chef 16.2.50-universal-mingw32 → 16.4.38-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (377) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +4 -4
  3. data/Rakefile +3 -16
  4. data/chef-universal-mingw32.gemspec +2 -3
  5. data/chef.gemspec +4 -3
  6. data/lib/chef/action_collection.rb +4 -0
  7. data/lib/chef/api_client/registration.rb +2 -2
  8. data/lib/chef/application.rb +13 -1
  9. data/lib/chef/application/apply.rb +6 -5
  10. data/lib/chef/application/windows_service.rb +27 -27
  11. data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
  12. data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
  13. data/lib/chef/chef_class.rb +0 -1
  14. data/lib/chef/chef_fs/chef_fs_data_store.rb +54 -54
  15. data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
  16. data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
  17. data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
  18. data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
  19. data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
  20. data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
  21. data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
  22. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
  23. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
  24. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
  25. data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
  26. data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
  27. data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
  28. data/lib/chef/client.rb +14 -14
  29. data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
  30. data/lib/chef/cookbook/syntax_check.rb +1 -2
  31. data/lib/chef/cookbook_loader.rb +15 -29
  32. data/lib/chef/data_bag.rb +1 -2
  33. data/lib/chef/data_collector/run_end_message.rb +11 -1
  34. data/lib/chef/deprecated.rb +8 -0
  35. data/lib/chef/digester.rb +3 -2
  36. data/lib/chef/dsl/platform_introspection.rb +9 -7
  37. data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
  38. data/lib/chef/environment.rb +3 -4
  39. data/lib/chef/exceptions.rb +4 -1
  40. data/lib/chef/file_access_control/windows.rb +2 -2
  41. data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
  42. data/lib/chef/file_content_management/tempfile.rb +9 -9
  43. data/lib/chef/handler.rb +2 -0
  44. data/lib/chef/http.rb +12 -12
  45. data/lib/chef/http/authenticator.rb +3 -1
  46. data/lib/chef/json_compat.rb +1 -1
  47. data/lib/chef/knife.rb +4 -4
  48. data/lib/chef/knife/bootstrap.rb +18 -15
  49. data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
  50. data/lib/chef/knife/config_get.rb +1 -0
  51. data/lib/chef/knife/config_list_profiles.rb +4 -1
  52. data/lib/chef/knife/configure.rb +1 -1
  53. data/lib/chef/knife/cookbook_download.rb +1 -1
  54. data/lib/chef/knife/cookbook_metadata.rb +1 -1
  55. data/lib/chef/knife/cookbook_upload.rb +29 -37
  56. data/lib/chef/knife/core/bootstrap_context.rb +1 -1
  57. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  58. data/lib/chef/knife/core/generic_presenter.rb +1 -1
  59. data/lib/chef/knife/core/hashed_command_loader.rb +3 -2
  60. data/lib/chef/knife/core/subcommand_loader.rb +20 -1
  61. data/lib/chef/knife/core/ui.rb +8 -2
  62. data/lib/chef/knife/core/windows_bootstrap_context.rb +33 -26
  63. data/lib/chef/knife/delete.rb +15 -15
  64. data/lib/chef/knife/exec.rb +2 -2
  65. data/lib/chef/knife/rehash.rb +3 -21
  66. data/lib/chef/knife/ssh.rb +11 -7
  67. data/lib/chef/knife/xargs.rb +19 -19
  68. data/lib/chef/knife/yaml_convert.rb +1 -1
  69. data/lib/chef/log.rb +7 -2
  70. data/lib/chef/mixin/checksum.rb +0 -1
  71. data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
  72. data/lib/chef/mixin/deep_merge.rb +35 -6
  73. data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
  74. data/lib/chef/mixin/openssl_helper.rb +30 -6
  75. data/lib/chef/mixin/path_sanity.rb +5 -4
  76. data/lib/chef/mixin/shell_out.rb +4 -188
  77. data/lib/chef/mixin/template.rb +1 -0
  78. data/lib/chef/mixin/which.rb +6 -3
  79. data/lib/chef/mixins.rb +1 -0
  80. data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
  81. data/lib/chef/node.rb +36 -12
  82. data/lib/chef/node/attribute.rb +2 -4
  83. data/lib/chef/node_map.rb +21 -18
  84. data/lib/chef/platform/service_helpers.rb +31 -28
  85. data/lib/chef/property.rb +1 -1
  86. data/lib/chef/provider/cron/unix.rb +0 -2
  87. data/lib/chef/provider/git.rb +17 -9
  88. data/lib/chef/provider/group.rb +0 -2
  89. data/lib/chef/provider/group/suse.rb +5 -5
  90. data/lib/chef/provider/ifconfig.rb +1 -4
  91. data/lib/chef/provider/mount.rb +0 -2
  92. data/lib/chef/provider/mount/solaris.rb +0 -1
  93. data/lib/chef/provider/package.rb +0 -2
  94. data/lib/chef/provider/package/rubygems.rb +1 -1
  95. data/lib/chef/provider/package/snap.rb +3 -4
  96. data/lib/chef/provider/package/windows.rb +9 -4
  97. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +9 -9
  98. data/lib/chef/provider/package/zypper.rb +0 -1
  99. data/lib/chef/provider/powershell_script.rb +21 -5
  100. data/lib/chef/provider/route.rb +1 -1
  101. data/lib/chef/provider/service.rb +2 -2
  102. data/lib/chef/provider/service/arch.rb +1 -1
  103. data/lib/chef/provider/service/debian.rb +1 -1
  104. data/lib/chef/provider/service/gentoo.rb +2 -2
  105. data/lib/chef/provider/service/macosx.rb +2 -2
  106. data/lib/chef/provider/service/openbsd.rb +1 -4
  107. data/lib/chef/provider/service/redhat.rb +2 -2
  108. data/lib/chef/provider/service/upstart.rb +1 -1
  109. data/lib/chef/provider/service/windows.rb +10 -10
  110. data/lib/chef/provider/systemd_unit.rb +0 -2
  111. data/lib/chef/provider/template/content.rb +1 -0
  112. data/lib/chef/provider/user/dscl.rb +2 -2
  113. data/lib/chef/provider/user/mac.rb +9 -9
  114. data/lib/chef/provider/windows_task.rb +0 -3
  115. data/lib/chef/provider/yum_repository.rb +1 -1
  116. data/lib/chef/provider/zypper_repository.rb +1 -2
  117. data/lib/chef/providers.rb +0 -1
  118. data/lib/chef/recipe.rb +1 -1
  119. data/lib/chef/resource.rb +9 -11
  120. data/lib/chef/resource/apt_repository.rb +1 -10
  121. data/lib/chef/resource/build_essential.rb +2 -2
  122. data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
  123. data/lib/chef/resource/chef_client_systemd_timer.rb +2 -2
  124. data/lib/chef/resource/chef_vault_secret.rb +13 -13
  125. data/lib/chef/resource/chocolatey_feature.rb +1 -2
  126. data/lib/chef/resource/cron/cron_d.rb +1 -1
  127. data/lib/chef/resource/cron_access.rb +2 -2
  128. data/lib/chef/resource/dmg_package.rb +1 -1
  129. data/lib/chef/resource/execute.rb +4 -5
  130. data/lib/chef/resource/homebrew_update.rb +2 -2
  131. data/lib/chef/resource/hostname.rb +18 -18
  132. data/lib/chef/resource/launchd.rb +1 -1
  133. data/lib/chef/resource/lwrp_base.rb +1 -0
  134. data/lib/chef/resource/macos_userdefaults.rb +176 -61
  135. data/lib/chef/resource/openssl_dhparam.rb +2 -0
  136. data/lib/chef/resource/openssl_ec_private_key.rb +2 -0
  137. data/lib/chef/resource/openssl_ec_public_key.rb +2 -0
  138. data/lib/chef/resource/openssl_rsa_private_key.rb +2 -0
  139. data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
  140. data/lib/chef/resource/openssl_x509_certificate.rb +35 -35
  141. data/lib/chef/resource/openssl_x509_crl.rb +3 -2
  142. data/lib/chef/resource/openssl_x509_request.rb +23 -20
  143. data/lib/chef/resource/osx_profile.rb +227 -5
  144. data/lib/chef/resource/powershell_package_source.rb +1 -1
  145. data/lib/chef/resource/powershell_script.rb +24 -30
  146. data/lib/chef/resource/service.rb +2 -2
  147. data/lib/chef/resource/ssh_known_hosts_entry.rb +1 -1
  148. data/lib/chef/resource/sudo.rb +2 -2
  149. data/lib/chef/resource/sysctl.rb +5 -5
  150. data/lib/chef/resource/user_ulimit.rb +1 -1
  151. data/lib/chef/resource/windows_ad_join.rb +2 -0
  152. data/lib/chef/resource/windows_audit_policy.rb +3 -0
  153. data/lib/chef/resource/windows_auto_run.rb +2 -0
  154. data/lib/chef/resource/windows_certificate.rb +2 -0
  155. data/lib/chef/resource/windows_dfs_folder.rb +2 -0
  156. data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
  157. data/lib/chef/resource/windows_dfs_server.rb +2 -0
  158. data/lib/chef/resource/windows_dns_record.rb +25 -5
  159. data/lib/chef/resource/windows_dns_zone.rb +12 -7
  160. data/lib/chef/resource/windows_feature.rb +2 -0
  161. data/lib/chef/resource/windows_feature_dism.rb +10 -0
  162. data/lib/chef/resource/windows_feature_powershell.rb +14 -2
  163. data/lib/chef/resource/windows_firewall_profile.rb +199 -0
  164. data/lib/chef/resource/windows_firewall_rule.rb +5 -3
  165. data/lib/chef/resource/windows_font.rb +3 -1
  166. data/lib/chef/resource/windows_pagefile.rb +4 -0
  167. data/lib/chef/resource/windows_printer.rb +17 -18
  168. data/lib/chef/resource/windows_printer_port.rb +14 -13
  169. data/lib/chef/resource/windows_security_policy.rb +51 -20
  170. data/lib/chef/resource/windows_share.rb +5 -3
  171. data/lib/chef/resource/windows_shortcut.rb +2 -0
  172. data/lib/chef/resource/windows_uac.rb +2 -0
  173. data/lib/chef/resource/windows_user_privilege.rb +27 -2
  174. data/lib/chef/resource/windows_workgroup.rb +2 -3
  175. data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
  176. data/lib/chef/resource_inspector.rb +7 -1
  177. data/lib/chef/resources.rb +1 -0
  178. data/lib/chef/role.rb +3 -4
  179. data/lib/chef/run_context/cookbook_compiler.rb +20 -20
  180. data/lib/chef/run_status.rb +2 -6
  181. data/lib/chef/server_api_versions.rb +4 -0
  182. data/lib/chef/shell.rb +1 -1
  183. data/lib/chef/shell/shell_session.rb +2 -0
  184. data/lib/chef/util/backup.rb +1 -1
  185. data/lib/chef/util/diff.rb +11 -12
  186. data/lib/chef/util/powershell/cmdlet.rb +1 -1
  187. data/lib/chef/version.rb +2 -2
  188. data/lib/chef/win32/file.rb +2 -2
  189. data/lib/chef/win32/file/version_info.rb +5 -5
  190. data/lib/chef/win32/registry.rb +1 -2
  191. data/spec/data/ssl/chef-rspec.cert +15 -15
  192. data/spec/functional/knife/configure_spec.rb +1 -1
  193. data/spec/functional/knife/ssh_spec.rb +5 -16
  194. data/spec/functional/resource/aix_service_spec.rb +9 -2
  195. data/spec/functional/resource/aixinit_service_spec.rb +8 -9
  196. data/spec/functional/resource/apt_package_spec.rb +0 -1
  197. data/spec/functional/resource/bash_spec.rb +3 -2
  198. data/spec/functional/resource/bff_spec.rb +3 -3
  199. data/spec/functional/resource/chocolatey_package_spec.rb +4 -0
  200. data/spec/functional/resource/cookbook_file_spec.rb +1 -1
  201. data/spec/functional/resource/cron_spec.rb +10 -2
  202. data/spec/functional/resource/dnf_package_spec.rb +4 -1
  203. data/spec/functional/resource/dsc_resource_spec.rb +1 -1
  204. data/spec/functional/resource/dsc_script_spec.rb +0 -1
  205. data/spec/functional/resource/execute_spec.rb +1 -1
  206. data/spec/functional/resource/git_spec.rb +23 -1
  207. data/spec/functional/resource/group_spec.rb +21 -9
  208. data/spec/functional/resource/ifconfig_spec.rb +9 -1
  209. data/spec/functional/resource/insserv_spec.rb +7 -7
  210. data/spec/functional/resource/link_spec.rb +22 -25
  211. data/spec/functional/resource/mount_spec.rb +9 -1
  212. data/spec/functional/resource/msu_package_spec.rb +9 -3
  213. data/spec/functional/resource/powershell_script_spec.rb +8 -8
  214. data/spec/functional/resource/remote_file_spec.rb +7 -13
  215. data/spec/functional/resource/rpm_spec.rb +3 -3
  216. data/spec/functional/resource/timezone_spec.rb +2 -0
  217. data/spec/functional/resource/windows_certificate_spec.rb +3 -3
  218. data/spec/functional/resource/windows_font_spec.rb +49 -0
  219. data/spec/functional/resource/windows_package_spec.rb +0 -1
  220. data/spec/functional/resource/windows_path_spec.rb +4 -0
  221. data/spec/functional/resource/windows_security_policy_spec.rb +0 -4
  222. data/spec/functional/resource/windows_service_spec.rb +4 -0
  223. data/spec/functional/resource/windows_task_spec.rb +4 -3
  224. data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
  225. data/spec/functional/resource/yum_package_spec.rb +4 -1
  226. data/spec/functional/resource/zypper_package_spec.rb +4 -1
  227. data/spec/functional/run_lock_spec.rb +26 -25
  228. data/spec/functional/shell_spec.rb +5 -6
  229. data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
  230. data/spec/functional/version_spec.rb +1 -1
  231. data/spec/functional/win32/crypto_spec.rb +1 -1
  232. data/spec/functional/win32/registry_spec.rb +8 -8
  233. data/spec/functional/win32/service_manager_spec.rb +1 -1
  234. data/spec/integration/knife/common_options_spec.rb +12 -12
  235. data/spec/integration/knife/config_get_profile_spec.rb +69 -68
  236. data/spec/integration/knife/config_get_spec.rb +126 -125
  237. data/spec/integration/knife/config_list_profiles_spec.rb +181 -152
  238. data/spec/integration/knife/config_use_profile_spec.rb +110 -109
  239. data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
  240. data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
  241. data/spec/integration/knife/diff_spec.rb +3 -1
  242. data/spec/integration/knife/download_spec.rb +3 -1
  243. data/spec/integration/knife/environment_from_file_spec.rb +1 -1
  244. data/spec/integration/knife/node_from_file_spec.rb +1 -1
  245. data/spec/integration/knife/role_from_file_spec.rb +1 -1
  246. data/spec/integration/knife/serve_spec.rb +5 -5
  247. data/spec/integration/knife/upload_spec.rb +3 -1
  248. data/spec/integration/recipes/accumulator_spec.rb +1 -1
  249. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +2 -2
  250. data/spec/integration/recipes/lwrp_spec.rb +1 -1
  251. data/spec/integration/recipes/notifies_spec.rb +1 -1
  252. data/spec/integration/recipes/notifying_block_spec.rb +1 -1
  253. data/spec/integration/recipes/recipe_dsl_spec.rb +5 -1
  254. data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
  255. data/spec/integration/recipes/resource_load_spec.rb +4 -2
  256. data/spec/integration/recipes/unified_mode_spec.rb +1 -1
  257. data/spec/integration/recipes/use_partial_spec.rb +1 -1
  258. data/spec/scripts/ssl-serve.rb +1 -1
  259. data/spec/spec_helper.rb +16 -10
  260. data/spec/support/chef_helpers.rb +1 -20
  261. data/spec/support/platform_helpers.rb +9 -11
  262. data/spec/support/platforms/win32/spec_service.rb +1 -1
  263. data/spec/support/shared/functional/directory_resource.rb +1 -1
  264. data/spec/support/shared/functional/execute_resource.rb +1 -1
  265. data/spec/support/shared/functional/file_resource.rb +20 -21
  266. data/spec/support/shared/functional/securable_resource.rb +1 -2
  267. data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
  268. data/spec/support/shared/functional/win32_service.rb +1 -1
  269. data/spec/support/shared/functional/windows_script.rb +5 -5
  270. data/spec/support/shared/integration/integration_helper.rb +22 -52
  271. data/spec/support/shared/integration/knife_support.rb +2 -9
  272. data/spec/support/shared/unit/application_dot_d.rb +0 -1
  273. data/spec/support/shared/unit/provider/file.rb +12 -8
  274. data/spec/support/shared/unit/script_resource.rb +6 -20
  275. data/spec/support/shared/unit/windows_script_resource.rb +15 -28
  276. data/spec/unit/application/solo_spec.rb +4 -2
  277. data/spec/unit/application_spec.rb +4 -2
  278. data/spec/unit/chef_fs/config_spec.rb +2 -2
  279. data/spec/unit/chef_fs/diff_spec.rb +8 -8
  280. data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
  281. data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
  282. data/spec/unit/client_spec.rb +4 -1
  283. data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
  284. data/spec/unit/cookbook/synchronizer_spec.rb +26 -24
  285. data/spec/unit/data_bag_spec.rb +6 -3
  286. data/spec/unit/data_collector_spec.rb +29 -1
  287. data/spec/unit/decorator_spec.rb +23 -23
  288. data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
  289. data/spec/unit/environment_spec.rb +12 -8
  290. data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
  291. data/spec/unit/guard_interpreter_spec.rb +1 -1
  292. data/spec/unit/http/api_versions_spec.rb +20 -2
  293. data/spec/unit/json_compat_spec.rb +1 -1
  294. data/spec/unit/knife/bootstrap_spec.rb +17 -20
  295. data/spec/unit/knife/cookbook_download_spec.rb +6 -6
  296. data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
  297. data/spec/unit/knife/cookbook_show_spec.rb +6 -7
  298. data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
  299. data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
  300. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +21 -12
  301. data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
  302. data/spec/unit/knife/supermarket_share_spec.rb +1 -1
  303. data/spec/unit/log/syslog_spec.rb +6 -10
  304. data/spec/unit/log/winevt_spec.rb +21 -13
  305. data/spec/unit/lwrp_spec.rb +9 -6
  306. data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
  307. data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
  308. data/spec/unit/mixin/powershell_out_spec.rb +2 -4
  309. data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
  310. data/spec/unit/mixin/securable_spec.rb +0 -1
  311. data/spec/unit/mixin/shell_out_spec.rb +25 -26
  312. data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
  313. data/spec/unit/mixin/template_spec.rb +30 -30
  314. data/spec/unit/mixin/unformatter_spec.rb +2 -2
  315. data/spec/unit/mixin/uris_spec.rb +1 -1
  316. data/spec/unit/mixin/which.rb +8 -0
  317. data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
  318. data/spec/unit/node/immutable_collections_spec.rb +6 -2
  319. data/spec/unit/node_spec.rb +103 -16
  320. data/spec/unit/property_spec.rb +5 -5
  321. data/spec/unit/provider/batch_spec.rb +1 -1
  322. data/spec/unit/provider/cron/unix_spec.rb +1 -1
  323. data/spec/unit/provider/dsc_resource_spec.rb +22 -38
  324. data/spec/unit/provider/dsc_script_spec.rb +10 -10
  325. data/spec/unit/provider/execute_spec.rb +1 -8
  326. data/spec/unit/provider/git_spec.rb +3 -3
  327. data/spec/unit/provider/ifconfig_spec.rb +0 -1
  328. data/spec/unit/provider/mdadm_spec.rb +1 -3
  329. data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
  330. data/spec/unit/provider/package/openbsd_spec.rb +1 -1
  331. data/spec/unit/provider/package/pacman_spec.rb +17 -20
  332. data/spec/unit/provider/package/rubygems_spec.rb +5 -10
  333. data/spec/unit/provider/package/smartos_spec.rb +1 -1
  334. data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
  335. data/spec/unit/provider/package/windows_spec.rb +30 -53
  336. data/spec/unit/provider/powershell_script_spec.rb +11 -4
  337. data/spec/unit/provider/remote_directory_spec.rb +9 -9
  338. data/spec/unit/provider/service/arch_service_spec.rb +3 -2
  339. data/spec/unit/provider/service/debian_service_spec.rb +1 -1
  340. data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
  341. data/spec/unit/provider/service/macosx_spec.rb +3 -3
  342. data/spec/unit/provider/service/redhat_spec.rb +3 -3
  343. data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
  344. data/spec/unit/provider/service/windows_spec.rb +2 -6
  345. data/spec/unit/provider/systemd_unit_spec.rb +28 -24
  346. data/spec/unit/provider/user/dscl_spec.rb +2 -2
  347. data/spec/unit/provider/windows_env_spec.rb +5 -4
  348. data/spec/unit/provider_resolver_spec.rb +6 -6
  349. data/spec/unit/provider_spec.rb +1 -0
  350. data/spec/unit/resource/batch_spec.rb +6 -6
  351. data/spec/unit/resource/chef_client_cron_spec.rb +23 -7
  352. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +7 -4
  353. data/spec/unit/resource/execute_spec.rb +123 -118
  354. data/spec/unit/resource/file/verification_spec.rb +2 -1
  355. data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
  356. data/spec/unit/resource/osx_profile_spec.rb +233 -0
  357. data/spec/unit/resource/powershell_script_spec.rb +11 -29
  358. data/spec/unit/resource/script_spec.rb +6 -1
  359. data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
  360. data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
  361. data/spec/unit/resource/windows_package_spec.rb +1 -0
  362. data/spec/unit/resource_reporter_spec.rb +1 -1
  363. data/spec/unit/resource_spec.rb +25 -8
  364. data/spec/unit/role_spec.rb +30 -28
  365. data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
  366. data/spec/unit/run_lock_spec.rb +1 -1
  367. data/spec/unit/scan_access_control_spec.rb +1 -1
  368. data/spec/unit/server_api_spec.rb +43 -16
  369. data/spec/unit/util/backup_spec.rb +1 -1
  370. data/spec/unit/util/diff_spec.rb +1 -15
  371. data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
  372. data/spec/unit/util/selinux_spec.rb +2 -1
  373. data/spec/unit/win32/security_spec.rb +4 -3
  374. data/tasks/rspec.rb +1 -1
  375. metadata +53 -40
  376. data/lib/chef/provider/osx_profile.rb +0 -255
  377. data/spec/unit/provider/osx_profile_spec.rb +0 -255
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_crl
28
30
 
29
31
  description "Use the **openssl_x509_crl** resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
@@ -113,8 +115,7 @@ class Chef
113
115
  end
114
116
 
115
117
  def ca_private_key
116
- ca_private_key = ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
117
- ca_private_key
118
+ ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
118
119
  end
119
120
 
120
121
  def crl
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_request
28
30
 
29
31
  description "Use the **openssl_x509_request** resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate."
@@ -132,7 +134,7 @@ class Chef
132
134
  action :create
133
135
  end
134
136
 
135
- file new_resource.key_file do
137
+ file key_file do
136
138
  owner new_resource.owner unless new_resource.owner.nil?
137
139
  group new_resource.group unless new_resource.group.nil?
138
140
  mode new_resource.mode unless new_resource.mode.nil?
@@ -145,36 +147,37 @@ class Chef
145
147
  end
146
148
 
147
149
  action_class do
148
- def generate_key_file
149
- unless new_resource.key_file
150
- path, file = ::File.split(new_resource.path)
151
- filename = ::File.basename(file, ::File.extname(file))
152
- new_resource.key_file path + "/" + filename + ".key"
153
- end
154
- new_resource.key_file
150
+ def key_file
151
+ @key_file ||=
152
+ if new_resource.key_file
153
+ new_resource.key_file
154
+ else
155
+ path, file = ::File.split(new_resource.path)
156
+ filename = ::File.basename(file, ::File.extname(file))
157
+ path + "/" + filename + ".key"
158
+ end
155
159
  end
156
160
 
157
161
  def key
158
- @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
159
- OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
162
+ @key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
163
+ OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
160
164
  elsif new_resource.key_type == "rsa"
161
165
  gen_rsa_priv_key(new_resource.key_length)
162
166
  else
163
167
  gen_ec_priv_key(new_resource.key_curve)
164
168
  end
165
- @key
166
169
  end
167
170
 
168
171
  def subject
169
- csr_subject = OpenSSL::X509::Name.new
170
- csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
171
- csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
172
- csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
173
- csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
174
- csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
175
- csr_subject.add_entry("CN", new_resource.common_name)
176
- csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
177
- csr_subject
172
+ OpenSSL::X509::Name.new.tap do |csr_subject|
173
+ csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
174
+ csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
175
+ csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
176
+ csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
177
+ csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
178
+ csr_subject.add_entry("CN", new_resource.common_name)
179
+ csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
180
+ end
178
181
  end
179
182
 
180
183
  def csr
@@ -17,6 +17,10 @@
17
17
  #
18
18
 
19
19
  require_relative "../resource"
20
+ require_relative "../log"
21
+ require_relative "../resource/file"
22
+ require "uuidtools"
23
+ require "plist"
20
24
 
21
25
  class Chef
22
26
  class Resource
@@ -29,9 +33,6 @@ class Chef
29
33
  description "Use the **osx_profile** resource to manage configuration profiles (.mobileconfig files) on the macOS platform. The osx_profile resource installs profiles by using the uuidgen library to generate a unique ProfileUUID, and then using the profiles command to install the profile on the system."
30
34
  introduced "12.7"
31
35
 
32
- default_action :install
33
- allowed_actions :install, :remove
34
-
35
36
  property :profile_name, String,
36
37
  description: "Use to specify the name of the profile, if different from the name of the resource block.",
37
38
  name_property: true
@@ -42,8 +43,229 @@ class Chef
42
43
  property :identifier, String,
43
44
  description: "Use to specify the identifier for the profile, such as com.company.screensaver."
44
45
 
45
- property :path, String,
46
- description: "The path to write the profile to disk before loading it."
46
+ # this is not a property it is necessary for the tempfile this resource uses to work (FIXME: this is terrible)
47
+ #
48
+ # @api private
49
+ #
50
+ def path(path = nil)
51
+ @path ||= path
52
+ @path
53
+ end
54
+
55
+ action_class do
56
+ def load_current_resource
57
+ @current_resource = Chef::Resource::OsxProfile.new(new_resource.name)
58
+ current_resource.profile_name(new_resource.profile_name)
59
+
60
+ if new_profile_hash
61
+ new_profile_hash["PayloadUUID"] = config_uuid(new_profile_hash)
62
+ end
63
+
64
+ current_resource.profile(current_profile)
65
+ end
66
+
67
+ def current_profile
68
+ all_profiles = get_installed_profiles
69
+
70
+ if all_profiles && all_profiles.key?("_computerlevel")
71
+ return all_profiles["_computerlevel"].find do |item|
72
+ item["ProfileIdentifier"] == new_profile_identifier
73
+ end
74
+ end
75
+ nil
76
+ end
77
+
78
+ def invalid_profile_name?(name_or_identifier)
79
+ name_or_identifier.end_with?(".mobileconfig") || !/^\w+(?:(\.| )\w+)+$/.match(name_or_identifier)
80
+ end
81
+
82
+ def check_resource_semantics!
83
+ if mac? && node["platform_version"] =~ ">= 11.0"
84
+ raise "The osx_profile resource is not available on macOS Big Sur or above due to Apple's removal of support for CLI profile installation"
85
+ end
86
+
87
+ if action == :remove
88
+ if new_profile_identifier
89
+ if invalid_profile_name?(new_profile_identifier)
90
+ raise "when removing using the identifier property, it must match the profile identifier"
91
+ end
92
+ else
93
+ if invalid_profile_name?(new_resource.profile_name)
94
+ raise "When removing by resource name, it must match the profile identifier"
95
+ end
96
+ end
97
+ end
98
+
99
+ if action == :install
100
+ if new_profile_hash.is_a?(Hash) && !new_profile_hash.include?("PayloadIdentifier")
101
+ raise "The specified profile does not seem to be valid"
102
+ end
103
+ if new_profile_hash.is_a?(String) && !new_profile_hash.end_with?(".mobileconfig")
104
+ raise "#{new_profile_hash}' is not a valid profile"
105
+ end
106
+ end
107
+ end
108
+ end
109
+
110
+ action :install do
111
+ unless profile_installed?
112
+ converge_by("install profile #{new_profile_identifier}") do
113
+ profile_path = write_profile_to_disk
114
+ install_profile(profile_path)
115
+ get_installed_profiles(true)
116
+ end
117
+ end
118
+ end
119
+
120
+ action :remove do
121
+ # Clean up profile after removing it
122
+ if profile_installed?
123
+ converge_by("remove profile #{new_profile_identifier}") do
124
+ remove_profile
125
+ get_installed_profiles(true)
126
+ end
127
+ end
128
+ end
129
+
130
+ action_class do
131
+ private
132
+
133
+ def profile
134
+ @profile ||= new_resource.profile || new_resource.profile_name
135
+ end
136
+
137
+ def new_profile_hash
138
+ @new_profile_hash ||= get_profile_hash(profile)
139
+ end
140
+
141
+ def new_profile_identifier
142
+ @new_profile_identifier ||= if new_profile_hash
143
+ new_profile_hash["PayloadIdentifier"]
144
+ else
145
+ new_resource.identifier || new_resource.profile_name
146
+ end
147
+ end
148
+
149
+ def load_profile_hash(new_profile)
150
+ # file must exist in cookbook
151
+ return nil unless new_profile.end_with?(".mobileconfig")
152
+
153
+ unless cookbook_file_available?(new_profile)
154
+ raise Chef::Exceptions::FileNotFound, "#{self}: '#{new_profile}' not found in cookbook"
155
+ end
156
+
157
+ cookbook_profile = cache_cookbook_profile(new_profile)
158
+ ::Plist.parse_xml(cookbook_profile)
159
+ end
160
+
161
+ def cookbook_file_available?(cookbook_file)
162
+ run_context.has_cookbook_file_in_cookbook?(
163
+ new_resource.cookbook_name, cookbook_file
164
+ )
165
+ end
166
+
167
+ def get_cache_dir
168
+ Chef::FileCache.create_cache_path(
169
+ "profiles/#{new_resource.cookbook_name}"
170
+ )
171
+ end
172
+
173
+ def cache_cookbook_profile(cookbook_file)
174
+ Chef::FileCache.create_cache_path(
175
+ ::File.join(
176
+ "profiles",
177
+ new_resource.cookbook_name,
178
+ ::File.dirname(cookbook_file)
179
+ )
180
+ )
181
+
182
+ path = ::File.join( get_cache_dir, "#{cookbook_file}.remote")
183
+
184
+ cookbook_file path do
185
+ cookbook_name = new_resource.cookbook_name
186
+ source(cookbook_file)
187
+ backup(false)
188
+ run_action(:create)
189
+ end
190
+
191
+ path
192
+ end
193
+
194
+ def get_profile_hash(new_profile)
195
+ if new_profile.is_a?(Hash)
196
+ new_profile
197
+ elsif new_profile.is_a?(String)
198
+ load_profile_hash(new_profile)
199
+ end
200
+ end
201
+
202
+ def config_uuid(profile)
203
+ # Make a UUID of the profile contents and return as string
204
+ UUIDTools::UUID.sha1_create(
205
+ UUIDTools::UUID_DNS_NAMESPACE,
206
+ profile.to_s
207
+ ).to_s
208
+ end
209
+
210
+ def write_profile_to_disk
211
+ # FIXME: this is kind of terrible, the resource needs a tempfile to use and
212
+ # wants it created similarly to the file providers (with all the magic necessary
213
+ # for determining if it should go in the cwd or into a tmpdir), but it abuses
214
+ # the Chef::FileContentManagement::Tempfile API to do that, which requires setting
215
+ # a `path` method on the resource because of tight-coupling to the file provider
216
+ # pattern. We don't just want to use a file here because the point is to get
217
+ # at the tempfile pattern from the file provider, but to feed that into a shell
218
+ # command rather than deploying the file to somewhere on disk. There's some
219
+ # better API that needs extracting here.
220
+ new_resource.path(Chef::FileCache.create_cache_path("profiles"))
221
+ tempfile = Chef::FileContentManagement::Tempfile.new(new_resource).tempfile
222
+ tempfile.write(new_profile_hash.to_plist)
223
+ tempfile.close
224
+ tempfile.path
225
+ end
226
+
227
+ def install_profile(profile_path)
228
+ cmd = [ "/usr/bin/profiles", "-I", "-F", profile_path ]
229
+ logger.trace("cmd: #{cmd.join(" ")}")
230
+ shell_out!(*cmd)
231
+ end
232
+
233
+ def remove_profile
234
+ cmd = [ "/usr/bin/profiles", "-R", "-p", new_profile_identifier ]
235
+ logger.trace("cmd: #{cmd.join(" ")}")
236
+ shell_out!(*cmd)
237
+ end
238
+
239
+ #
240
+ # FIXME FIXME FIXME
241
+ # The node object should not be used for caching state like this and this is not a public API and may break.
242
+ # FIXME FIXME FIXME
243
+ #
244
+
245
+ def get_installed_profiles(update = nil)
246
+ if update
247
+ node.run_state[:config_profiles] = query_installed_profiles
248
+ else
249
+ node.run_state[:config_profiles] ||= query_installed_profiles
250
+ end
251
+ logger.trace("Saved profiles to run_state")
252
+ end
253
+
254
+ def query_installed_profiles
255
+ Tempfile.open("allprofiles.plist") do |tempfile|
256
+ shell_out( "/usr/bin/profiles", "-P", "-o", tempfile.path )
257
+ ::Plist.parse_xml(tempfile)
258
+ end
259
+ end
260
+
261
+ def profile_installed?
262
+ # Profile Identifier and UUID must match a currently installed profile
263
+ return false if current_resource.profile.nil? || current_resource.profile.empty?
264
+ return true if action == :remove
265
+
266
+ current_resource.profile["ProfileUUID"] == new_profile_hash["PayloadUUID"]
267
+ end
268
+ end
47
269
  end
48
270
  end
49
271
  end
@@ -34,7 +34,7 @@ class Chef
34
34
 
35
35
  property :url, String,
36
36
  description: "The url to the package source.",
37
- required: true
37
+ required: [:register]
38
38
 
39
39
  property :trusted, [TrueClass, FalseClass],
40
40
  description: "Whether or not to trust packages from this source.",
@@ -25,19 +25,31 @@ class Chef
25
25
  provides :powershell_script, os: "windows"
26
26
 
27
27
  property :flags, String,
28
- description: "A string that is passed to the Windows PowerShell command",
29
- default: lazy { default_flags },
30
- coerce: proc { |input|
31
- if input == default_flags
32
- # Means there was no input provided,
33
- # and should use defaults in this case
34
- input
35
- else
36
- # The last occurrence of a flag would override its
37
- # previous one at the time of command execution.
38
- [default_flags, input].join(" ")
28
+ description: "A string that is passed to the Windows PowerShell command"
29
+
30
+ property :convert_boolean_return, [true, false],
31
+ default: false,
32
+ description: <<~DESC
33
+ Return `0` if the last line of a command is evaluated to be true or to return `1` if the last line is evaluated to be false.
34
+
35
+ When the `guard_interpreter` common attribute is set to `:powershell_script`, a string command will be evaluated as if this value were set to `true`. This is because the behavior of this attribute is similar to the value of the `"$?"` expression common in UNIX interpreters. For example, this:
36
+
37
+ ```ruby
38
+ powershell_script 'make_safe_backup' do
39
+ guard_interpreter :powershell_script
40
+ code 'cp ~/data/nodes.json ~/data/nodes.bak'
41
+ not_if 'test-path ~/data/nodes.bak'
42
+ end
43
+ ```
44
+
45
+ is similar to:
46
+ ```ruby
47
+ bash 'make_safe_backup' do
48
+ code 'cp ~/data/nodes.json ~/data/nodes.bak'
49
+ not_if 'test -e ~/data/nodes.bak'
39
50
  end
40
- }
51
+ ```
52
+ DESC
41
53
 
42
54
  description "Use the **powershell_script** resource to execute a script using the Windows PowerShell"\
43
55
  " interpreter, much like how the script and script-based resources—bash, csh, perl, python,"\
@@ -52,15 +64,6 @@ class Chef
52
64
  super
53
65
  @interpreter = "powershell.exe"
54
66
  @default_guard_interpreter = resource_name
55
- @convert_boolean_return = false
56
- end
57
-
58
- def convert_boolean_return(arg = nil)
59
- set_or_return(
60
- :convert_boolean_return,
61
- arg,
62
- kind_of: [ FalseClass, TrueClass ]
63
- )
64
67
  end
65
68
 
66
69
  # Allow callers evaluating guards to request default
@@ -73,15 +76,6 @@ class Chef
73
76
  def self.get_default_attributes(opts)
74
77
  { convert_boolean_return: true }
75
78
  end
76
-
77
- # Options that will be passed to Windows PowerShell command
78
- #
79
- # @returns [String]
80
- def default_flags
81
- # Set InputFormat to None as PowerShell will hang if STDIN is redirected
82
- # http://connect.microsoft.com/PowerShell/feedback/details/572313/powershell-exe-can-hang-if-stdin-is-redirected
83
- "-NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None"
84
- end
85
79
  end
86
80
  end
87
81
  end
@@ -25,8 +25,8 @@ require_relative "../dist"
25
25
  class Chef
26
26
  class Resource
27
27
  class Service < Chef::Resource
28
- include ChefUtils::DSL::Service
29
- extend ChefUtils::DSL::Service
28
+ include Chef::Platform::ServiceHelpers
29
+ extend Chef::Platform::ServiceHelpers
30
30
  unified_mode true
31
31
 
32
32
  provides :service, target_mode: true
@@ -106,7 +106,7 @@ class Chef
106
106
 
107
107
  r = with_run_context :root do
108
108
  find_resource(:template, "update ssh known hosts file #{new_resource.file_location}") do
109
- source ::File.expand_path("../support/ssh_known_hosts.erb", __FILE__)
109
+ source ::File.expand_path("support/ssh_known_hosts.erb", __dir__)
110
110
  local true
111
111
  path new_resource.file_location
112
112
  owner new_resource.owner