11 +59,17 @@ module ResourceInspector
|
|
59
59
|
required: opts[:required] || false,
|
60
60
|
default: opts[:default_description] || get_default(opts[:default]),
|
61
61
|
name_property: opts[:name_property] || false,
|
62
|
-
equal_to:
|
62
|
+
equal_to: sort_equal_to(opts[:equal_to]) }
|
63
63
|
end
|
64
64
|
data
|
65
65
|
end
|
66
66
|
|
67
|
+
def self.sort_equal_to(equal_to)
|
68
|
+
Array(equal_to).sort.map(&:inspect)
|
69
|
+
rescue ArgumentError
|
70
|
+
Array(equal_to).map(&:inspect)
|
71
|
+
end
|
72
|
+
|
67
73
|
def self.extract_cookbook(path, complete)
|
68
74
|
path = File.expand_path(path)
|
69
75
|
dir, name = File.split(path)
|
data/lib/chef/resources.rb
CHANGED
@@ -153,6 +153,7 @@ require_relative "resource/windows_dns_zone"
|
|
153
153
|
require_relative "resource/windows_feature"
|
154
154
|
require_relative "resource/windows_feature_dism"
|
155
155
|
require_relative "resource/windows_feature_powershell"
|
156
|
+
require_relative "resource/windows_firewall_profile"
|
156
157
|
require_relative "resource/windows_firewall_rule"
|
157
158
|
require_relative "resource/windows_font"
|
158
159
|
require_relative "resource/windows_pagefile"
|
data/lib/chef/role.rb
CHANGED
@@ -133,7 +133,7 @@ class Chef
|
|
133
133
|
def to_h
|
134
134
|
env_run_lists_without_default = @env_run_lists.dup
|
135
135
|
env_run_lists_without_default.delete("_default")
|
136
|
-
|
136
|
+
{
|
137
137
|
"name" => @name,
|
138
138
|
"description" => @description,
|
139
139
|
"json_class" => self.class.name,
|
@@ -149,7 +149,6 @@ class Chef
|
|
149
149
|
accumulator
|
150
150
|
end,
|
151
151
|
}
|
152
|
-
result
|
153
152
|
end
|
154
153
|
|
155
154
|
alias_method :to_hash, :to_h
|
@@ -257,11 +256,11 @@ class Chef
|
|
257
256
|
|
258
257
|
js_path, rb_path = js_files.first, rb_files.first
|
259
258
|
|
260
|
-
if js_path && File.
|
259
|
+
if js_path && File.exist?(js_path)
|
261
260
|
# from_json returns object.class => json_class in the JSON.
|
262
261
|
hsh = Chef::JSONCompat.parse(IO.read(js_path))
|
263
262
|
return from_hash(hsh)
|
264
|
-
elsif rb_path && File.
|
263
|
+
elsif rb_path && File.exist?(rb_path)
|
265
264
|
role = Chef::Role.new
|
266
265
|
role.name(name)
|
267
266
|
role.from_file(rb_path)
|
@@ -169,17 +169,17 @@ class Chef
|
|
169
169
|
def compile_recipes
|
170
170
|
@events.recipe_load_start(run_list_expansion.recipes.size)
|
171
171
|
run_list_expansion.recipes.each do |recipe|
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
172
|
+
|
173
|
+
path = resolve_recipe(recipe)
|
174
|
+
@run_context.load_recipe(recipe)
|
175
|
+
@events.recipe_file_loaded(path, recipe)
|
176
|
+
rescue Chef::Exceptions::RecipeNotFound => e
|
177
|
+
@events.recipe_not_found(e)
|
178
|
+
raise
|
179
|
+
rescue Exception => e
|
180
|
+
@events.recipe_file_load_failed(path, e, recipe)
|
181
|
+
raise
|
182
|
+
|
183
183
|
end
|
184
184
|
@events.recipe_load_complete
|
185
185
|
end
|
@@ -231,14 +231,14 @@ class Chef
|
|
231
231
|
|
232
232
|
def load_libraries_from_cookbook(cookbook_name, globs = "**/*.rb")
|
233
233
|
each_file_in_cookbook_by_segment(cookbook_name, :libraries, globs) do |filename|
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
234
|
+
|
235
|
+
logger.trace("Loading cookbook #{cookbook_name}'s library file: #{filename}")
|
236
|
+
Kernel.require(filename)
|
237
|
+
@events.library_file_loaded(filename)
|
238
|
+
rescue Exception => e
|
239
|
+
@events.library_file_load_failed(filename, e)
|
240
|
+
raise
|
241
|
+
|
242
242
|
end
|
243
243
|
end
|
244
244
|
|
@@ -325,7 +325,7 @@ class Chef
|
|
325
325
|
|
326
326
|
def count_files_by_segment(segment, root_alias = nil)
|
327
327
|
cookbook_collection.inject(0) do |count, cookbook_by_name|
|
328
|
-
count + cookbook_by_name[1].segment_filenames(segment).size + (root_alias ? cookbook_by_name[1].files_for(:root_files).
|
328
|
+
count + cookbook_by_name[1].segment_filenames(segment).size + (root_alias ? cookbook_by_name[1].files_for(:root_files).count { |record| record[:name] == root_alias } : 0)
|
329
329
|
end
|
330
330
|
end
|
331
331
|
|
data/lib/chef/run_status.rb
CHANGED
@@ -25,17 +25,13 @@ class Chef::RunStatus
|
|
25
25
|
|
26
26
|
attr_reader :events
|
27
27
|
|
28
|
-
|
29
|
-
|
30
|
-
attr_writer :run_context
|
28
|
+
attr_accessor :run_context
|
31
29
|
|
32
30
|
attr_reader :start_time
|
33
31
|
|
34
32
|
attr_reader :end_time
|
35
33
|
|
36
|
-
|
37
|
-
|
38
|
-
attr_writer :exception
|
34
|
+
attr_accessor :exception
|
39
35
|
|
40
36
|
attr_accessor :run_id
|
41
37
|
|
data/lib/chef/shell.rb
CHANGED
@@ -339,7 +339,7 @@ module Shell
|
|
339
339
|
config[:config_file] = config_file_for_shell_mode(environment)
|
340
340
|
config_msg = config[:config_file] || "none (standalone session)"
|
341
341
|
puts "loading configuration: #{config_msg}"
|
342
|
-
Chef::Config.from_file(config[:config_file]) if !config[:config_file].nil? && File.
|
342
|
+
Chef::Config.from_file(config[:config_file]) if !config[:config_file].nil? && File.exist?(config[:config_file]) && File.readable?(config[:config_file])
|
343
343
|
Chef::Config.merge!(config)
|
344
344
|
end
|
345
345
|
|
@@ -41,6 +41,7 @@ module Shell
|
|
41
41
|
|
42
42
|
attr_accessor :node, :compile, :recipe, :json_configuration
|
43
43
|
attr_reader :node_attributes, :client
|
44
|
+
|
44
45
|
def initialize
|
45
46
|
@node_built = false
|
46
47
|
formatter = Chef::Formatters.new(Chef::Config.formatter, STDOUT, STDERR)
|
@@ -75,6 +76,7 @@ module Shell
|
|
75
76
|
end
|
76
77
|
|
77
78
|
attr_writer :run_context
|
79
|
+
|
78
80
|
def run_context
|
79
81
|
@run_context ||= rebuild_context
|
80
82
|
end
|
data/lib/chef/util/backup.rb
CHANGED
data/lib/chef/util/diff.rb
CHANGED
@@ -48,7 +48,6 @@ class Chef
|
|
48
48
|
class Diff
|
49
49
|
# @todo: to_a, to_s, to_json, inspect defs, accessors for @diff and @error
|
50
50
|
# @todo: move coercion to UTF-8 into to_json
|
51
|
-
# @todo: replace shellout to diff -u with diff-lcs gem
|
52
51
|
|
53
52
|
def for_output
|
54
53
|
# formatted output to a terminal uses arrays of strings and returns error strings
|
@@ -64,7 +63,7 @@ class Chef
|
|
64
63
|
|
65
64
|
def use_tempfile_if_missing(file)
|
66
65
|
tempfile = nil
|
67
|
-
unless File.
|
66
|
+
unless File.exist?(file)
|
68
67
|
Chef::Log.trace("File #{file} does not exist to diff against, using empty tempfile")
|
69
68
|
tempfile = Tempfile.new("chef-diff")
|
70
69
|
file = tempfile.path
|
@@ -107,16 +106,16 @@ class Chef
|
|
107
106
|
# join them. otherwise, print out the old one.
|
108
107
|
old_hunk = hunk = nil
|
109
108
|
diff_data.each do |piece|
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
109
|
+
|
110
|
+
hunk = ::Diff::LCS::Hunk.new(old_data, new_data, piece, 3, file_length_difference)
|
111
|
+
file_length_difference = hunk.file_length_difference
|
112
|
+
next unless old_hunk
|
113
|
+
next if hunk.merge(old_hunk)
|
114
|
+
|
115
|
+
diff_str << old_hunk.diff(:unified) << "\n"
|
116
|
+
ensure
|
117
|
+
old_hunk = hunk
|
118
|
+
|
120
119
|
end
|
121
120
|
diff_str << old_hunk.diff(:unified) << "\n"
|
122
121
|
diff_str
|