chef 16.2.50-universal-mingw32 → 16.4.38-universal-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (377) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +4 -4
  3. data/Rakefile +3 -16
  4. data/chef-universal-mingw32.gemspec +2 -3
  5. data/chef.gemspec +4 -3
  6. data/lib/chef/action_collection.rb +4 -0
  7. data/lib/chef/api_client/registration.rb +2 -2
  8. data/lib/chef/application.rb +13 -1
  9. data/lib/chef/application/apply.rb +6 -5
  10. data/lib/chef/application/windows_service.rb +27 -27
  11. data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
  12. data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
  13. data/lib/chef/chef_class.rb +0 -1
  14. data/lib/chef/chef_fs/chef_fs_data_store.rb +54 -54
  15. data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
  16. data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
  17. data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
  18. data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
  19. data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
  20. data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
  21. data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
  22. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
  23. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
  24. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
  25. data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
  26. data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
  27. data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
  28. data/lib/chef/client.rb +14 -14
  29. data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
  30. data/lib/chef/cookbook/syntax_check.rb +1 -2
  31. data/lib/chef/cookbook_loader.rb +15 -29
  32. data/lib/chef/data_bag.rb +1 -2
  33. data/lib/chef/data_collector/run_end_message.rb +11 -1
  34. data/lib/chef/deprecated.rb +8 -0
  35. data/lib/chef/digester.rb +3 -2
  36. data/lib/chef/dsl/platform_introspection.rb +9 -7
  37. data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
  38. data/lib/chef/environment.rb +3 -4
  39. data/lib/chef/exceptions.rb +4 -1
  40. data/lib/chef/file_access_control/windows.rb +2 -2
  41. data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
  42. data/lib/chef/file_content_management/tempfile.rb +9 -9
  43. data/lib/chef/handler.rb +2 -0
  44. data/lib/chef/http.rb +12 -12
  45. data/lib/chef/http/authenticator.rb +3 -1
  46. data/lib/chef/json_compat.rb +1 -1
  47. data/lib/chef/knife.rb +4 -4
  48. data/lib/chef/knife/bootstrap.rb +18 -15
  49. data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
  50. data/lib/chef/knife/config_get.rb +1 -0
  51. data/lib/chef/knife/config_list_profiles.rb +4 -1
  52. data/lib/chef/knife/configure.rb +1 -1
  53. data/lib/chef/knife/cookbook_download.rb +1 -1
  54. data/lib/chef/knife/cookbook_metadata.rb +1 -1
  55. data/lib/chef/knife/cookbook_upload.rb +29 -37
  56. data/lib/chef/knife/core/bootstrap_context.rb +1 -1
  57. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  58. data/lib/chef/knife/core/generic_presenter.rb +1 -1
  59. data/lib/chef/knife/core/hashed_command_loader.rb +3 -2
  60. data/lib/chef/knife/core/subcommand_loader.rb +20 -1
  61. data/lib/chef/knife/core/ui.rb +8 -2
  62. data/lib/chef/knife/core/windows_bootstrap_context.rb +33 -26
  63. data/lib/chef/knife/delete.rb +15 -15
  64. data/lib/chef/knife/exec.rb +2 -2
  65. data/lib/chef/knife/rehash.rb +3 -21
  66. data/lib/chef/knife/ssh.rb +11 -7
  67. data/lib/chef/knife/xargs.rb +19 -19
  68. data/lib/chef/knife/yaml_convert.rb +1 -1
  69. data/lib/chef/log.rb +7 -2
  70. data/lib/chef/mixin/checksum.rb +0 -1
  71. data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
  72. data/lib/chef/mixin/deep_merge.rb +35 -6
  73. data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
  74. data/lib/chef/mixin/openssl_helper.rb +30 -6
  75. data/lib/chef/mixin/path_sanity.rb +5 -4
  76. data/lib/chef/mixin/shell_out.rb +4 -188
  77. data/lib/chef/mixin/template.rb +1 -0
  78. data/lib/chef/mixin/which.rb +6 -3
  79. data/lib/chef/mixins.rb +1 -0
  80. data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
  81. data/lib/chef/node.rb +36 -12
  82. data/lib/chef/node/attribute.rb +2 -4
  83. data/lib/chef/node_map.rb +21 -18
  84. data/lib/chef/platform/service_helpers.rb +31 -28
  85. data/lib/chef/property.rb +1 -1
  86. data/lib/chef/provider/cron/unix.rb +0 -2
  87. data/lib/chef/provider/git.rb +17 -9
  88. data/lib/chef/provider/group.rb +0 -2
  89. data/lib/chef/provider/group/suse.rb +5 -5
  90. data/lib/chef/provider/ifconfig.rb +1 -4
  91. data/lib/chef/provider/mount.rb +0 -2
  92. data/lib/chef/provider/mount/solaris.rb +0 -1
  93. data/lib/chef/provider/package.rb +0 -2
  94. data/lib/chef/provider/package/rubygems.rb +1 -1
  95. data/lib/chef/provider/package/snap.rb +3 -4
  96. data/lib/chef/provider/package/windows.rb +9 -4
  97. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +9 -9
  98. data/lib/chef/provider/package/zypper.rb +0 -1
  99. data/lib/chef/provider/powershell_script.rb +21 -5
  100. data/lib/chef/provider/route.rb +1 -1
  101. data/lib/chef/provider/service.rb +2 -2
  102. data/lib/chef/provider/service/arch.rb +1 -1
  103. data/lib/chef/provider/service/debian.rb +1 -1
  104. data/lib/chef/provider/service/gentoo.rb +2 -2
  105. data/lib/chef/provider/service/macosx.rb +2 -2
  106. data/lib/chef/provider/service/openbsd.rb +1 -4
  107. data/lib/chef/provider/service/redhat.rb +2 -2
  108. data/lib/chef/provider/service/upstart.rb +1 -1
  109. data/lib/chef/provider/service/windows.rb +10 -10
  110. data/lib/chef/provider/systemd_unit.rb +0 -2
  111. data/lib/chef/provider/template/content.rb +1 -0
  112. data/lib/chef/provider/user/dscl.rb +2 -2
  113. data/lib/chef/provider/user/mac.rb +9 -9
  114. data/lib/chef/provider/windows_task.rb +0 -3
  115. data/lib/chef/provider/yum_repository.rb +1 -1
  116. data/lib/chef/provider/zypper_repository.rb +1 -2
  117. data/lib/chef/providers.rb +0 -1
  118. data/lib/chef/recipe.rb +1 -1
  119. data/lib/chef/resource.rb +9 -11
  120. data/lib/chef/resource/apt_repository.rb +1 -10
  121. data/lib/chef/resource/build_essential.rb +2 -2
  122. data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
  123. data/lib/chef/resource/chef_client_systemd_timer.rb +2 -2
  124. data/lib/chef/resource/chef_vault_secret.rb +13 -13
  125. data/lib/chef/resource/chocolatey_feature.rb +1 -2
  126. data/lib/chef/resource/cron/cron_d.rb +1 -1
  127. data/lib/chef/resource/cron_access.rb +2 -2
  128. data/lib/chef/resource/dmg_package.rb +1 -1
  129. data/lib/chef/resource/execute.rb +4 -5
  130. data/lib/chef/resource/homebrew_update.rb +2 -2
  131. data/lib/chef/resource/hostname.rb +18 -18
  132. data/lib/chef/resource/launchd.rb +1 -1
  133. data/lib/chef/resource/lwrp_base.rb +1 -0
  134. data/lib/chef/resource/macos_userdefaults.rb +176 -61
  135. data/lib/chef/resource/openssl_dhparam.rb +2 -0
  136. data/lib/chef/resource/openssl_ec_private_key.rb +2 -0
  137. data/lib/chef/resource/openssl_ec_public_key.rb +2 -0
  138. data/lib/chef/resource/openssl_rsa_private_key.rb +2 -0
  139. data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
  140. data/lib/chef/resource/openssl_x509_certificate.rb +35 -35
  141. data/lib/chef/resource/openssl_x509_crl.rb +3 -2
  142. data/lib/chef/resource/openssl_x509_request.rb +23 -20
  143. data/lib/chef/resource/osx_profile.rb +227 -5
  144. data/lib/chef/resource/powershell_package_source.rb +1 -1
  145. data/lib/chef/resource/powershell_script.rb +24 -30
  146. data/lib/chef/resource/service.rb +2 -2
  147. data/lib/chef/resource/ssh_known_hosts_entry.rb +1 -1
  148. data/lib/chef/resource/sudo.rb +2 -2
  149. data/lib/chef/resource/sysctl.rb +5 -5
  150. data/lib/chef/resource/user_ulimit.rb +1 -1
  151. data/lib/chef/resource/windows_ad_join.rb +2 -0
  152. data/lib/chef/resource/windows_audit_policy.rb +3 -0
  153. data/lib/chef/resource/windows_auto_run.rb +2 -0
  154. data/lib/chef/resource/windows_certificate.rb +2 -0
  155. data/lib/chef/resource/windows_dfs_folder.rb +2 -0
  156. data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
  157. data/lib/chef/resource/windows_dfs_server.rb +2 -0
  158. data/lib/chef/resource/windows_dns_record.rb +25 -5
  159. data/lib/chef/resource/windows_dns_zone.rb +12 -7
  160. data/lib/chef/resource/windows_feature.rb +2 -0
  161. data/lib/chef/resource/windows_feature_dism.rb +10 -0
  162. data/lib/chef/resource/windows_feature_powershell.rb +14 -2
  163. data/lib/chef/resource/windows_firewall_profile.rb +199 -0
  164. data/lib/chef/resource/windows_firewall_rule.rb +5 -3
  165. data/lib/chef/resource/windows_font.rb +3 -1
  166. data/lib/chef/resource/windows_pagefile.rb +4 -0
  167. data/lib/chef/resource/windows_printer.rb +17 -18
  168. data/lib/chef/resource/windows_printer_port.rb +14 -13
  169. data/lib/chef/resource/windows_security_policy.rb +51 -20
  170. data/lib/chef/resource/windows_share.rb +5 -3
  171. data/lib/chef/resource/windows_shortcut.rb +2 -0
  172. data/lib/chef/resource/windows_uac.rb +2 -0
  173. data/lib/chef/resource/windows_user_privilege.rb +27 -2
  174. data/lib/chef/resource/windows_workgroup.rb +2 -3
  175. data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
  176. data/lib/chef/resource_inspector.rb +7 -1
  177. data/lib/chef/resources.rb +1 -0
  178. data/lib/chef/role.rb +3 -4
  179. data/lib/chef/run_context/cookbook_compiler.rb +20 -20
  180. data/lib/chef/run_status.rb +2 -6
  181. data/lib/chef/server_api_versions.rb +4 -0
  182. data/lib/chef/shell.rb +1 -1
  183. data/lib/chef/shell/shell_session.rb +2 -0
  184. data/lib/chef/util/backup.rb +1 -1
  185. data/lib/chef/util/diff.rb +11 -12
  186. data/lib/chef/util/powershell/cmdlet.rb +1 -1
  187. data/lib/chef/version.rb +2 -2
  188. data/lib/chef/win32/file.rb +2 -2
  189. data/lib/chef/win32/file/version_info.rb +5 -5
  190. data/lib/chef/win32/registry.rb +1 -2
  191. data/spec/data/ssl/chef-rspec.cert +15 -15
  192. data/spec/functional/knife/configure_spec.rb +1 -1
  193. data/spec/functional/knife/ssh_spec.rb +5 -16
  194. data/spec/functional/resource/aix_service_spec.rb +9 -2
  195. data/spec/functional/resource/aixinit_service_spec.rb +8 -9
  196. data/spec/functional/resource/apt_package_spec.rb +0 -1
  197. data/spec/functional/resource/bash_spec.rb +3 -2
  198. data/spec/functional/resource/bff_spec.rb +3 -3
  199. data/spec/functional/resource/chocolatey_package_spec.rb +4 -0
  200. data/spec/functional/resource/cookbook_file_spec.rb +1 -1
  201. data/spec/functional/resource/cron_spec.rb +10 -2
  202. data/spec/functional/resource/dnf_package_spec.rb +4 -1
  203. data/spec/functional/resource/dsc_resource_spec.rb +1 -1
  204. data/spec/functional/resource/dsc_script_spec.rb +0 -1
  205. data/spec/functional/resource/execute_spec.rb +1 -1
  206. data/spec/functional/resource/git_spec.rb +23 -1
  207. data/spec/functional/resource/group_spec.rb +21 -9
  208. data/spec/functional/resource/ifconfig_spec.rb +9 -1
  209. data/spec/functional/resource/insserv_spec.rb +7 -7
  210. data/spec/functional/resource/link_spec.rb +22 -25
  211. data/spec/functional/resource/mount_spec.rb +9 -1
  212. data/spec/functional/resource/msu_package_spec.rb +9 -3
  213. data/spec/functional/resource/powershell_script_spec.rb +8 -8
  214. data/spec/functional/resource/remote_file_spec.rb +7 -13
  215. data/spec/functional/resource/rpm_spec.rb +3 -3
  216. data/spec/functional/resource/timezone_spec.rb +2 -0
  217. data/spec/functional/resource/windows_certificate_spec.rb +3 -3
  218. data/spec/functional/resource/windows_font_spec.rb +49 -0
  219. data/spec/functional/resource/windows_package_spec.rb +0 -1
  220. data/spec/functional/resource/windows_path_spec.rb +4 -0
  221. data/spec/functional/resource/windows_security_policy_spec.rb +0 -4
  222. data/spec/functional/resource/windows_service_spec.rb +4 -0
  223. data/spec/functional/resource/windows_task_spec.rb +4 -3
  224. data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
  225. data/spec/functional/resource/yum_package_spec.rb +4 -1
  226. data/spec/functional/resource/zypper_package_spec.rb +4 -1
  227. data/spec/functional/run_lock_spec.rb +26 -25
  228. data/spec/functional/shell_spec.rb +5 -6
  229. data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
  230. data/spec/functional/version_spec.rb +1 -1
  231. data/spec/functional/win32/crypto_spec.rb +1 -1
  232. data/spec/functional/win32/registry_spec.rb +8 -8
  233. data/spec/functional/win32/service_manager_spec.rb +1 -1
  234. data/spec/integration/knife/common_options_spec.rb +12 -12
  235. data/spec/integration/knife/config_get_profile_spec.rb +69 -68
  236. data/spec/integration/knife/config_get_spec.rb +126 -125
  237. data/spec/integration/knife/config_list_profiles_spec.rb +181 -152
  238. data/spec/integration/knife/config_use_profile_spec.rb +110 -109
  239. data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
  240. data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
  241. data/spec/integration/knife/diff_spec.rb +3 -1
  242. data/spec/integration/knife/download_spec.rb +3 -1
  243. data/spec/integration/knife/environment_from_file_spec.rb +1 -1
  244. data/spec/integration/knife/node_from_file_spec.rb +1 -1
  245. data/spec/integration/knife/role_from_file_spec.rb +1 -1
  246. data/spec/integration/knife/serve_spec.rb +5 -5
  247. data/spec/integration/knife/upload_spec.rb +3 -1
  248. data/spec/integration/recipes/accumulator_spec.rb +1 -1
  249. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +2 -2
  250. data/spec/integration/recipes/lwrp_spec.rb +1 -1
  251. data/spec/integration/recipes/notifies_spec.rb +1 -1
  252. data/spec/integration/recipes/notifying_block_spec.rb +1 -1
  253. data/spec/integration/recipes/recipe_dsl_spec.rb +5 -1
  254. data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
  255. data/spec/integration/recipes/resource_load_spec.rb +4 -2
  256. data/spec/integration/recipes/unified_mode_spec.rb +1 -1
  257. data/spec/integration/recipes/use_partial_spec.rb +1 -1
  258. data/spec/scripts/ssl-serve.rb +1 -1
  259. data/spec/spec_helper.rb +16 -10
  260. data/spec/support/chef_helpers.rb +1 -20
  261. data/spec/support/platform_helpers.rb +9 -11
  262. data/spec/support/platforms/win32/spec_service.rb +1 -1
  263. data/spec/support/shared/functional/directory_resource.rb +1 -1
  264. data/spec/support/shared/functional/execute_resource.rb +1 -1
  265. data/spec/support/shared/functional/file_resource.rb +20 -21
  266. data/spec/support/shared/functional/securable_resource.rb +1 -2
  267. data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
  268. data/spec/support/shared/functional/win32_service.rb +1 -1
  269. data/spec/support/shared/functional/windows_script.rb +5 -5
  270. data/spec/support/shared/integration/integration_helper.rb +22 -52
  271. data/spec/support/shared/integration/knife_support.rb +2 -9
  272. data/spec/support/shared/unit/application_dot_d.rb +0 -1
  273. data/spec/support/shared/unit/provider/file.rb +12 -8
  274. data/spec/support/shared/unit/script_resource.rb +6 -20
  275. data/spec/support/shared/unit/windows_script_resource.rb +15 -28
  276. data/spec/unit/application/solo_spec.rb +4 -2
  277. data/spec/unit/application_spec.rb +4 -2
  278. data/spec/unit/chef_fs/config_spec.rb +2 -2
  279. data/spec/unit/chef_fs/diff_spec.rb +8 -8
  280. data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
  281. data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
  282. data/spec/unit/client_spec.rb +4 -1
  283. data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
  284. data/spec/unit/cookbook/synchronizer_spec.rb +26 -24
  285. data/spec/unit/data_bag_spec.rb +6 -3
  286. data/spec/unit/data_collector_spec.rb +29 -1
  287. data/spec/unit/decorator_spec.rb +23 -23
  288. data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
  289. data/spec/unit/environment_spec.rb +12 -8
  290. data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
  291. data/spec/unit/guard_interpreter_spec.rb +1 -1
  292. data/spec/unit/http/api_versions_spec.rb +20 -2
  293. data/spec/unit/json_compat_spec.rb +1 -1
  294. data/spec/unit/knife/bootstrap_spec.rb +17 -20
  295. data/spec/unit/knife/cookbook_download_spec.rb +6 -6
  296. data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
  297. data/spec/unit/knife/cookbook_show_spec.rb +6 -7
  298. data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
  299. data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
  300. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +21 -12
  301. data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
  302. data/spec/unit/knife/supermarket_share_spec.rb +1 -1
  303. data/spec/unit/log/syslog_spec.rb +6 -10
  304. data/spec/unit/log/winevt_spec.rb +21 -13
  305. data/spec/unit/lwrp_spec.rb +9 -6
  306. data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
  307. data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
  308. data/spec/unit/mixin/powershell_out_spec.rb +2 -4
  309. data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
  310. data/spec/unit/mixin/securable_spec.rb +0 -1
  311. data/spec/unit/mixin/shell_out_spec.rb +25 -26
  312. data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
  313. data/spec/unit/mixin/template_spec.rb +30 -30
  314. data/spec/unit/mixin/unformatter_spec.rb +2 -2
  315. data/spec/unit/mixin/uris_spec.rb +1 -1
  316. data/spec/unit/mixin/which.rb +8 -0
  317. data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
  318. data/spec/unit/node/immutable_collections_spec.rb +6 -2
  319. data/spec/unit/node_spec.rb +103 -16
  320. data/spec/unit/property_spec.rb +5 -5
  321. data/spec/unit/provider/batch_spec.rb +1 -1
  322. data/spec/unit/provider/cron/unix_spec.rb +1 -1
  323. data/spec/unit/provider/dsc_resource_spec.rb +22 -38
  324. data/spec/unit/provider/dsc_script_spec.rb +10 -10
  325. data/spec/unit/provider/execute_spec.rb +1 -8
  326. data/spec/unit/provider/git_spec.rb +3 -3
  327. data/spec/unit/provider/ifconfig_spec.rb +0 -1
  328. data/spec/unit/provider/mdadm_spec.rb +1 -3
  329. data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
  330. data/spec/unit/provider/package/openbsd_spec.rb +1 -1
  331. data/spec/unit/provider/package/pacman_spec.rb +17 -20
  332. data/spec/unit/provider/package/rubygems_spec.rb +5 -10
  333. data/spec/unit/provider/package/smartos_spec.rb +1 -1
  334. data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
  335. data/spec/unit/provider/package/windows_spec.rb +30 -53
  336. data/spec/unit/provider/powershell_script_spec.rb +11 -4
  337. data/spec/unit/provider/remote_directory_spec.rb +9 -9
  338. data/spec/unit/provider/service/arch_service_spec.rb +3 -2
  339. data/spec/unit/provider/service/debian_service_spec.rb +1 -1
  340. data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
  341. data/spec/unit/provider/service/macosx_spec.rb +3 -3
  342. data/spec/unit/provider/service/redhat_spec.rb +3 -3
  343. data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
  344. data/spec/unit/provider/service/windows_spec.rb +2 -6
  345. data/spec/unit/provider/systemd_unit_spec.rb +28 -24
  346. data/spec/unit/provider/user/dscl_spec.rb +2 -2
  347. data/spec/unit/provider/windows_env_spec.rb +5 -4
  348. data/spec/unit/provider_resolver_spec.rb +6 -6
  349. data/spec/unit/provider_spec.rb +1 -0
  350. data/spec/unit/resource/batch_spec.rb +6 -6
  351. data/spec/unit/resource/chef_client_cron_spec.rb +23 -7
  352. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +7 -4
  353. data/spec/unit/resource/execute_spec.rb +123 -118
  354. data/spec/unit/resource/file/verification_spec.rb +2 -1
  355. data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
  356. data/spec/unit/resource/osx_profile_spec.rb +233 -0
  357. data/spec/unit/resource/powershell_script_spec.rb +11 -29
  358. data/spec/unit/resource/script_spec.rb +6 -1
  359. data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
  360. data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
  361. data/spec/unit/resource/windows_package_spec.rb +1 -0
  362. data/spec/unit/resource_reporter_spec.rb +1 -1
  363. data/spec/unit/resource_spec.rb +25 -8
  364. data/spec/unit/role_spec.rb +30 -28
  365. data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
  366. data/spec/unit/run_lock_spec.rb +1 -1
  367. data/spec/unit/scan_access_control_spec.rb +1 -1
  368. data/spec/unit/server_api_spec.rb +43 -16
  369. data/spec/unit/util/backup_spec.rb +1 -1
  370. data/spec/unit/util/diff_spec.rb +1 -15
  371. data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
  372. data/spec/unit/util/selinux_spec.rb +2 -1
  373. data/spec/unit/win32/security_spec.rb +4 -3
  374. data/tasks/rspec.rb +1 -1
  375. metadata +53 -40
  376. data/lib/chef/provider/osx_profile.rb +0 -255
  377. data/spec/unit/provider/osx_profile_spec.rb +0 -255
@@ -199,7 +199,7 @@ class Chef
199
199
  end
200
200
  else
201
201
  template file_path do
202
- source ::File.expand_path("../support/sudoer.erb", __FILE__)
202
+ source ::File.expand_path("support/sudoer.erb", __dir__)
203
203
  local true
204
204
  mode "0440"
205
205
  variables sudoer: (new_resource.groups + new_resource.users).join(","),
@@ -255,7 +255,7 @@ class Chef
255
255
  end
256
256
 
257
257
  def visudo_content(path)
258
- if ::File.exists?(path)
258
+ if ::File.exist?(path)
259
259
  "cat #{new_resource.config_prefix}/sudoers | #{new_resource.visudo_binary} -cf - && #{new_resource.visudo_binary} -cf %{path}"
260
260
  else
261
261
  "cat #{new_resource.config_prefix}/sudoers %{path} | #{new_resource.visudo_binary} -cf -"
@@ -128,11 +128,11 @@ class Chef
128
128
  end
129
129
 
130
130
  load_current_value do
131
- begin
132
- value get_sysctl_value(key)
133
- rescue
134
- current_value_does_not_exist!
135
- end
131
+
132
+ value get_sysctl_value(key)
133
+ rescue
134
+ current_value_does_not_exist!
135
+
136
136
  end
137
137
 
138
138
  action :apply do
@@ -80,7 +80,7 @@ class Chef
80
80
 
81
81
  action :create do
82
82
  template "/etc/security/limits.d/#{new_resource.filename}" do
83
- source ::File.expand_path("../support/ulimit.erb", __FILE__)
83
+ source ::File.expand_path("support/ulimit.erb", __dir__)
84
84
  local true
85
85
  mode "0644"
86
86
  variables(
@@ -23,6 +23,8 @@ class Chef
23
23
  class WindowsAdJoin < Chef::Resource
24
24
  provides :windows_ad_join
25
25
 
26
+ unified_mode true
27
+
26
28
  description "Use the **windows_ad_join** resource to join a Windows Active Directory domain."
27
29
  introduced "14.0"
28
30
  examples <<~DOC
@@ -82,6 +82,9 @@ class Chef
82
82
  "User / Device Claims",
83
83
  "User Account Management",
84
84
  ].freeze
85
+
86
+ unified_mode true
87
+
85
88
  provides :windows_audit_policy
86
89
 
87
90
  description "Use the **windows_audit_policy** resource to configure system level and per-user Windows advanced audit policy settings."
@@ -21,6 +21,8 @@ require_relative "../resource"
21
21
  class Chef
22
22
  class Resource
23
23
  class WindowsAutorun < Chef::Resource
24
+ unified_mode true
25
+
24
26
  provides(:windows_auto_run) { true }
25
27
 
26
28
  description "Use the **windows_auto_run** resource to set applications to run at login."
@@ -26,6 +26,8 @@ require_relative "../dist"
26
26
  class Chef
27
27
  class Resource
28
28
  class WindowsCertificate < Chef::Resource
29
+ unified_mode true
30
+
29
31
  provides :windows_certificate
30
32
 
31
33
  description "Use the **windows_certificate** resource to install a certificate into the Windows certificate store from a file. The resource grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificates remotely may not work if the operation requires a user profile. Operations on the local machine store should still work."
@@ -21,6 +21,8 @@ require_relative "../resource"
21
21
  class Chef
22
22
  class Resource
23
23
  class WindowsDfsFolder < Chef::Resource
24
+ unified_mode true
25
+
24
26
  provides :windows_dfs_folder
25
27
 
26
28
  description "Use the **windows_dfs_folder** resource to creates a folder within DFS as many levels deep as required."
@@ -21,6 +21,8 @@ require_relative "../resource"
21
21
  class Chef
22
22
  class Resource
23
23
  class WindowsDfsNamespace < Chef::Resource
24
+ unified_mode true
25
+
24
26
  provides :windows_dfs_namespace
25
27
 
26
28
  description "Use the **windows_dfs_namespace** resource to creates a share and DFS namespace on a Windows server."
@@ -21,6 +21,8 @@ require_relative "../resource"
21
21
  class Chef
22
22
  class Resource
23
23
  class WindowsDfsServer < Chef::Resource
24
+ unified_mode true
25
+
24
26
  provides :windows_dfs_server
25
27
 
26
28
  description "Use the **windows_dfs_server** resource to set system-wide DFS settings."
@@ -21,6 +21,8 @@ require_relative "../resource"
21
21
  class Chef
22
22
  class Resource
23
23
  class WindowsDnsRecord < Chef::Resource
24
+ unified_mode true
25
+
24
26
  provides :windows_dns_record
25
27
 
26
28
  description "The windows_dns_record resource creates a DNS record for the given domain."
@@ -42,23 +44,40 @@ class Chef
42
44
  description: "The type of record to create, can be either ARecord, CNAME or PTR.",
43
45
  default: "ARecord", equal_to: %w{ARecord CNAME PTR}
44
46
 
47
+ property :dns_server, String,
48
+ description: "The name of the DNS server on which to create the record.",
49
+ default: "localhost",
50
+ introduced: "16.3"
51
+
45
52
  action :create do
46
53
  description "Creates and updates the DNS entry."
47
54
 
48
- powershell_package "xDnsServer" do
55
+ windows_feature "RSAT-DNS-Server" do
56
+ not_if new_resource.dns_server.casecmp?("localhost")
49
57
  end
50
- do_it "Present"
58
+
59
+ powershell_package "xDnsServer"
60
+
61
+ run_dsc_resource "Present"
51
62
  end
52
63
 
53
64
  action :delete do
54
65
  description "Deletes a DNS entry."
55
- powershell_package "xDnsServer" do
66
+
67
+ windows_feature "RSAT-DNS-Server" do
68
+ not_if new_resource.dns_server.casecmp?("localhost")
56
69
  end
57
- do_it "Absent"
70
+
71
+ powershell_package "xDnsServer"
72
+
73
+ run_dsc_resource "Absent"
58
74
  end
59
75
 
60
76
  action_class do
61
- def do_it(ensure_prop)
77
+ private
78
+
79
+ # @api private
80
+ def run_dsc_resource(ensure_prop)
62
81
  dsc_resource "xDnsRecord #{new_resource.record_name}.#{new_resource.zone} #{ensure_prop}" do
63
82
  module_name "xDnsServer"
64
83
  resource :xDnsRecord
@@ -67,6 +86,7 @@ class Chef
67
86
  property :Zone, new_resource.zone
68
87
  property :Type, new_resource.record_type
69
88
  property :Target, new_resource.target
89
+ property :DnsServer, new_resource.dns_server
70
90
  end
71
91
  end
72
92
  end
@@ -21,6 +21,8 @@ require_relative "../resource"
21
21
  class Chef
22
22
  class Resource
23
23
  class WindowsDnsZone < Chef::Resource
24
+ unified_mode true
25
+
24
26
  provides :windows_dns_zone
25
27
 
26
28
  description "The windows_dns_zone resource creates an Active Directory Integrated DNS Zone on the local server."
@@ -41,21 +43,24 @@ class Chef
41
43
  action :create do
42
44
  description "Creates and updates a DNS Zone."
43
45
 
44
- powershell_package "xDnsServer" do
45
- end
46
- do_it "Present"
46
+ powershell_package "xDnsServer"
47
+
48
+ run_dsc_resource "Present"
47
49
  end
48
50
 
49
51
  action :delete do
50
52
  description "Deletes a DNS Zone."
51
53
 
52
- powershell_package "xDnsServer" do
53
- end
54
- do_it "Absent"
54
+ powershell_package "xDnsServer"
55
+
56
+ run_dsc_resource "Absent"
55
57
  end
56
58
 
57
59
  action_class do
58
- def do_it(ensure_prop)
60
+ private
61
+
62
+ # @api private
63
+ def run_dsc_resource(ensure_prop)
59
64
  if new_resource.server_type == "Domain"
60
65
  dsc_resource "xDnsServerADZone #{new_resource.zone_name} #{ensure_prop}" do
61
66
  module_name "xDnsServer"
@@ -125,6 +125,8 @@ class Chef
125
125
  end
126
126
 
127
127
  action_class do
128
+ private
129
+
128
130
  # call the appropriate windows_feature resource based on the specified subresource
129
131
  # @return [void]
130
132
  def run_default_subresource(desired_action)
@@ -22,6 +22,8 @@ require_relative "../platform/query_helpers"
22
22
  class Chef
23
23
  class Resource
24
24
  class WindowsFeatureDism < Chef::Resource
25
+ unified_mode true
26
+
25
27
  provides(:windows_feature_dism) { true }
26
28
 
27
29
  description "Use the **windows_feature_dism** resource to add, remove, or entirely delete Windows features and roles using DISM."
@@ -125,6 +127,8 @@ class Chef
125
127
  end
126
128
 
127
129
  action_class do
130
+ private
131
+
128
132
  # @return [Array] features the user has requested to install which need installation
129
133
  def features_to_install
130
134
  @install ||= begin
@@ -171,6 +175,12 @@ class Chef
171
175
  raise "The Windows feature#{"s" if unavailable.count > 1} #{unavailable.join(",")} #{unavailable.count > 1 ? "are" : "is"} not available on this version of Windows. Run 'dism /online /Get-Features' to see the list of available feature names." unless unavailable.empty?
172
176
  end
173
177
 
178
+ #
179
+ # FIXME FIXME FIXME
180
+ # The node object should not be used for caching state like this and this is not a public API and may break.
181
+ # FIXME FIXME FIXME
182
+ #
183
+
174
184
  # run dism.exe to get a list of all available features and their state
175
185
  # and save that to the node at node.override level.
176
186
  # We do this because getting a list of features in dism takes at least a second
@@ -23,6 +23,8 @@ require_relative "../platform/query_helpers"
23
23
  class Chef
24
24
  class Resource
25
25
  class WindowsFeaturePowershell < Chef::Resource
26
+ unified_mode true
27
+
26
28
  provides(:windows_feature_powershell) { true }
27
29
 
28
30
  description "Use the **windows_feature_powershell** resource to add, remove, or entirely delete Windows features and roles using PowerShell. This resource offers significant speed benefits over the windows_feature_dism resource, but requires installation of the Remote Server Administration Tools on non-server releases of Windows."
@@ -141,8 +143,12 @@ class Chef
141
143
  action_class do
142
144
  # @return [Array] features the user has requested to install which need installation
143
145
  def features_to_install
144
- # the intersection of the features to install & disabled features are what needs installing
145
- @install ||= new_resource.feature_name & node["powershell_features_cache"]["disabled"]
146
+ # the intersection of the features to install & disabled/removed features are what needs installing
147
+ @features_to_install ||= begin
148
+ features = node["powershell_features_cache"]["disabled"]
149
+ features |= node["powershell_features_cache"]["removed"] if new_resource.source
150
+ new_resource.feature_name & features
151
+ end
146
152
  end
147
153
 
148
154
  # @return [Array] features the user has requested to remove which need removing
@@ -182,6 +188,12 @@ class Chef
182
188
  # @return [void]
183
189
  def reload_cached_powershell_data
184
190
  Chef::Log.debug("Caching Windows features available via Get-WindowsFeature.")
191
+
192
+ #
193
+ # FIXME FIXME FIXME
194
+ # The node object should not be used for caching state like this and this is not a public API and may break.
195
+ # FIXME FIXME FIXME
196
+ #
185
197
  node.override["powershell_features_cache"] = Mash.new
186
198
  node.override["powershell_features_cache"]["enabled"] = []
187
199
  node.override["powershell_features_cache"]["disabled"] = []
@@ -0,0 +1,199 @@
1
+ #
2
+ # Author:: John McCrae (<jmccrae@chef.io>)
3
+ # Author:: Davin Taddeo (<davin@chef.io>)
4
+ # Copyright:: Copyright (c) Chef Software Inc.
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ class Chef
20
+ class Resource
21
+ class WindowsFirewallProfile < Chef::Resource
22
+ unified_mode true
23
+
24
+ provides :windows_firewall_profile
25
+ description "Use the **windows_firewall_profile** resource to enable, disable, and configure the Windows firewall."
26
+ introduced "16.3"
27
+
28
+ examples <<~DOC
29
+ **Enable and Configure the Private Profile of the Windows Profile**:
30
+
31
+ ```ruby
32
+ windows_firewall_profile 'Private' do
33
+ default_inbound_action 'Block'
34
+ default_outbound_action 'Allow'
35
+ allow_inbound_rules true
36
+ display_notification false
37
+ action :enable
38
+ end
39
+ ```
40
+
41
+ **Enable and Configure the Public Profile of the Windows Firewall**:
42
+
43
+ ```ruby
44
+ windows_firewall_profile 'Public' do
45
+ default_inbound_action 'Block'
46
+ default_outbound_action 'Allow'
47
+ allow_inbound_rules false
48
+ display_notification false
49
+ action :enable
50
+ end
51
+ ```
52
+
53
+ **Disable the Domain Profile of the Windows Firewall**:
54
+
55
+ ```ruby
56
+ windows_firewall_profile 'Disable the Domain Profile of the Windows Firewall' do
57
+ profile 'Domain'
58
+ action :disable
59
+ end
60
+ ```
61
+ DOC
62
+
63
+ unified_mode true
64
+
65
+ property :profile, String,
66
+ name_property: true,
67
+ equal_to: %w{ Domain Public Private },
68
+ description: "Set the Windows Profile being configured"
69
+
70
+ property :default_inbound_action, [String, nil],
71
+ equal_to: %w{ Allow Block NotConfigured },
72
+ description: "Set the default policy for inbound network traffic"
73
+
74
+ property :default_outbound_action, [String, nil],
75
+ equal_to: %w{ Allow Block NotConfigured },
76
+ description: "Set the default policy for outbound network traffic"
77
+
78
+ property :allow_inbound_rules, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow users to set inbound firewall rules"
79
+ property :allow_local_firewall_rules, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Merges inbound firewall rules into the policy"
80
+ property :allow_local_ipsec_rules, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow users to manage local connection security rules"
81
+ property :allow_user_apps, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow user applications to manage firewall"
82
+ property :allow_user_ports, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow users to manage firewall port rules"
83
+ property :allow_unicast_response, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Allow unicast responses to multicast and broadcast messages"
84
+ property :display_notification, [true, false, String], equal_to: [true, false, "NotConfigured"], description: "Display a notification when firewall blocks certain activity"
85
+
86
+ load_current_value do |desired|
87
+ ps_get_net_fw_profile = load_firewall_state(desired.profile)
88
+ output = powershell_out(ps_get_net_fw_profile)
89
+ if output.stdout.empty?
90
+ current_value_does_not_exist!
91
+ else
92
+ state = Chef::JSONCompat.from_json(output.stdout)
93
+ end
94
+
95
+ default_inbound_action state["default_inbound_action"]
96
+ default_outbound_action state["default_outbound_action"]
97
+ allow_inbound_rules convert_to_ruby(state["allow_inbound_rules"])
98
+ allow_local_firewall_rules convert_to_ruby(state["allow_local_firewall_rules"])
99
+ allow_local_ipsec_rules convert_to_ruby(state["allow_local_ipsec_rules"])
100
+ allow_user_apps convert_to_ruby(state["allow_user_apps"])
101
+ allow_user_ports convert_to_ruby(state["allow_user_ports"])
102
+ allow_unicast_response convert_to_ruby(state["allow_unicast_response"])
103
+ display_notification convert_to_ruby(state["display_notification"])
104
+ end
105
+
106
+ def convert_to_ruby(obj)
107
+ if obj.to_s.downcase == "true"
108
+ true
109
+ elsif obj.to_s.downcase == "false"
110
+ false
111
+ elsif obj.to_s.downcase == "notconfigured"
112
+ "NotConfigured"
113
+ end
114
+ end
115
+
116
+ def convert_to_powershell(obj)
117
+ if obj.to_s.downcase == "true"
118
+ "True"
119
+ elsif obj.to_s.downcase == "false"
120
+ "False"
121
+ elsif obj.to_s.downcase == "notconfigured"
122
+ "NotConfigured"
123
+ end
124
+ end
125
+
126
+ action :enable do
127
+ converge_if_changed :default_inbound_action, :default_outbound_action, :allow_inbound_rules, :allow_local_firewall_rules,
128
+ :allow_local_ipsec_rules, :allow_user_apps, :allow_user_ports, :allow_unicast_response, :display_notification do
129
+ fw_cmd = firewall_command(new_resource.profile)
130
+ powershell_exec!(fw_cmd)
131
+ end
132
+ unless firewall_enabled?(new_resource.profile)
133
+ converge_by "Enable the #{new_resource.profile} Firewall Profile" do
134
+ cmd = "Set-NetFirewallProfile -Profile #{new_resource.profile} -Enabled \"True\""
135
+ powershell_out!(cmd)
136
+ end
137
+ end
138
+ end
139
+
140
+ action :disable do
141
+ if firewall_enabled?(new_resource.profile)
142
+ converge_by "Disable the #{new_resource.profile} Firewall Profile" do
143
+ cmd = "Set-NetFirewallProfile -Profile #{new_resource.profile} -Enabled \"False\""
144
+ powershell_out!(cmd)
145
+ end
146
+ end
147
+ end
148
+
149
+ action_class do
150
+ def firewall_command(fw_profile)
151
+ cmd = "Set-NetFirewallProfile -Profile \"#{fw_profile}\""
152
+ cmd << " -DefaultInboundAction \"#{new_resource.default_inbound_action}\"" unless new_resource.default_inbound_action.nil?
153
+ cmd << " -DefaultOutboundAction \"#{new_resource.default_outbound_action}\"" unless new_resource.default_outbound_action.nil?
154
+ cmd << " -AllowInboundRules \"#{convert_to_powershell(new_resource.allow_inbound_rules)}\"" unless new_resource.allow_inbound_rules.nil?
155
+ cmd << " -AllowLocalFirewallRules \"#{convert_to_powershell(new_resource.allow_local_firewall_rules)}\"" unless new_resource.allow_local_firewall_rules.nil?
156
+ cmd << " -AllowLocalIPsecRules \"#{convert_to_powershell(new_resource.allow_local_ipsec_rules)}\"" unless new_resource.allow_local_ipsec_rules.nil?
157
+ cmd << " -AllowUserApps \"#{convert_to_powershell(new_resource.allow_user_apps)}\"" unless new_resource.allow_user_apps.nil?
158
+ cmd << " -AllowUserPorts \"#{convert_to_powershell(new_resource.allow_user_ports)}\"" unless new_resource.allow_user_ports.nil?
159
+ cmd << " -AllowUnicastResponseToMulticast \"#{convert_to_powershell(new_resource.allow_unicast_response)}\"" unless new_resource.allow_unicast_response.nil?
160
+ cmd << " -NotifyOnListen \"#{convert_to_powershell(new_resource.display_notification)}\"" unless new_resource.display_notification.nil?
161
+ cmd
162
+ end
163
+
164
+ def load_firewall_state(profile_name)
165
+ <<-EOH
166
+ Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
167
+ $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
168
+ ([PSCustomObject]@{
169
+ default_inbound_action = $#{profile_name}.DefaultInboundAction.ToString()
170
+ default_outbound_action = $#{profile_name}.DefaultOutboundAction.ToString()
171
+ allow_inbound_rules = $#{profile_name}.AllowInboundRules.ToString()
172
+ allow_local_firewall_rules = $#{profile_name}.AllowLocalFirewallRules.ToString()
173
+ allow_local_ipsec_rules = $#{profile_name}.AllowLocalIPsecRules.ToString()
174
+ allow_user_apps = $#{profile_name}.AllowUserApps.ToString()
175
+ allow_user_ports = $#{profile_name}.AllowUserPorts.ToString()
176
+ allow_unicast_response = $#{profile_name}.AllowUnicastResponseToMulticast.ToString()
177
+ display_notification = $#{profile_name}.NotifyOnListen.ToString()
178
+ }) | ConvertTo-Json
179
+ EOH
180
+ end
181
+
182
+ def firewall_enabled?(profile_name)
183
+ cmd = <<~CODE
184
+ $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
185
+ if ($#{profile_name}.Enabled) {
186
+ return $true
187
+ } else {return $false}
188
+ CODE
189
+ firewall_status = powershell_out(cmd).stdout
190
+ if /True/.match?(firewall_status)
191
+ true
192
+ elsif /False/.match?(firewall_status)
193
+ false
194
+ end
195
+ end
196
+ end
197
+ end
198
+ end
199
+ end