chef 16.2.44 → 16.4.35

data/lib/chef/resource/chef_client_scheduled_task.rb

@@ -172,7 +172,7 @@ class Chef
           # Fetch path of cmd.exe through environment variable comspec
           cmd_path = ENV["COMSPEC"]
 
-          "#{cmd_path} /c \'#{client_cmd}\'"
+          "#{cmd_path} /c \"#{client_cmd}\""
         end
 
         # Build command line to pass to cmd.exe

data/lib/chef/resource/chef_client_systemd_timer.rb

@@ -112,11 +112,11 @@ class Chef
 
       action :remove do
         systemd_unit "#{new_resource.job_name}.service" do
-          action :remove
+          action :delete
         end
 
         systemd_unit "#{new_resource.job_name}.timer" do
-          action :remove
+          action :delete
         end
       end
 

data/lib/chef/resource/chef_gem.rb

@@ -22,26 +22,59 @@ require_relative "../dist"
 
 class Chef
   class Resource
-    # Use the chef_gem resource to install a gem only for the instance of Ruby that is dedicated to the chef-client.
-    # When a gem is installed from a local file, it must be added to the node using the remote_file or cookbook_file
-    # resources.
-    #
-    # The chef_gem resource works with all of the same properties and options as the gem_package resource, but does not
-    # accept the gem_binary property because it always uses the CurrentGemEnvironment under which the chef-client is
-    # running. In addition to performing actions similar to the gem_package resource, the chef_gem resource does the
-    # following:
-    #  - Runs its actions immediately, before convergence, allowing a gem to be used in a recipe immediately after it is
-    #    installed
-    #  - Runs Gem.clear_paths after the action, ensuring that gem is aware of changes so that it can be required
-    #    immediately after it is installed
-
-    require_relative "gem_package"
-    require_relative "../dist"
-
     class ChefGem < Chef::Resource::Package::GemPackage
       unified_mode true
       provides :chef_gem
 
+      description <<~DESC
+        Use the **chef_gem** resource to install a gem only for the instance of Ruby that is dedicated to the #{Chef::Dist::CLIENT}.
+        When a gem is installed from a local file, it must be added to the node using the **remote_file** or **cookbook_file** resources.
+
+        The **chef_gem** resource works with all of the same properties and options as the **gem_package** resource, but does not
+        accept the `gem_binary` property because it always uses the `CurrentGemEnvironment` under which the `#{Chef::Dist::CLIENT}` is
+        running. In addition to performing actions similar to the **gem_package** resource, the **chef_gem** resource does the
+        following:
+        - Runs its actions immediately, before convergence, allowing a gem to be used in a recipe immediately after it is installed.
+        - Runs `Gem.clear_paths` after the action, ensuring that gem is aware of changes so that it can be required immediately after it is installed.
+
+        Warning: The **chef_gem** and **gem_package** resources are both used to install Ruby gems. For any machine on which #{Chef::Dist::PRODUCT} is
+        installed, there are two instances of Ruby. One is the standard, system-wide instance of Ruby and the other is a dedicated instance that is
+        available only to #{Chef::Dist::PRODUCT}.
+        Use the **chef_gem** resource to install gems into the instance of Ruby that is dedicated to #{Chef::Dist::PRODUCT}.
+        Use the **gem_package** resource to install all other gems (i.e. install gems system-wide).
+      DESC
+
+      examples <<~EXAMPLES
+        **Compile time vs. converge time installation of gems**
+
+        To install a gem while #{Chef::Dist::PRODUCT} is configuring the node (the converge phase), set the `compile_time` property to `false`:
+        ```ruby
+        chef_gem 'right_aws' do
+          compile_time false
+          action :install
+        end
+        ```
+
+        To install a gem while the resource collection is being built (the compile phase), set the `compile_time` property to `true`:
+        ```ruby
+        chef_gem 'right_aws' do
+          compile_time true
+          action :install
+        end
+        ```
+
+        Install MySQL for Chef
+        ```ruby
+        apt_update
+
+        build_essential 'install compilation tools' do
+          compile_time true
+        end
+
+        chef_gem 'mysql'
+        ```
+      EXAMPLES
+
       property :package_name, String,
         description: "An optional property to set the package name if it differs from the resource block's name.",
         identity: true
@@ -49,11 +82,14 @@ class Chef
       property :version, String,
         description: "The version of a package to be installed or upgraded."
 
-      property :gem_binary, default: "#{RbConfig::CONFIG["bindir"]}/gem", default_description: "The `gem` binary included with #{Chef::Dist::PRODUCT}.",
-                            description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be installed.",
-                            callbacks: {
-                 "The chef_gem resource is restricted to the current gem environment, use gem_package to install to other environments." => proc { |v| v == "#{RbConfig::CONFIG["bindir"]}/gem" },
-               }
+      property :gem_binary, String,
+        default: "#{RbConfig::CONFIG["bindir"]}/gem",
+        default_description: "The `gem` binary included with #{Chef::Dist::PRODUCT}.",
+        description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be used.",
+        callbacks: {
+          "The `chef_gem` resource is restricted to the current gem environment, use `gem_package` to install to other environments." =>
+            proc { |v| v == "#{RbConfig::CONFIG["bindir"]}/gem" },
+        }
     end
   end
 end

data/lib/chef/resource/chef_vault_secret.rb

@@ -73,19 +73,19 @@ class Chef
         description: "The Chef environment of the data if storing per environment values."
 
       load_current_value do
-        begin
-          item = ChefVault::Item.load(data_bag, id)
-          raw_data item.raw_data
-          clients item.get_clients
-          admins item.get_admins
-          search item.search
-        rescue ChefVault::Exceptions::SecretDecryption
-          current_value_does_not_exist!
-        rescue ChefVault::Exceptions::KeysNotFound
-          current_value_does_not_exist!
-        rescue Net::HTTPClientException => e
-          current_value_does_not_exist! if e.response_code == "404"
-        end
+
+        item = ChefVault::Item.load(data_bag, id)
+        raw_data item.raw_data
+        clients item.get_clients
+        admins item.get_admins
+        search item.search
+      rescue ChefVault::Exceptions::SecretDecryption
+        current_value_does_not_exist!
+      rescue ChefVault::Exceptions::KeysNotFound
+        current_value_does_not_exist!
+      rescue Net::HTTPClientException => e
+        current_value_does_not_exist! if e.response_code == "404"
+
       end
 
       action :create do

data/lib/chef/resource/chocolatey_feature.rb

@@ -89,8 +89,7 @@ class Chef
         # @param [String] action the name of the action to perform
         # @return [String] the choco feature command string
         def choco_cmd(action)
-          cmd = "#{ENV["ALLUSERSPROFILE"]}\\chocolatey\\bin\\choco feature #{action} --name #{new_resource.feature_name}"
-          cmd
+          "#{ENV["ALLUSERSPROFILE"]}\\chocolatey\\bin\\choco feature #{action} --name #{new_resource.feature_name}"
         end
       end
     end

data/lib/chef/resource/cron/cron_d.rb

@@ -158,7 +158,7 @@ class Chef
 
           # @todo this is Chef 12 era cleanup. Someday we should remove it all
           template "/etc/cron.d/#{sanitized_name}" do
-            source ::File.expand_path("../../support/cron.d.erb", __FILE__)
+            source ::File.expand_path("../support/cron.d.erb", __dir__)
             local true
             mode new_resource.mode
             variables(

data/lib/chef/resource/cron_access.rb

@@ -70,7 +70,7 @@ class Chef
 
         with_run_context :root do
           edit_resource(:template, allow_path) do |new_resource|
-            source ::File.expand_path("../support/cron_access.erb", __FILE__)
+            source ::File.expand_path("support/cron_access.erb", __dir__)
             local true
             mode "0600"
             variables["users"] ||= []
@@ -87,7 +87,7 @@ class Chef
 
         with_run_context :root do
           edit_resource(:template, deny_path) do |new_resource|
-            source ::File.expand_path("../support/cron_access.erb", __FILE__)
+            source ::File.expand_path("support/cron_access.erb", __dir__)
             local true
             mode "0600"
             variables["users"] ||= []

data/lib/chef/resource/dmg_package.rb

@@ -38,7 +38,7 @@ class Chef
         end
         ```
 
-        **Install Virtualbox from the .mpkg**:
+        **Install VirtualBox from the .mpkg**:
 
         ```ruby
         dmg_package 'Virtualbox' do
@@ -66,7 +66,7 @@ class Chef
         description: "The remote URL that is used to download the `.dmg` file, if specified."
 
       property :file, String,
-        description: "The full path to the `.dmg` file on the local system."
+        description: "The absolute path to the `.dmg` file on the local system."
 
       property :owner, [String, Integer],
         description: "The user that should own the package installation."

data/lib/chef/resource/execute.rb

@@ -161,11 +161,11 @@ class Chef
 
         ```ruby
         execute 'test_rule' do
-          command 'command_to_run
+          command "command_to_run
             --option value
             --option value
             --source \#{node[:name_of_node][:ipsec][:local][:subnet]}
-            -j test_rule'
+            -j test_rule"
 
           action :nothing
         end
@@ -509,7 +509,6 @@ class Chef
       def initialize(name, run_context = nil)
         super
         @command = name
-        @backup = 5
         @default_guard_interpreter = :execute
         @is_guard_interpreter = false
       end
@@ -630,11 +629,11 @@ class Chef
         end
 
         # if domain is provided in both username and domain
-        if specified_user && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain
+        if specified_user.is_a?(String) && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain
           raise ArgumentError, "The domain is provided twice. Username: `#{specified_user}`, Domain: `#{specified_domain}`. Please specify domain only once."
         end
 
-        if ! specified_user.nil? && specified_domain.nil?
+        if specified_user.is_a?(String) && specified_domain.nil?
           # Splitting username of format: Domain\Username
           domain_and_user = user.split('\\')
 

data/lib/chef/resource/gem_package.rb

@@ -25,7 +25,40 @@ class Chef
       unified_mode true
       provides :gem_package
 
-      description "Use the **gem_package** resource to manage gem packages that are only included in recipes. When a package is installed from a local file, it must be added to the node using the remote_file or cookbook_file resources."
+      description <<~DESC
+        Use the **gem_package** resource to manage gem packages that are only included in recipes.
+        When a gem is installed from a local file, it must be added to the node using the **remote_file** or **cookbook_file** resources.
+
+        Note: The **gem_package** resource must be specified as `gem_package` and cannot be shortened to `package` in a recipe.
+
+        Warning: The **chef_gem** and **gem_package** resources are both used to install Ruby gems. For any machine on which #{Chef::Dist::PRODUCT} is
+        installed, there are two instances of Ruby. One is the standard, system-wide instance of Ruby and the other is a dedicated instance that is
+        available only to #{Chef::Dist::PRODUCT}.
+        Use the **chef_gem** resource to install gems into the instance of Ruby that is dedicated to #{Chef::Dist::PRODUCT}.
+        Use the **gem_package** resource to install all other gems (i.e. install gems system-wide).
+      DESC
+
+      examples <<~EXAMPLES
+        The following examples demonstrate various approaches for using the **gem_package** resource in recipes:
+
+        **Install a gem file from the local file system**
+
+        ```ruby
+        gem_package 'right_aws' do
+          source '/tmp/right_aws-1.11.0.gem'
+          action :install
+        end
+        ```
+
+        **Use the `ignore_failure` common attribute**
+
+        ```ruby
+        gem_package 'syntax' do
+          action :install
+          ignore_failure true
+        end
+        ```
+      EXAMPLES
 
       property :package_name, String,
         description: "An optional property to set the package name if it differs from the resource block's name.",
@@ -53,7 +86,7 @@ class Chef
         default: lazy { Chef::Config[:clear_gem_sources] }, desired_state: false
 
       property :gem_binary, String, desired_state: false,
-        description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be installed."
+        description: "The path of a gem binary to use for the installation. By default, the same version of Ruby that is used by #{Chef::Dist::PRODUCT} will be used."
 
       property :include_default_source, [ TrueClass, FalseClass, nil ],
         description: "Set to `false` to not include `Chef::Config[:rubygems_url]` in the sources.",

data/lib/chef/resource/homebrew_update.rb

@@ -86,7 +86,7 @@ class Chef
       end
 
       action :periodic do
-        return unless mac_os_x?
+        return unless macos?
 
         unless brew_up_to_date?
           converge_by "update new lists of packages" do
@@ -96,7 +96,7 @@ class Chef
       end
 
       action :update do
-        return unless mac_os_x?
+        return unless macos?
 
         converge_by "force update new lists of packages" do
           do_update

data/lib/chef/resource/hostname.rb

@@ -87,8 +87,7 @@ class Chef
         def updated_ec2_config_xml
           begin
             require "rexml/document" unless defined?(REXML::Document)
-            config_file = 'C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml'
-            config = REXML::Document.new(::File.read(config_file))
+            config = REXML::Document.new(::File.read(WINDOWS_EC2_CONFIG))
             # find an element named State with a sibling element whose value is Ec2SetComputerName
             REXML::XPath.each(config, "//Plugin/State[../Name/text() = 'Ec2SetComputerName']") do |element|
               element.text = "Disabled"
@@ -223,35 +222,36 @@ class Chef
           end
 
         else # windows
+          WINDOWS_EC2_CONFIG = 'C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml'.freeze
+
           raise "Windows hostnames cannot contain a period." if new_resource.hostname.match?(/\./)
 
           # suppress EC2 config service from setting our hostname
-          if ::File.exist?('C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml')
+          if ::File.exist?(WINDOWS_EC2_CONFIG)
             xml_contents = updated_ec2_config_xml
             if xml_contents.empty?
               Chef::Log.warn('Unable to properly parse and update C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml contents. Skipping file update.')
             else
-              declare_resource(:file, 'C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml') do
+              file WINDOWS_EC2_CONFIG do
                 content xml_contents
               end
             end
           end
 
-          # update via netdom
-          declare_resource(:powershell_script, "set hostname") do
-            code <<-EOH
-              $sysInfo = Get-WmiObject -Class Win32_ComputerSystem
-              $sysInfo.Rename("#{new_resource.hostname}")
-            EOH
-            notifies :request_reboot, "reboot[setting hostname]"
-            not_if { Socket.gethostbyname(Socket.gethostname).first == new_resource.hostname }
-          end
+          unless Socket.gethostbyname(Socket.gethostname).first == new_resource.hostname
+            converge_by "set hostname to #{new_resource.hostname}" do
+              powershell_out! <<~EOH
+                $sysInfo = Get-WmiObject -Class Win32_ComputerSystem
+                $sysInfo.Rename("#{new_resource.hostname}")
+              EOH
+            end
 
-          # reboot because $windows
-          declare_resource(:reboot, "setting hostname") do
-            reason "#{Chef::Dist::PRODUCT} updated system hostname"
-            action :nothing
-            only_if { new_resource.windows_reboot }
+            # reboot because $windows
+            reboot "setting hostname" do
+              reason "#{Chef::Dist::PRODUCT} updated system hostname"
+              only_if { new_resource.windows_reboot }
+              action :request_reboot
+            end
           end
         end
       end

data/lib/chef/resource/launchd.rb

@@ -68,7 +68,7 @@ class Chef
       # check.  According to `man 5 launchd.plist`:
       #   StartCalendarInterval <dictionary of integers or array of dictionaries of integers>
       #     ... Missing arguments are considered to be wildcard.
-      # What the man page doesn't state, but what was observed (OSX 10.11.5, launchctrl v3.4.0)
+      # What the man page doesn't state, but what was observed (OSX 10.11.5, launchctl v3.4.0)
       # Is that keys that are specified, but invalid, will also be treated as a wildcard
       # this means that an entry like:
       #   { "Hour"=>0, "Weekday"=>"6-7"}

data/lib/chef/resource/lwrp_base.rb

@@ -103,6 +103,7 @@ class Chef
         protected
 
         attr_writer :loaded_lwrps
+
         def loaded_lwrps
           @loaded_lwrps ||= {}
         end

data/lib/chef/resource/macos_userdefaults.rb

@@ -16,6 +16,8 @@
 #
 
 require_relative "../resource"
+require_relative "../dist"
+require "plist"
 
 class Chef
   class Resource
@@ -28,99 +30,210 @@ class Chef
 
       description "Use the **macos_userdefaults** resource to manage the macOS user defaults system. The properties of this resource are passed to the defaults command, and the parameters follow the convention of that command. See the defaults(1) man page for details on how the tool works."
       introduced "14.0"
+      examples <<~DOC
+        **Specify a global domain value**
+
+        ```ruby
+        macos_userdefaults 'Full keyboard access to all controls' do
+          key 'AppleKeyboardUIMode'
+          value 2
+        end
+        ```
+
+        **Setting a value on a specific domain**
+
+        ```ruby
+        macos_userdefaults 'Enable macOS firewall' do
+          domain '/Library/Preferences/com.apple.alf'
+          key 'globalstate'
+          value 1
+        end
+        ```
+
+        **Specifying the type of a key to skip automatic type detection**
+
+        ```ruby
+        macos_userdefaults 'Finder expanded save dialogs' do
+          key 'NSNavPanelExpandedStateForSaveMode'
+          value 'TRUE'
+          type 'bool'
+        end
+        ```
+      DOC
 
       property :domain, String,
         description: "The domain that the user defaults belong to.",
-        required: true
+        default: "NSGlobalDomain",
+        default_description: "NSGlobalDomain: the global domain.",
+        desired_state: false
 
       property :global, [TrueClass, FalseClass],
         description: "Determines whether or not the domain is global.",
-        default: false
+        deprecated: true,
+        default: false,
+        desired_state: false
 
       property :key, String,
-        description: "The preference key."
+        description: "The preference key.",
+        required: true
+
+      property :host, [String, Symbol],
+        description: "Set either :current or a hostname to set the user default at the host level.",
+        desired_state: false,
+        introduced: "16.3"
 
       property :value, [Integer, Float, String, TrueClass, FalseClass, Hash, Array],
-        description: "The value of the key.",
-        required: true
+        description: "The value of the key. Note: With the `type` property set to `bool`, `String` forms of Boolean true/false values that Apple accepts in the defaults command will be coerced: 0/1, 'TRUE'/'FALSE,' 'true'/false', 'YES'/'NO', or 'yes'/'no'.",
+        required: [:write],
+        coerce: proc { |v| v.is_a?(Hash) ? v.transform_keys(&:to_s) : v } # make sure keys are all strings for comparison
 
       property :type, String,
         description: "The value type of the preference key.",
-        default: ""
+        equal_to: %w{bool string int float array dict},
+        desired_state: false
 
       property :user, String,
-        description: "The system user that the default will be applied to."
+        description: "The system user that the default will be applied to.",
+        desired_state: false
 
       property :sudo, [TrueClass, FalseClass],
-        description: "Set to true if the setting you wish to modify requires privileged access.",
+        description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the '/usr/bin/defaults' command to be setup for the user running #{Chef::Dist::PRODUCT}.",
         default: false,
         desired_state: false
 
-      # @todo this should get refactored away: https://github.com/chef/chef/issues/7622
-      property :is_set, [TrueClass, FalseClass],
-        default: false,
-        desired_state: false,
-        skip_docs: true
+      load_current_value do |desired|
+        Chef::Log.debug "#load_current_value: shelling out \"#{defaults_export_cmd(desired).join(" ")}\" to determine state"
+        state = shell_out(defaults_export_cmd(desired), user: desired.user)
 
-      # coerce various ways of representing a boolean into either 0 (false) or 1 (true)
-      # which is what the defaults CLI expects. Why? Well defaults itself accepts a few
-      # different formats, but when you do a read command it all comes back as 1 or 0.
-      def coerce_booleans(val)
-        return 1 if [true, "TRUE", "1", "true", "YES", "yes"].include?(val)
-        return 0 if [false, "FALSE", "0", "false", "NO", "no"].include?(val)
+        if state.error? || state.stdout.empty?
+          Chef::Log.debug "#load_current_value: #{defaults_export_cmd(desired).join(" ")} returned stdout: #{state.stdout} and stderr: #{state.stderr}"
+          current_value_does_not_exist!
+        end
+
+        plist_data = ::Plist.parse_xml(state.stdout)
+
+        # handle the situation where the key doesn't exist in the domain
+        if plist_data.key?(desired.key)
+          key desired.key
+        else
+          current_value_does_not_exist!
+        end
 
-        val
+        value plist_data[desired.key]
       end
 
-      load_current_value do |desired|
-        value = coerce_booleans(desired.value)
-        cmd = "defaults read '#{desired.domain}' "
-        cmd << "'#{desired.key}' " if desired.key
-        cmd << " | grep -qx '#{value}'"
-
-        vc = if desired.user.nil?
-               shell_out(cmd)
-             else
-               shell_out(cmd, user: desired.user)
-             end
-
-        is_set !vc.error?
+      #
+      # The defaults command to export a domain
+      #
+      # @return [Array] defaults command
+      #
+      def defaults_export_cmd(resource)
+        state_cmd = ["/usr/bin/defaults"]
+
+        if resource.host == "current"
+          state_cmd.concat(["-currentHost"])
+        elsif resource.host # they specified a non-nil value, which is a hostname
+          state_cmd.concat(["-host", resource.host])
+        end
+
+        state_cmd.concat(["export", resource.domain, "-"])
+        state_cmd
       end
 
       action :write do
-        description "Write the setting to the specified domain"
-
-        unless current_resource.is_set
-          cmd = ["defaults write"]
-          cmd.unshift("sudo") if new_resource.sudo
-
-          cmd << if new_resource.global
-                   "NSGlobalDomain"
-                 else
-                   "'#{new_resource.domain}'"
-                 end
-
-          cmd << "'#{new_resource.key}'" if new_resource.key
-          value = new_resource.value
-          type = new_resource.type.empty? ? value_type(value) : new_resource.type
-          # creates a string of Key1 Value1 Key2 Value2...
-          value = value.map { |k, v| "\"#{k}\" \"#{v}\"" }.join(" ") if type == "dict"
-          if type == "array"
-            value = value.join("' '")
-            value = "'#{value}'"
-          end
-          cmd << "-#{type}" if type
-          cmd << value
+        description "Write the value to the specified domain/key."
 
-          # FIXME: this should use cmd directly as an array argument, but then the quoting
-          # of individual args above needs to be removed as well.
-          execute cmd.join(" ") do
-            user new_resource.user unless new_resource.user.nil?
-          end
+        converge_if_changed do
+          cmd = defaults_modify_cmd
+          Chef::Log.debug("Updating defaults value by shelling out: #{cmd.join(" ")}")
+
+          shell_out!(cmd, user: new_resource.user)
+        end
+      end
+
+      action :delete do
+        description "Delete a key from a domain."
+
+        # if it's not there there's nothing to remove
+        return unless current_resource
+
+        converge_by("delete domain:#{new_resource.domain} key:#{new_resource.key}") do
+
+          cmd = defaults_modify_cmd
+          Chef::Log.debug("Removing defaults key by shelling out: #{cmd.join(" ")}")
+
+          shell_out!(cmd, user: new_resource.user)
         end
       end
 
       action_class do
+        #
+        # The command used to write or delete delete values from domains
+        #
+        # @return [Array] Array representation of defaults command to run
+        #
+        def defaults_modify_cmd
+          cmd = ["/usr/bin/defaults"]
+
+          if new_resource.host == :current
+            cmd.concat(["-currentHost"])
+          elsif new_resource.host # they specified a non-nil value, which is a hostname
+            cmd.concat(["-host", new_resource.host])
+          end
+
+          cmd.concat([action.to_s, new_resource.domain, new_resource.key])
+          cmd.concat(processed_value) if action == :write
+          cmd.prepend("sudo") if new_resource.sudo
+          cmd
+        end
+
+        #
+        # convert the provided value into the format defaults expects
+        #
+        # @return [array] array of values starting with the type if applicable
+        #
+        def processed_value
+          type = new_resource.type || value_type(new_resource.value)
+
+          # when dict this creates an array of values ["Key1", "Value1", "Key2", "Value2" ...]
+          cmd_values = ["-#{type}"]
+
+          case type
+          when "dict"
+            cmd_values.concat(new_resource.value.flatten)
+          when "array"
+            cmd_values.concat(new_resource.value)
+          when "bool"
+            cmd_values.concat(bool_to_defaults_bool(new_resource.value))
+          else
+            cmd_values.concat([new_resource.value])
+          end
+
+          cmd_values
+        end
+
+        #
+        # defaults booleans on the CLI must be 'TRUE' or 'FALSE' so convert various inputs to that
+        #
+        # @param [String, Integer, Boolean] input <description>
+        #
+        # @return [String] TRUE or FALSE
+        #
+        def bool_to_defaults_bool(input)
+          return ["TRUE"] if [true, "TRUE", "1", "true", "YES", "yes"].include?(input)
+          return ["FALSE"] if [false, "FALSE", "0", "false", "NO", "no"].include?(input)
+
+          # make sure it's very clear bad input was given
+          raise ArgumentError, "#{input} cannot be converted to a boolean value for use with Apple's defaults command. Acceptable values are: 'TRUE', 'YES', 'true, 'yes', '0', true, 'FALSE', 'false', 'NO', 'no', '1', or false."
+        end
+
+        #
+        # convert ruby type to defaults type
+        #
+        # @param [Integer, Float, String, TrueClass, FalseClass, Hash, Array] value The value being set
+        #
+        # @return [string, nil] the type value used by defaults or nil if not applicable
+        #
         def value_type(value)
           case value
           when true, false
@@ -133,6 +246,8 @@ class Chef
             "dict"
           when Array
             "array"
+          when String
+            "string"
           end
         end
       end