chef 16.2.50-universal-mingw32 → 16.4.38-universal-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (377) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +4 -4
  3. data/Rakefile +3 -16
  4. data/chef-universal-mingw32.gemspec +2 -3
  5. data/chef.gemspec +4 -3
  6. data/lib/chef/action_collection.rb +4 -0
  7. data/lib/chef/api_client/registration.rb +2 -2
  8. data/lib/chef/application.rb +13 -1
  9. data/lib/chef/application/apply.rb +6 -5
  10. data/lib/chef/application/windows_service.rb +27 -27
  11. data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
  12. data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
  13. data/lib/chef/chef_class.rb +0 -1
  14. data/lib/chef/chef_fs/chef_fs_data_store.rb +54 -54
  15. data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
  16. data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
  17. data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
  18. data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
  19. data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
  20. data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
  21. data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
  22. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
  23. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
  24. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
  25. data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
  26. data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
  27. data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
  28. data/lib/chef/client.rb +14 -14
  29. data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
  30. data/lib/chef/cookbook/syntax_check.rb +1 -2
  31. data/lib/chef/cookbook_loader.rb +15 -29
  32. data/lib/chef/data_bag.rb +1 -2
  33. data/lib/chef/data_collector/run_end_message.rb +11 -1
  34. data/lib/chef/deprecated.rb +8 -0
  35. data/lib/chef/digester.rb +3 -2
  36. data/lib/chef/dsl/platform_introspection.rb +9 -7
  37. data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
  38. data/lib/chef/environment.rb +3 -4
  39. data/lib/chef/exceptions.rb +4 -1
  40. data/lib/chef/file_access_control/windows.rb +2 -2
  41. data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
  42. data/lib/chef/file_content_management/tempfile.rb +9 -9
  43. data/lib/chef/handler.rb +2 -0
  44. data/lib/chef/http.rb +12 -12
  45. data/lib/chef/http/authenticator.rb +3 -1
  46. data/lib/chef/json_compat.rb +1 -1
  47. data/lib/chef/knife.rb +4 -4
  48. data/lib/chef/knife/bootstrap.rb +18 -15
  49. data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
  50. data/lib/chef/knife/config_get.rb +1 -0
  51. data/lib/chef/knife/config_list_profiles.rb +4 -1
  52. data/lib/chef/knife/configure.rb +1 -1
  53. data/lib/chef/knife/cookbook_download.rb +1 -1
  54. data/lib/chef/knife/cookbook_metadata.rb +1 -1
  55. data/lib/chef/knife/cookbook_upload.rb +29 -37
  56. data/lib/chef/knife/core/bootstrap_context.rb +1 -1
  57. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  58. data/lib/chef/knife/core/generic_presenter.rb +1 -1
  59. data/lib/chef/knife/core/hashed_command_loader.rb +3 -2
  60. data/lib/chef/knife/core/subcommand_loader.rb +20 -1
  61. data/lib/chef/knife/core/ui.rb +8 -2
  62. data/lib/chef/knife/core/windows_bootstrap_context.rb +33 -26
  63. data/lib/chef/knife/delete.rb +15 -15
  64. data/lib/chef/knife/exec.rb +2 -2
  65. data/lib/chef/knife/rehash.rb +3 -21
  66. data/lib/chef/knife/ssh.rb +11 -7
  67. data/lib/chef/knife/xargs.rb +19 -19
  68. data/lib/chef/knife/yaml_convert.rb +1 -1
  69. data/lib/chef/log.rb +7 -2
  70. data/lib/chef/mixin/checksum.rb +0 -1
  71. data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
  72. data/lib/chef/mixin/deep_merge.rb +35 -6
  73. data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
  74. data/lib/chef/mixin/openssl_helper.rb +30 -6
  75. data/lib/chef/mixin/path_sanity.rb +5 -4
  76. data/lib/chef/mixin/shell_out.rb +4 -188
  77. data/lib/chef/mixin/template.rb +1 -0
  78. data/lib/chef/mixin/which.rb +6 -3
  79. data/lib/chef/mixins.rb +1 -0
  80. data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
  81. data/lib/chef/node.rb +36 -12
  82. data/lib/chef/node/attribute.rb +2 -4
  83. data/lib/chef/node_map.rb +21 -18
  84. data/lib/chef/platform/service_helpers.rb +31 -28
  85. data/lib/chef/property.rb +1 -1
  86. data/lib/chef/provider/cron/unix.rb +0 -2
  87. data/lib/chef/provider/git.rb +17 -9
  88. data/lib/chef/provider/group.rb +0 -2
  89. data/lib/chef/provider/group/suse.rb +5 -5
  90. data/lib/chef/provider/ifconfig.rb +1 -4
  91. data/lib/chef/provider/mount.rb +0 -2
  92. data/lib/chef/provider/mount/solaris.rb +0 -1
  93. data/lib/chef/provider/package.rb +0 -2
  94. data/lib/chef/provider/package/rubygems.rb +1 -1
  95. data/lib/chef/provider/package/snap.rb +3 -4
  96. data/lib/chef/provider/package/windows.rb +9 -4
  97. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +9 -9
  98. data/lib/chef/provider/package/zypper.rb +0 -1
  99. data/lib/chef/provider/powershell_script.rb +21 -5
  100. data/lib/chef/provider/route.rb +1 -1
  101. data/lib/chef/provider/service.rb +2 -2
  102. data/lib/chef/provider/service/arch.rb +1 -1
  103. data/lib/chef/provider/service/debian.rb +1 -1
  104. data/lib/chef/provider/service/gentoo.rb +2 -2
  105. data/lib/chef/provider/service/macosx.rb +2 -2
  106. data/lib/chef/provider/service/openbsd.rb +1 -4
  107. data/lib/chef/provider/service/redhat.rb +2 -2
  108. data/lib/chef/provider/service/upstart.rb +1 -1
  109. data/lib/chef/provider/service/windows.rb +10 -10
  110. data/lib/chef/provider/systemd_unit.rb +0 -2
  111. data/lib/chef/provider/template/content.rb +1 -0
  112. data/lib/chef/provider/user/dscl.rb +2 -2
  113. data/lib/chef/provider/user/mac.rb +9 -9
  114. data/lib/chef/provider/windows_task.rb +0 -3
  115. data/lib/chef/provider/yum_repository.rb +1 -1
  116. data/lib/chef/provider/zypper_repository.rb +1 -2
  117. data/lib/chef/providers.rb +0 -1
  118. data/lib/chef/recipe.rb +1 -1
  119. data/lib/chef/resource.rb +9 -11
  120. data/lib/chef/resource/apt_repository.rb +1 -10
  121. data/lib/chef/resource/build_essential.rb +2 -2
  122. data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
  123. data/lib/chef/resource/chef_client_systemd_timer.rb +2 -2
  124. data/lib/chef/resource/chef_vault_secret.rb +13 -13
  125. data/lib/chef/resource/chocolatey_feature.rb +1 -2
  126. data/lib/chef/resource/cron/cron_d.rb +1 -1
  127. data/lib/chef/resource/cron_access.rb +2 -2
  128. data/lib/chef/resource/dmg_package.rb +1 -1
  129. data/lib/chef/resource/execute.rb +4 -5
  130. data/lib/chef/resource/homebrew_update.rb +2 -2
  131. data/lib/chef/resource/hostname.rb +18 -18
  132. data/lib/chef/resource/launchd.rb +1 -1
  133. data/lib/chef/resource/lwrp_base.rb +1 -0
  134. data/lib/chef/resource/macos_userdefaults.rb +176 -61
  135. data/lib/chef/resource/openssl_dhparam.rb +2 -0
  136. data/lib/chef/resource/openssl_ec_private_key.rb +2 -0
  137. data/lib/chef/resource/openssl_ec_public_key.rb +2 -0
  138. data/lib/chef/resource/openssl_rsa_private_key.rb +2 -0
  139. data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
  140. data/lib/chef/resource/openssl_x509_certificate.rb +35 -35
  141. data/lib/chef/resource/openssl_x509_crl.rb +3 -2
  142. data/lib/chef/resource/openssl_x509_request.rb +23 -20
  143. data/lib/chef/resource/osx_profile.rb +227 -5
  144. data/lib/chef/resource/powershell_package_source.rb +1 -1
  145. data/lib/chef/resource/powershell_script.rb +24 -30
  146. data/lib/chef/resource/service.rb +2 -2
  147. data/lib/chef/resource/ssh_known_hosts_entry.rb +1 -1
  148. data/lib/chef/resource/sudo.rb +2 -2
  149. data/lib/chef/resource/sysctl.rb +5 -5
  150. data/lib/chef/resource/user_ulimit.rb +1 -1
  151. data/lib/chef/resource/windows_ad_join.rb +2 -0
  152. data/lib/chef/resource/windows_audit_policy.rb +3 -0
  153. data/lib/chef/resource/windows_auto_run.rb +2 -0
  154. data/lib/chef/resource/windows_certificate.rb +2 -0
  155. data/lib/chef/resource/windows_dfs_folder.rb +2 -0
  156. data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
  157. data/lib/chef/resource/windows_dfs_server.rb +2 -0
  158. data/lib/chef/resource/windows_dns_record.rb +25 -5
  159. data/lib/chef/resource/windows_dns_zone.rb +12 -7
  160. data/lib/chef/resource/windows_feature.rb +2 -0
  161. data/lib/chef/resource/windows_feature_dism.rb +10 -0
  162. data/lib/chef/resource/windows_feature_powershell.rb +14 -2
  163. data/lib/chef/resource/windows_firewall_profile.rb +199 -0
  164. data/lib/chef/resource/windows_firewall_rule.rb +5 -3
  165. data/lib/chef/resource/windows_font.rb +3 -1
  166. data/lib/chef/resource/windows_pagefile.rb +4 -0
  167. data/lib/chef/resource/windows_printer.rb +17 -18
  168. data/lib/chef/resource/windows_printer_port.rb +14 -13
  169. data/lib/chef/resource/windows_security_policy.rb +51 -20
  170. data/lib/chef/resource/windows_share.rb +5 -3
  171. data/lib/chef/resource/windows_shortcut.rb +2 -0
  172. data/lib/chef/resource/windows_uac.rb +2 -0
  173. data/lib/chef/resource/windows_user_privilege.rb +27 -2
  174. data/lib/chef/resource/windows_workgroup.rb +2 -3
  175. data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
  176. data/lib/chef/resource_inspector.rb +7 -1
  177. data/lib/chef/resources.rb +1 -0
  178. data/lib/chef/role.rb +3 -4
  179. data/lib/chef/run_context/cookbook_compiler.rb +20 -20
  180. data/lib/chef/run_status.rb +2 -6
  181. data/lib/chef/server_api_versions.rb +4 -0
  182. data/lib/chef/shell.rb +1 -1
  183. data/lib/chef/shell/shell_session.rb +2 -0
  184. data/lib/chef/util/backup.rb +1 -1
  185. data/lib/chef/util/diff.rb +11 -12
  186. data/lib/chef/util/powershell/cmdlet.rb +1 -1
  187. data/lib/chef/version.rb +2 -2
  188. data/lib/chef/win32/file.rb +2 -2
  189. data/lib/chef/win32/file/version_info.rb +5 -5
  190. data/lib/chef/win32/registry.rb +1 -2
  191. data/spec/data/ssl/chef-rspec.cert +15 -15
  192. data/spec/functional/knife/configure_spec.rb +1 -1
  193. data/spec/functional/knife/ssh_spec.rb +5 -16
  194. data/spec/functional/resource/aix_service_spec.rb +9 -2
  195. data/spec/functional/resource/aixinit_service_spec.rb +8 -9
  196. data/spec/functional/resource/apt_package_spec.rb +0 -1
  197. data/spec/functional/resource/bash_spec.rb +3 -2
  198. data/spec/functional/resource/bff_spec.rb +3 -3
  199. data/spec/functional/resource/chocolatey_package_spec.rb +4 -0
  200. data/spec/functional/resource/cookbook_file_spec.rb +1 -1
  201. data/spec/functional/resource/cron_spec.rb +10 -2
  202. data/spec/functional/resource/dnf_package_spec.rb +4 -1
  203. data/spec/functional/resource/dsc_resource_spec.rb +1 -1
  204. data/spec/functional/resource/dsc_script_spec.rb +0 -1
  205. data/spec/functional/resource/execute_spec.rb +1 -1
  206. data/spec/functional/resource/git_spec.rb +23 -1
  207. data/spec/functional/resource/group_spec.rb +21 -9
  208. data/spec/functional/resource/ifconfig_spec.rb +9 -1
  209. data/spec/functional/resource/insserv_spec.rb +7 -7
  210. data/spec/functional/resource/link_spec.rb +22 -25
  211. data/spec/functional/resource/mount_spec.rb +9 -1
  212. data/spec/functional/resource/msu_package_spec.rb +9 -3
  213. data/spec/functional/resource/powershell_script_spec.rb +8 -8
  214. data/spec/functional/resource/remote_file_spec.rb +7 -13
  215. data/spec/functional/resource/rpm_spec.rb +3 -3
  216. data/spec/functional/resource/timezone_spec.rb +2 -0
  217. data/spec/functional/resource/windows_certificate_spec.rb +3 -3
  218. data/spec/functional/resource/windows_font_spec.rb +49 -0
  219. data/spec/functional/resource/windows_package_spec.rb +0 -1
  220. data/spec/functional/resource/windows_path_spec.rb +4 -0
  221. data/spec/functional/resource/windows_security_policy_spec.rb +0 -4
  222. data/spec/functional/resource/windows_service_spec.rb +4 -0
  223. data/spec/functional/resource/windows_task_spec.rb +4 -3
  224. data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
  225. data/spec/functional/resource/yum_package_spec.rb +4 -1
  226. data/spec/functional/resource/zypper_package_spec.rb +4 -1
  227. data/spec/functional/run_lock_spec.rb +26 -25
  228. data/spec/functional/shell_spec.rb +5 -6
  229. data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
  230. data/spec/functional/version_spec.rb +1 -1
  231. data/spec/functional/win32/crypto_spec.rb +1 -1
  232. data/spec/functional/win32/registry_spec.rb +8 -8
  233. data/spec/functional/win32/service_manager_spec.rb +1 -1
  234. data/spec/integration/knife/common_options_spec.rb +12 -12
  235. data/spec/integration/knife/config_get_profile_spec.rb +69 -68
  236. data/spec/integration/knife/config_get_spec.rb +126 -125
  237. data/spec/integration/knife/config_list_profiles_spec.rb +181 -152
  238. data/spec/integration/knife/config_use_profile_spec.rb +110 -109
  239. data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
  240. data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
  241. data/spec/integration/knife/diff_spec.rb +3 -1
  242. data/spec/integration/knife/download_spec.rb +3 -1
  243. data/spec/integration/knife/environment_from_file_spec.rb +1 -1
  244. data/spec/integration/knife/node_from_file_spec.rb +1 -1
  245. data/spec/integration/knife/role_from_file_spec.rb +1 -1
  246. data/spec/integration/knife/serve_spec.rb +5 -5
  247. data/spec/integration/knife/upload_spec.rb +3 -1
  248. data/spec/integration/recipes/accumulator_spec.rb +1 -1
  249. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +2 -2
  250. data/spec/integration/recipes/lwrp_spec.rb +1 -1
  251. data/spec/integration/recipes/notifies_spec.rb +1 -1
  252. data/spec/integration/recipes/notifying_block_spec.rb +1 -1
  253. data/spec/integration/recipes/recipe_dsl_spec.rb +5 -1
  254. data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
  255. data/spec/integration/recipes/resource_load_spec.rb +4 -2
  256. data/spec/integration/recipes/unified_mode_spec.rb +1 -1
  257. data/spec/integration/recipes/use_partial_spec.rb +1 -1
  258. data/spec/scripts/ssl-serve.rb +1 -1
  259. data/spec/spec_helper.rb +16 -10
  260. data/spec/support/chef_helpers.rb +1 -20
  261. data/spec/support/platform_helpers.rb +9 -11
  262. data/spec/support/platforms/win32/spec_service.rb +1 -1
  263. data/spec/support/shared/functional/directory_resource.rb +1 -1
  264. data/spec/support/shared/functional/execute_resource.rb +1 -1
  265. data/spec/support/shared/functional/file_resource.rb +20 -21
  266. data/spec/support/shared/functional/securable_resource.rb +1 -2
  267. data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
  268. data/spec/support/shared/functional/win32_service.rb +1 -1
  269. data/spec/support/shared/functional/windows_script.rb +5 -5
  270. data/spec/support/shared/integration/integration_helper.rb +22 -52
  271. data/spec/support/shared/integration/knife_support.rb +2 -9
  272. data/spec/support/shared/unit/application_dot_d.rb +0 -1
  273. data/spec/support/shared/unit/provider/file.rb +12 -8
  274. data/spec/support/shared/unit/script_resource.rb +6 -20
  275. data/spec/support/shared/unit/windows_script_resource.rb +15 -28
  276. data/spec/unit/application/solo_spec.rb +4 -2
  277. data/spec/unit/application_spec.rb +4 -2
  278. data/spec/unit/chef_fs/config_spec.rb +2 -2
  279. data/spec/unit/chef_fs/diff_spec.rb +8 -8
  280. data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
  281. data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
  282. data/spec/unit/client_spec.rb +4 -1
  283. data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
  284. data/spec/unit/cookbook/synchronizer_spec.rb +26 -24
  285. data/spec/unit/data_bag_spec.rb +6 -3
  286. data/spec/unit/data_collector_spec.rb +29 -1
  287. data/spec/unit/decorator_spec.rb +23 -23
  288. data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
  289. data/spec/unit/environment_spec.rb +12 -8
  290. data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
  291. data/spec/unit/guard_interpreter_spec.rb +1 -1
  292. data/spec/unit/http/api_versions_spec.rb +20 -2
  293. data/spec/unit/json_compat_spec.rb +1 -1
  294. data/spec/unit/knife/bootstrap_spec.rb +17 -20
  295. data/spec/unit/knife/cookbook_download_spec.rb +6 -6
  296. data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
  297. data/spec/unit/knife/cookbook_show_spec.rb +6 -7
  298. data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
  299. data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
  300. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +21 -12
  301. data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
  302. data/spec/unit/knife/supermarket_share_spec.rb +1 -1
  303. data/spec/unit/log/syslog_spec.rb +6 -10
  304. data/spec/unit/log/winevt_spec.rb +21 -13
  305. data/spec/unit/lwrp_spec.rb +9 -6
  306. data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
  307. data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
  308. data/spec/unit/mixin/powershell_out_spec.rb +2 -4
  309. data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
  310. data/spec/unit/mixin/securable_spec.rb +0 -1
  311. data/spec/unit/mixin/shell_out_spec.rb +25 -26
  312. data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
  313. data/spec/unit/mixin/template_spec.rb +30 -30
  314. data/spec/unit/mixin/unformatter_spec.rb +2 -2
  315. data/spec/unit/mixin/uris_spec.rb +1 -1
  316. data/spec/unit/mixin/which.rb +8 -0
  317. data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
  318. data/spec/unit/node/immutable_collections_spec.rb +6 -2
  319. data/spec/unit/node_spec.rb +103 -16
  320. data/spec/unit/property_spec.rb +5 -5
  321. data/spec/unit/provider/batch_spec.rb +1 -1
  322. data/spec/unit/provider/cron/unix_spec.rb +1 -1
  323. data/spec/unit/provider/dsc_resource_spec.rb +22 -38
  324. data/spec/unit/provider/dsc_script_spec.rb +10 -10
  325. data/spec/unit/provider/execute_spec.rb +1 -8
  326. data/spec/unit/provider/git_spec.rb +3 -3
  327. data/spec/unit/provider/ifconfig_spec.rb +0 -1
  328. data/spec/unit/provider/mdadm_spec.rb +1 -3
  329. data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
  330. data/spec/unit/provider/package/openbsd_spec.rb +1 -1
  331. data/spec/unit/provider/package/pacman_spec.rb +17 -20
  332. data/spec/unit/provider/package/rubygems_spec.rb +5 -10
  333. data/spec/unit/provider/package/smartos_spec.rb +1 -1
  334. data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
  335. data/spec/unit/provider/package/windows_spec.rb +30 -53
  336. data/spec/unit/provider/powershell_script_spec.rb +11 -4
  337. data/spec/unit/provider/remote_directory_spec.rb +9 -9
  338. data/spec/unit/provider/service/arch_service_spec.rb +3 -2
  339. data/spec/unit/provider/service/debian_service_spec.rb +1 -1
  340. data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
  341. data/spec/unit/provider/service/macosx_spec.rb +3 -3
  342. data/spec/unit/provider/service/redhat_spec.rb +3 -3
  343. data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
  344. data/spec/unit/provider/service/windows_spec.rb +2 -6
  345. data/spec/unit/provider/systemd_unit_spec.rb +28 -24
  346. data/spec/unit/provider/user/dscl_spec.rb +2 -2
  347. data/spec/unit/provider/windows_env_spec.rb +5 -4
  348. data/spec/unit/provider_resolver_spec.rb +6 -6
  349. data/spec/unit/provider_spec.rb +1 -0
  350. data/spec/unit/resource/batch_spec.rb +6 -6
  351. data/spec/unit/resource/chef_client_cron_spec.rb +23 -7
  352. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +7 -4
  353. data/spec/unit/resource/execute_spec.rb +123 -118
  354. data/spec/unit/resource/file/verification_spec.rb +2 -1
  355. data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
  356. data/spec/unit/resource/osx_profile_spec.rb +233 -0
  357. data/spec/unit/resource/powershell_script_spec.rb +11 -29
  358. data/spec/unit/resource/script_spec.rb +6 -1
  359. data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
  360. data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
  361. data/spec/unit/resource/windows_package_spec.rb +1 -0
  362. data/spec/unit/resource_reporter_spec.rb +1 -1
  363. data/spec/unit/resource_spec.rb +25 -8
  364. data/spec/unit/role_spec.rb +30 -28
  365. data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
  366. data/spec/unit/run_lock_spec.rb +1 -1
  367. data/spec/unit/scan_access_control_spec.rb +1 -1
  368. data/spec/unit/server_api_spec.rb +43 -16
  369. data/spec/unit/util/backup_spec.rb +1 -1
  370. data/spec/unit/util/diff_spec.rb +1 -15
  371. data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
  372. data/spec/unit/util/selinux_spec.rb +2 -1
  373. data/spec/unit/win32/security_spec.rb +4 -3
  374. data/tasks/rspec.rb +1 -1
  375. metadata +53 -40
  376. data/lib/chef/provider/osx_profile.rb +0 -255
  377. data/spec/unit/provider/osx_profile_spec.rb +0 -255
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_crl
28
30
 
29
31
  description "Use the **openssl_x509_crl** resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
@@ -113,8 +115,7 @@ class Chef
113
115
  end
114
116
 
115
117
  def ca_private_key
116
- ca_private_key = ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
117
- ca_private_key
118
+ ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
118
119
  end
119
120
 
120
121
  def crl
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_request
28
30
 
29
31
  description "Use the **openssl_x509_request** resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate."
@@ -132,7 +134,7 @@ class Chef
132
134
  action :create
133
135
  end
134
136
 
135
- file new_resource.key_file do
137
+ file key_file do
136
138
  owner new_resource.owner unless new_resource.owner.nil?
137
139
  group new_resource.group unless new_resource.group.nil?
138
140
  mode new_resource.mode unless new_resource.mode.nil?
@@ -145,36 +147,37 @@ class Chef
145
147
  end
146
148
 
147
149
  action_class do
148
- def generate_key_file
149
- unless new_resource.key_file
150
- path, file = ::File.split(new_resource.path)
151
- filename = ::File.basename(file, ::File.extname(file))
152
- new_resource.key_file path + "/" + filename + ".key"
153
- end
154
- new_resource.key_file
150
+ def key_file
151
+ @key_file ||=
152
+ if new_resource.key_file
153
+ new_resource.key_file
154
+ else
155
+ path, file = ::File.split(new_resource.path)
156
+ filename = ::File.basename(file, ::File.extname(file))
157
+ path + "/" + filename + ".key"
158
+ end
155
159
  end
156
160
 
157
161
  def key
158
- @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
159
- OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
162
+ @key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
163
+ OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
160
164
  elsif new_resource.key_type == "rsa"
161
165
  gen_rsa_priv_key(new_resource.key_length)
162
166
  else
163
167
  gen_ec_priv_key(new_resource.key_curve)
164
168
  end
165
- @key
166
169
  end
167
170
 
168
171
  def subject
169
- csr_subject = OpenSSL::X509::Name.new
170
- csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
171
- csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
172
- csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
173
- csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
174
- csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
175
- csr_subject.add_entry("CN", new_resource.common_name)
176
- csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
177
- csr_subject
172
+ OpenSSL::X509::Name.new.tap do |csr_subject|
173
+ csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
174
+ csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
175
+ csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
176
+ csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
177
+ csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
178
+ csr_subject.add_entry("CN", new_resource.common_name)
179
+ csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
180
+ end
178
181
  end
179
182
 
180
183
  def csr
@@ -17,6 +17,10 @@
17
17
  #
18
18
 
19
19
  require_relative "../resource"
20
+ require_relative "../log"
21
+ require_relative "../resource/file"
22
+ require "uuidtools"
23
+ require "plist"
20
24
 
21
25
  class Chef
22
26
  class Resource
@@ -29,9 +33,6 @@ class Chef
29
33
  description "Use the **osx_profile** resource to manage configuration profiles (.mobileconfig files) on the macOS platform. The osx_profile resource installs profiles by using the uuidgen library to generate a unique ProfileUUID, and then using the profiles command to install the profile on the system."
30
34
  introduced "12.7"
31
35
 
32
- default_action :install
33
- allowed_actions :install, :remove
34
-
35
36
  property :profile_name, String,
36
37
  description: "Use to specify the name of the profile, if different from the name of the resource block.",
37
38
  name_property: true
@@ -42,8 +43,229 @@ class Chef
42
43
  property :identifier, String,
43
44
  description: "Use to specify the identifier for the profile, such as com.company.screensaver."
44
45
 
45
- property :path, String,
46
- description: "The path to write the profile to disk before loading it."
46
+ # this is not a property it is necessary for the tempfile this resource uses to work (FIXME: this is terrible)
47
+ #
48
+ # @api private
49
+ #
50
+ def path(path = nil)
51
+ @path ||= path
52
+ @path
53
+ end
54
+
55
+ action_class do
56
+ def load_current_resource
57
+ @current_resource = Chef::Resource::OsxProfile.new(new_resource.name)
58
+ current_resource.profile_name(new_resource.profile_name)
59
+
60
+ if new_profile_hash
61
+ new_profile_hash["PayloadUUID"] = config_uuid(new_profile_hash)
62
+ end
63
+
64
+ current_resource.profile(current_profile)
65
+ end
66
+
67
+ def current_profile
68
+ all_profiles = get_installed_profiles
69
+
70
+ if all_profiles && all_profiles.key?("_computerlevel")
71
+ return all_profiles["_computerlevel"].find do |item|
72
+ item["ProfileIdentifier"] == new_profile_identifier
73
+ end
74
+ end
75
+ nil
76
+ end
77
+
78
+ def invalid_profile_name?(name_or_identifier)
79
+ name_or_identifier.end_with?(".mobileconfig") || !/^\w+(?:(\.| )\w+)+$/.match(name_or_identifier)
80
+ end
81
+
82
+ def check_resource_semantics!
83
+ if mac? && node["platform_version"] =~ ">= 11.0"
84
+ raise "The osx_profile resource is not available on macOS Big Sur or above due to Apple's removal of support for CLI profile installation"
85
+ end
86
+
87
+ if action == :remove
88
+ if new_profile_identifier
89
+ if invalid_profile_name?(new_profile_identifier)
90
+ raise "when removing using the identifier property, it must match the profile identifier"
91
+ end
92
+ else
93
+ if invalid_profile_name?(new_resource.profile_name)
94
+ raise "When removing by resource name, it must match the profile identifier"
95
+ end
96
+ end
97
+ end
98
+
99
+ if action == :install
100
+ if new_profile_hash.is_a?(Hash) && !new_profile_hash.include?("PayloadIdentifier")
101
+ raise "The specified profile does not seem to be valid"
102
+ end
103
+ if new_profile_hash.is_a?(String) && !new_profile_hash.end_with?(".mobileconfig")
104
+ raise "#{new_profile_hash}' is not a valid profile"
105
+ end
106
+ end
107
+ end
108
+ end
109
+
110
+ action :install do
111
+ unless profile_installed?
112
+ converge_by("install profile #{new_profile_identifier}") do
113
+ profile_path = write_profile_to_disk
114
+ install_profile(profile_path)
115
+ get_installed_profiles(true)
116
+ end
117
+ end
118
+ end
119
+
120
+ action :remove do
121
+ # Clean up profile after removing it
122
+ if profile_installed?
123
+ converge_by("remove profile #{new_profile_identifier}") do
124
+ remove_profile
125
+ get_installed_profiles(true)
126
+ end
127
+ end
128
+ end
129
+
130
+ action_class do
131
+ private
132
+
133
+ def profile
134
+ @profile ||= new_resource.profile || new_resource.profile_name
135
+ end
136
+
137
+ def new_profile_hash
138
+ @new_profile_hash ||= get_profile_hash(profile)
139
+ end
140
+
141
+ def new_profile_identifier
142
+ @new_profile_identifier ||= if new_profile_hash
143
+ new_profile_hash["PayloadIdentifier"]
144
+ else
145
+ new_resource.identifier || new_resource.profile_name
146
+ end
147
+ end
148
+
149
+ def load_profile_hash(new_profile)
150
+ # file must exist in cookbook
151
+ return nil unless new_profile.end_with?(".mobileconfig")
152
+
153
+ unless cookbook_file_available?(new_profile)
154
+ raise Chef::Exceptions::FileNotFound, "#{self}: '#{new_profile}' not found in cookbook"
155
+ end
156
+
157
+ cookbook_profile = cache_cookbook_profile(new_profile)
158
+ ::Plist.parse_xml(cookbook_profile)
159
+ end
160
+
161
+ def cookbook_file_available?(cookbook_file)
162
+ run_context.has_cookbook_file_in_cookbook?(
163
+ new_resource.cookbook_name, cookbook_file
164
+ )
165
+ end
166
+
167
+ def get_cache_dir
168
+ Chef::FileCache.create_cache_path(
169
+ "profiles/#{new_resource.cookbook_name}"
170
+ )
171
+ end
172
+
173
+ def cache_cookbook_profile(cookbook_file)
174
+ Chef::FileCache.create_cache_path(
175
+ ::File.join(
176
+ "profiles",
177
+ new_resource.cookbook_name,
178
+ ::File.dirname(cookbook_file)
179
+ )
180
+ )
181
+
182
+ path = ::File.join( get_cache_dir, "#{cookbook_file}.remote")
183
+
184
+ cookbook_file path do
185
+ cookbook_name = new_resource.cookbook_name
186
+ source(cookbook_file)
187
+ backup(false)
188
+ run_action(:create)
189
+ end
190
+
191
+ path
192
+ end
193
+
194
+ def get_profile_hash(new_profile)
195
+ if new_profile.is_a?(Hash)
196
+ new_profile
197
+ elsif new_profile.is_a?(String)
198
+ load_profile_hash(new_profile)
199
+ end
200
+ end
201
+
202
+ def config_uuid(profile)
203
+ # Make a UUID of the profile contents and return as string
204
+ UUIDTools::UUID.sha1_create(
205
+ UUIDTools::UUID_DNS_NAMESPACE,
206
+ profile.to_s
207
+ ).to_s
208
+ end
209
+
210
+ def write_profile_to_disk
211
+ # FIXME: this is kind of terrible, the resource needs a tempfile to use and
212
+ # wants it created similarly to the file providers (with all the magic necessary
213
+ # for determining if it should go in the cwd or into a tmpdir), but it abuses
214
+ # the Chef::FileContentManagement::Tempfile API to do that, which requires setting
215
+ # a `path` method on the resource because of tight-coupling to the file provider
216
+ # pattern. We don't just want to use a file here because the point is to get
217
+ # at the tempfile pattern from the file provider, but to feed that into a shell
218
+ # command rather than deploying the file to somewhere on disk. There's some
219
+ # better API that needs extracting here.
220
+ new_resource.path(Chef::FileCache.create_cache_path("profiles"))
221
+ tempfile = Chef::FileContentManagement::Tempfile.new(new_resource).tempfile
222
+ tempfile.write(new_profile_hash.to_plist)
223
+ tempfile.close
224
+ tempfile.path
225
+ end
226
+
227
+ def install_profile(profile_path)
228
+ cmd = [ "/usr/bin/profiles", "-I", "-F", profile_path ]
229
+ logger.trace("cmd: #{cmd.join(" ")}")
230
+ shell_out!(*cmd)
231
+ end
232
+
233
+ def remove_profile
234
+ cmd = [ "/usr/bin/profiles", "-R", "-p", new_profile_identifier ]
235
+ logger.trace("cmd: #{cmd.join(" ")}")
236
+ shell_out!(*cmd)
237
+ end
238
+
239
+ #
240
+ # FIXME FIXME FIXME
241
+ # The node object should not be used for caching state like this and this is not a public API and may break.
242
+ # FIXME FIXME FIXME
243
+ #
244
+
245
+ def get_installed_profiles(update = nil)
246
+ if update
247
+ node.run_state[:config_profiles] = query_installed_profiles
248
+ else
249
+ node.run_state[:config_profiles] ||= query_installed_profiles
250
+ end
251
+ logger.trace("Saved profiles to run_state")
252
+ end
253
+
254
+ def query_installed_profiles
255
+ Tempfile.open("allprofiles.plist") do |tempfile|
256
+ shell_out( "/usr/bin/profiles", "-P", "-o", tempfile.path )
257
+ ::Plist.parse_xml(tempfile)
258
+ end
259
+ end
260
+
261
+ def profile_installed?
262
+ # Profile Identifier and UUID must match a currently installed profile
263
+ return false if current_resource.profile.nil? || current_resource.profile.empty?
264
+ return true if action == :remove
265
+
266
+ current_resource.profile["ProfileUUID"] == new_profile_hash["PayloadUUID"]
267
+ end
268
+ end
47
269
  end
48
270
  end
49
271
  end
@@ -34,7 +34,7 @@ class Chef
34
34
 
35
35
  property :url, String,
36
36
  description: "The url to the package source.",
37
- required: true
37
+ required: [:register]
38
38
 
39
39
  property :trusted, [TrueClass, FalseClass],
40
40
  description: "Whether or not to trust packages from this source.",
@@ -25,19 +25,31 @@ class Chef
25
25
  provides :powershell_script, os: "windows"
26
26
 
27
27
  property :flags, String,
28
- description: "A string that is passed to the Windows PowerShell command",
29
- default: lazy { default_flags },
30
- coerce: proc { |input|
31
- if input == default_flags
32
- # Means there was no input provided,
33
- # and should use defaults in this case
34
- input
35
- else
36
- # The last occurrence of a flag would override its
37
- # previous one at the time of command execution.
38
- [default_flags, input].join(" ")
28
+ description: "A string that is passed to the Windows PowerShell command"
29
+
30
+ property :convert_boolean_return, [true, false],
31
+ default: false,
32
+ description: <<~DESC
33
+ Return `0` if the last line of a command is evaluated to be true or to return `1` if the last line is evaluated to be false.
34
+
35
+ When the `guard_interpreter` common attribute is set to `:powershell_script`, a string command will be evaluated as if this value were set to `true`. This is because the behavior of this attribute is similar to the value of the `"$?"` expression common in UNIX interpreters. For example, this:
36
+
37
+ ```ruby
38
+ powershell_script 'make_safe_backup' do
39
+ guard_interpreter :powershell_script
40
+ code 'cp ~/data/nodes.json ~/data/nodes.bak'
41
+ not_if 'test-path ~/data/nodes.bak'
42
+ end
43
+ ```
44
+
45
+ is similar to:
46
+ ```ruby
47
+ bash 'make_safe_backup' do
48
+ code 'cp ~/data/nodes.json ~/data/nodes.bak'
49
+ not_if 'test -e ~/data/nodes.bak'
39
50
  end
40
- }
51
+ ```
52
+ DESC
41
53
 
42
54
  description "Use the **powershell_script** resource to execute a script using the Windows PowerShell"\
43
55
  " interpreter, much like how the script and script-based resources—bash, csh, perl, python,"\
@@ -52,15 +64,6 @@ class Chef
52
64
  super
53
65
  @interpreter = "powershell.exe"
54
66
  @default_guard_interpreter = resource_name
55
- @convert_boolean_return = false
56
- end
57
-
58
- def convert_boolean_return(arg = nil)
59
- set_or_return(
60
- :convert_boolean_return,
61
- arg,
62
- kind_of: [ FalseClass, TrueClass ]
63
- )
64
67
  end
65
68
 
66
69
  # Allow callers evaluating guards to request default
@@ -73,15 +76,6 @@ class Chef
73
76
  def self.get_default_attributes(opts)
74
77
  { convert_boolean_return: true }
75
78
  end
76
-
77
- # Options that will be passed to Windows PowerShell command
78
- #
79
- # @returns [String]
80
- def default_flags
81
- # Set InputFormat to None as PowerShell will hang if STDIN is redirected
82
- # http://connect.microsoft.com/PowerShell/feedback/details/572313/powershell-exe-can-hang-if-stdin-is-redirected
83
- "-NoLogo -NonInteractive -NoProfile -ExecutionPolicy Bypass -InputFormat None"
84
- end
85
79
  end
86
80
  end
87
81
  end
@@ -25,8 +25,8 @@ require_relative "../dist"
25
25
  class Chef
26
26
  class Resource
27
27
  class Service < Chef::Resource
28
- include ChefUtils::DSL::Service
29
- extend ChefUtils::DSL::Service
28
+ include Chef::Platform::ServiceHelpers
29
+ extend Chef::Platform::ServiceHelpers
30
30
  unified_mode true
31
31
 
32
32
  provides :service, target_mode: true
@@ -106,7 +106,7 @@ class Chef
106
106
 
107
107
  r = with_run_context :root do
108
108
  find_resource(:template, "update ssh known hosts file #{new_resource.file_location}") do
109
- source ::File.expand_path("../support/ssh_known_hosts.erb", __FILE__)
109
+ source ::File.expand_path("support/ssh_known_hosts.erb", __dir__)
110
110
  local true
111
111
  path new_resource.file_location
112
112
  owner new_resource.owner