chef 16.2.50-universal-mingw32 → 16.4.38-universal-mingw32

data/lib/chef/resource/windows_firewall_rule.rb

@@ -24,6 +24,8 @@ require_relative "../json_compat"
 class Chef
   class Resource
     class WindowsFirewallRule < Chef::Resource
+      unified_mode true
+
       provides :windows_firewall_rule
 
       description "Use the **windows_firewall_rule** resource to create, change or remove Windows firewall rules."
@@ -273,11 +275,11 @@ class Chef
           requirements.assert(:create) do |a|
             a.assertion do
               if new_resource.icmp_type.is_a?(Integer)
-                (0..255).include?(new_resource.icmp_type)
+                (0..255).cover?(new_resource.icmp_type)
               elsif new_resource.icmp_type.is_a?(String) && !new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
-                (0..255).include?(new_resource.icmp_type.to_i)
+                (0..255).cover?(new_resource.icmp_type.to_i)
               elsif new_resource.icmp_type.is_a?(String) && new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
-                new_resource.icmp_type.split(":").all? { |type| (0..255).include?(type.to_i) }
+                new_resource.icmp_type.split(":").all? { |type| (0..255).cover?(type.to_i) }
               else
                 true
               end

data/lib/chef/resource/windows_font.rb

@@ -21,6 +21,7 @@ class Chef
   class Resource
     class WindowsFont < Chef::Resource
       require_relative "../util/path_helper"
+      unified_mode true
 
       provides(:windows_font) { true }
 
@@ -98,8 +99,9 @@ class Chef
         def font_exists?
           require "win32ole" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
           fonts_dir = WIN32OLE.new("WScript.Shell").SpecialFolders("Fonts")
+          fonts_dir_local = Chef::Util::PathHelper.join(ENV["home"], "AppData/Local/Microsoft/Windows/fonts")
           logger.trace("Seeing if the font at #{Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)} exists")
-          ::File.exist?(Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name))
+          ::File.exist?(Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)) || ::File.exist?(Chef::Util::PathHelper.join(fonts_dir_local, new_resource.font_name))
         end
 
         # Parse out the schema provided to us to see if it's one we support via remote_file.

data/lib/chef/resource/windows_pagefile.rb

@@ -20,6 +20,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsPagefile < Chef::Resource
+      unified_mode true
+
       provides(:windows_pagefile) { true }
 
       description "Use the **windows_pagefile** resource to configure pagefile settings on Windows."
@@ -109,6 +111,8 @@ class Chef
       end
 
       action_class do
+        private
+
         # make sure the provided name property matches the appropriate format
         # we do this here and not in the property itself because if automatic_managed
         # is set then this validation is not necessary / doesn't make sense at all

data/lib/chef/resource/windows_printer.rb

@@ -22,6 +22,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsPrinter < Chef::Resource
+      unified_mode true
+
       require "resolv"
 
       provides(:windows_printer) { true }
@@ -79,31 +81,17 @@ class Chef
         validation_message: "The ipv4_address property must be in the IPv4 format of `WWW.XXX.YYY.ZZZ`",
         regex: Resolv::IPv4::Regex
 
-      property :exists, [TrueClass, FalseClass],
-        skip_docs: true
-
       PRINTERS_REG_KEY = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\'.freeze unless defined?(PRINTERS_REG_KEY)
 
-      # does the printer exist
-      #
-      # @param [String] name the name of the printer
-      # @return [Boolean]
-      def printer_exists?(name)
-        printer_reg_key = PRINTERS_REG_KEY + name
-        logger.trace "Checking to see if this reg key exists: '#{printer_reg_key}'"
-        registry_key_exists?(printer_reg_key)
-      end
-
       # @todo Set @current_resource printer properties from registry
       load_current_value do |desired|
         name desired.name
-        exists printer_exists?(desired.name)
       end
 
       action :create do
         description "Create a new printer and a printer port if one doesn't already exist."
 
-        if @current_resource.exists
+        if printer_exists?
           Chef::Log.info "#{@new_resource} already exists - nothing to do."
         else
           converge_by("Create #{@new_resource}") do
@@ -115,7 +103,7 @@ class Chef
       action :delete do
         description "Delete an existing printer. Note this does not delete the associated printer port."
 
-        if @current_resource.exists
+        if printer_exists?
           converge_by("Delete #{@new_resource}") do
             delete_printer
           end
@@ -125,11 +113,22 @@ class Chef
       end
 
       action_class do
+        private
+
+        # does the printer exist
+        #
+        # @param [String] name the name of the printer
+        # @return [Boolean]
+        def printer_exists?
+          printer_reg_key = PRINTERS_REG_KEY + new_resource.name
+          logger.trace "Checking to see if this reg key exists: '#{printer_reg_key}'"
+          registry_key_exists?(printer_reg_key)
+        end
+
         # creates the printer port and then the printer
         def create_printer
           # Create the printer port first
-          windows_printer_port new_resource.ipv4_address do
-          end
+          windows_printer_port new_resource.ipv4_address
 
           port_name = "IP_#{new_resource.ipv4_address}"
 

data/lib/chef/resource/windows_printer_port.rb

@@ -22,6 +22,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsPrinterPort < Chef::Resource
+      unified_mode true
+
       require "resolv"
 
       provides(:windows_printer_port) { true }
@@ -82,30 +84,19 @@ class Chef
         validation_message: "port_protocol must be either 1 for RAW or 2 for LPR!",
         default: 1, equal_to: [1, 2]
 
-      property :exists, [TrueClass, FalseClass],
-        skip_docs: true
-
       PORTS_REG_KEY = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\\'.freeze unless defined?(PORTS_REG_KEY)
 
-      def port_exists?(name)
-        port_reg_key = PORTS_REG_KEY + name
-
-        logger.trace "Checking to see if this reg key exists: '#{port_reg_key}'"
-        registry_key_exists?(port_reg_key)
-      end
-
       # @todo Set @current_resource port properties from registry
       load_current_value do |desired|
         name desired.name
         ipv4_address desired.ipv4_address
         port_name desired.port_name || "IP_#{desired.ipv4_address}"
-        exists port_exists?(desired.port_name || "IP_#{desired.ipv4_address}")
       end
 
       action :create do
         description "Create the new printer port if it does not already exist."
 
-        if current_resource.exists
+        if port_exists?
           Chef::Log.info "#{@new_resource} already exists - nothing to do."
         else
           converge_by("Create #{@new_resource}") do
@@ -117,7 +108,7 @@ class Chef
       action :delete do
         description "Delete an existing printer port."
 
-        if current_resource.exists
+        if port_exists?
           converge_by("Delete #{@new_resource}") do
             delete_printer_port
           end
@@ -127,6 +118,16 @@ class Chef
       end
 
       action_class do
+        private
+
+        def port_exists?
+          name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
+          port_reg_key = PORTS_REG_KEY + name
+
+          logger.trace "Checking to see if this reg key exists: '#{port_reg_key}'"
+          registry_key_exists?(port_reg_key)
+        end
+
         def create_printer_port
           port_name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
 

data/lib/chef/resource/windows_security_policy.rb

@@ -21,6 +21,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsSecurityPolicy < Chef::Resource
+      unified_mode true
+
       provides :windows_security_policy
 
       # The valid policy_names options found here
@@ -80,13 +82,55 @@ class Chef
       property :secvalue, String, required: true,
       description: "Policy value to be set for policy name."
 
+      load_current_value do |desired|
+        powershell_code = <<-CODE
+          C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\secopts_export.inf | Out-Null
+          # cspell:disable-next-line
+          $security_options_data = (Get-Content $env:TEMP\\secopts_export.inf | Select-String -Pattern "^[CEFLMNPR].* =.*$" | Out-String)
+          Remove-Item $env:TEMP\\secopts_export.inf -force
+          $security_options_hash = ($security_options_data -Replace '"'| ConvertFrom-StringData)
+          ([PSCustomObject]@{
+            RequireLogonToChangePassword = $security_options_hash.RequireLogonToChangePassword
+            PasswordComplexity = $security_options_hash.PasswordComplexity
+            LSAAnonymousNameLookup = $security_options_hash.LSAAnonymousNameLookup
+            EnableAdminAccount = $security_options_hash.EnableAdminAccount
+            PasswordHistorySize = $security_options_hash.PasswordHistorySize
+            MinimumPasswordLength = $security_options_hash.MinimumPasswordLength
+            ResetLockoutCount = $security_options_hash.ResetLockoutCount
+            MaximumPasswordAge = $security_options_hash.MaximumPasswordAge
+            ClearTextPassword = $security_options_hash.ClearTextPassword
+            NewAdministratorName = $security_options_hash.NewAdministratorName
+            LockoutDuration = $security_options_hash.LockoutDuration
+            EnableGuestAccount = $security_options_hash.EnableGuestAccount
+            ForceLogoffWhenHourExpire = $security_options_hash.ForceLogoffWhenHourExpire
+            MinimumPasswordAge = $security_options_hash.MinimumPasswordAge
+            NewGuestName = $security_options_hash.NewGuestName
+            LockoutBadCount = $security_options_hash.LockoutBadCount
+          }) | ConvertTo-Json
+        CODE
+        output = powershell_out(powershell_code)
+        current_value_does_not_exist! if output.stdout.empty?
+        state = Chef::JSONCompat.from_json(output.stdout)
+
+        if desired.secoption == "ResetLockoutCount" || desired.secoption == "LockoutDuration"
+          if state["LockoutBadCount"] == "0"
+            raise Chef::Exceptions::ValidationFailed.new "#{desired.secoption} cannot be set unless the \"LockoutBadCount\" security policy has been set to a non-zero value"
+          else
+            secvalue state[desired.secoption.to_s]
+          end
+        else
+          secvalue state[desired.secoption.to_s]
+        end
+      end
+
       action :set do
-        security_option = new_resource.secoption
-        security_value = new_resource.secvalue
-        powershell_script "#{security_option} set to #{security_value}" do
-          convert_boolean_return true
-          code <<-EOH
+        converge_if_changed :secvalue do
+          security_option = new_resource.secoption
+          security_value = new_resource.secvalue
+
+          cmd = <<-EOH
             $security_option = "#{security_option}"
+            C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
             if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") )
               {
                 $#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content $env:TEMP\\#{security_option}_Export.inf
@@ -99,21 +143,8 @@ class Chef
               }
             Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
           EOH
-          not_if <<-EOH
-            $#{security_option}_Export = C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
-            $ExportAudit = (Get-Content $env:TEMP\\#{security_option}_Export.inf | Select-String -Pattern #{security_option})
-            $check_digit = $ExportAudit -match '#{security_option} = #{security_value}'
-            $check_string = $ExportAudit -match '#{security_option} = "#{security_value}"'
-            if ( $check_string -Or $check_digit )
-              {
-                Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
-                $true
-              }
-            else
-              {
-                $false
-              }
-          EOH
+
+          powershell_out!(cmd)
         end
       end
     end

data/lib/chef/resource/windows_share.rb

@@ -26,6 +26,8 @@ require_relative "../util/path_helper"
 class Chef
   class Resource
     class WindowsShare < Chef::Resource
+      unified_mode true
+
       provides :windows_share
 
       description "Use the **windows_share** resource to create, modify and remove Windows shares."
@@ -59,7 +61,7 @@ class Chef
       # Specifies the path of the location of the folder to share. The path must be fully qualified. Relative paths or paths that contain wildcard characters are not permitted.
       property :path, String,
         description: "The path of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created.",
-        coerce: proc { |p| p.gsub(%r{/}, "\\") || p }
+        coerce: proc { |p| p.tr("/", "\\") || p }
 
       # Specifies an optional description of the SMB share. A description of the share is displayed by running the Get-SmbShare cmdlet. The description may not contain more than 256 characters.
       property :description, String,
@@ -117,8 +119,6 @@ class Chef
       # Specifies which files and folders in the SMB share are visible to users. AccessBased: SMB does not the display the files and folders for a share to a user unless that user has rights to access the files and folders. By default, access-based enumeration is disabled for new SMB shares. Unrestricted: SMB displays files and folders to a user even when the user does not have permission to access the items.
       # property :folder_enumeration_mode, String, equal_to: %(AccessBased Unrestricted)
 
-      include Chef::Mixin::PowershellOut
-
       load_current_value do |desired|
         # this command selects individual objects because EncryptData & CachingMode have underlying
         # types that get converted to their Integer values by ConvertTo-Json & we need to make sure
@@ -233,6 +233,8 @@ class Chef
       end
 
       action_class do
+        private
+
         def different_path?
           return false if current_resource.nil? # going from nil to something isn't different for our concerns
           return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path)

data/lib/chef/resource/windows_shortcut.rb

@@ -21,6 +21,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsShortcut < Chef::Resource
+      unified_mode true
+
       provides(:windows_shortcut) { true }
 
       description "Use the **windows_shortcut** resource to create shortcut files on Windows."

data/lib/chef/resource/windows_uac.rb

@@ -20,6 +20,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsUac < Chef::Resource
+      unified_mode true
+
       provides :windows_uac
 
       description 'The *windows_uac* resource configures UAC on Windows hosts by setting registry keys at `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`'

data/lib/chef/resource/windows_user_privilege.rb

@@ -21,6 +21,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsUserPrivilege < Chef::Resource
+      unified_mode true
+
       privilege_opts = %w{SeTrustedCredManAccessPrivilege
                           SeNetworkLogonRight
                           SeTcbPrivilege
@@ -112,6 +114,15 @@ class Chef
         action         :remove
       end
       ```
+
+      **Clear all users from the SeDenyNetworkLogonRight Privilege**:
+
+      ```ruby
+      windows_user_privilege 'Allow any user the Network Logon right' do
+        privilege      'SeDenyNetworkLogonRight'
+        action         :clear
+      end
+      ```
       DOC
 
       property :principal, String,
@@ -132,8 +143,8 @@ class Chef
          }
 
       load_current_value do |new_resource|
-        unless new_resource.principal.nil?
-          privilege Chef::ReservedNames::Win32::Security.get_account_right(new_resource.principal) unless new_resource.action.include?(:set)
+        if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove))
+          privilege Chef::ReservedNames::Win32::Security.get_account_right(new_resource.principal)
         end
       end
 
@@ -180,6 +191,20 @@ class Chef
         end
       end
 
+      action :clear do
+        new_resource.privilege.each do |privilege|
+          accounts = Chef::ReservedNames::Win32::Security.get_account_with_user_rights(privilege)
+
+          # comparing the existing accounts for privilege with users
+          # Removing only accounts which is not matching with users in new_resource
+          accounts.each do |account|
+            converge_by("removing user '#{account}' from privilege #{privilege}") do
+              Chef::ReservedNames::Win32::Security.remove_account_right(account, privilege)
+            end
+          end
+        end
+      end
+
       action :remove do
         curr_res_privilege = current_resource.privilege
         missing_res_privileges = (new_resource.privilege - curr_res_privilege)

data/lib/chef/resource/windows_workgroup.rb

@@ -16,7 +16,6 @@
 #
 
 require_relative "../resource"
-require_relative "../mixin/powershell_out"
 require_relative "../dist"
 
 class Chef
@@ -24,8 +23,6 @@ class Chef
     class WindowsWorkgroup < Chef::Resource
       provides :windows_workgroup
 
-      include Chef::Mixin::PowershellOut
-
       description "Use the **windows_workgroup** resource to join or change the workgroup of a Windows host."
       introduced "14.5"
       examples <<~DOC
@@ -57,6 +54,7 @@ class Chef
 
       property :password, String,
         description: "The password for the local administrator user. Required if using the `user` property.",
+        sensitive: true,
         desired_state: false
 
       property :reboot, Symbol,
@@ -83,6 +81,7 @@ class Chef
       end
 
       # define this again so we can default it to true. Otherwise failures print the password
+      # FIXME: this should now be unnecessary with the password property itself marked sensitive?
       property :sensitive, [TrueClass, FalseClass],
         default: true, desired_state: false
 

data/lib/chef/resource_collection/stepable_iterator.rb

@@ -20,8 +20,7 @@ class Chef
     class StepableIterator
 
       def self.for_collection(new_collection)
-        instance = new(new_collection)
-        instance
+        new(new_collection)
       end
 
       attr_accessor :collection