chef 16.2.50-universal-mingw32 → 16.4.38-universal-mingw32
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +4 -4
- data/Rakefile +3 -16
- data/chef-universal-mingw32.gemspec +2 -3
- data/chef.gemspec +4 -3
- data/lib/chef/action_collection.rb +4 -0
- data/lib/chef/api_client/registration.rb +2 -2
- data/lib/chef/application.rb +13 -1
- data/lib/chef/application/apply.rb +6 -5
- data/lib/chef/application/windows_service.rb +27 -27
- data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
- data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
- data/lib/chef/chef_class.rb +0 -1
- data/lib/chef/chef_fs/chef_fs_data_store.rb +54 -54
- data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
- data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
- data/lib/chef/chef_fs/file_system/chef_server/cookbook_file.rb +2 -2
- data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
- data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
- data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
- data/lib/chef/client.rb +14 -14
- data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
- data/lib/chef/cookbook/syntax_check.rb +1 -2
- data/lib/chef/cookbook_loader.rb +15 -29
- data/lib/chef/data_bag.rb +1 -2
- data/lib/chef/data_collector/run_end_message.rb +11 -1
- data/lib/chef/deprecated.rb +8 -0
- data/lib/chef/digester.rb +3 -2
- data/lib/chef/dsl/platform_introspection.rb +9 -7
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
- data/lib/chef/environment.rb +3 -4
- data/lib/chef/exceptions.rb +4 -1
- data/lib/chef/file_access_control/windows.rb +2 -2
- data/lib/chef/file_content_management/deploy/mv_unix.rb +1 -1
- data/lib/chef/file_content_management/tempfile.rb +9 -9
- data/lib/chef/handler.rb +2 -0
- data/lib/chef/http.rb +12 -12
- data/lib/chef/http/authenticator.rb +3 -1
- data/lib/chef/json_compat.rb +1 -1
- data/lib/chef/knife.rb +4 -4
- data/lib/chef/knife/bootstrap.rb +18 -15
- data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
- data/lib/chef/knife/config_get.rb +1 -0
- data/lib/chef/knife/config_list_profiles.rb +4 -1
- data/lib/chef/knife/configure.rb +1 -1
- data/lib/chef/knife/cookbook_download.rb +1 -1
- data/lib/chef/knife/cookbook_metadata.rb +1 -1
- data/lib/chef/knife/cookbook_upload.rb +29 -37
- data/lib/chef/knife/core/bootstrap_context.rb +1 -1
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/generic_presenter.rb +1 -1
- data/lib/chef/knife/core/hashed_command_loader.rb +3 -2
- data/lib/chef/knife/core/subcommand_loader.rb +20 -1
- data/lib/chef/knife/core/ui.rb +8 -2
- data/lib/chef/knife/core/windows_bootstrap_context.rb +33 -26
- data/lib/chef/knife/delete.rb +15 -15
- data/lib/chef/knife/exec.rb +2 -2
- data/lib/chef/knife/rehash.rb +3 -21
- data/lib/chef/knife/ssh.rb +11 -7
- data/lib/chef/knife/xargs.rb +19 -19
- data/lib/chef/knife/yaml_convert.rb +1 -1
- data/lib/chef/log.rb +7 -2
- data/lib/chef/mixin/checksum.rb +0 -1
- data/{spec/functional/resource/base.rb → lib/chef/mixin/chef_utils_wiring.rb} +24 -12
- data/lib/chef/mixin/deep_merge.rb +35 -6
- data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
- data/lib/chef/mixin/openssl_helper.rb +30 -6
- data/lib/chef/mixin/path_sanity.rb +5 -4
- data/lib/chef/mixin/shell_out.rb +4 -188
- data/lib/chef/mixin/template.rb +1 -0
- data/lib/chef/mixin/which.rb +6 -3
- data/lib/chef/mixins.rb +1 -0
- data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
- data/lib/chef/node.rb +36 -12
- data/lib/chef/node/attribute.rb +2 -4
- data/lib/chef/node_map.rb +21 -18
- data/lib/chef/platform/service_helpers.rb +31 -28
- data/lib/chef/property.rb +1 -1
- data/lib/chef/provider/cron/unix.rb +0 -2
- data/lib/chef/provider/git.rb +17 -9
- data/lib/chef/provider/group.rb +0 -2
- data/lib/chef/provider/group/suse.rb +5 -5
- data/lib/chef/provider/ifconfig.rb +1 -4
- data/lib/chef/provider/mount.rb +0 -2
- data/lib/chef/provider/mount/solaris.rb +0 -1
- data/lib/chef/provider/package.rb +0 -2
- data/lib/chef/provider/package/rubygems.rb +1 -1
- data/lib/chef/provider/package/snap.rb +3 -4
- data/lib/chef/provider/package/windows.rb +9 -4
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +9 -9
- data/lib/chef/provider/package/zypper.rb +0 -1
- data/lib/chef/provider/powershell_script.rb +21 -5
- data/lib/chef/provider/route.rb +1 -1
- data/lib/chef/provider/service.rb +2 -2
- data/lib/chef/provider/service/arch.rb +1 -1
- data/lib/chef/provider/service/debian.rb +1 -1
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +2 -2
- data/lib/chef/provider/service/openbsd.rb +1 -4
- data/lib/chef/provider/service/redhat.rb +2 -2
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +10 -10
- data/lib/chef/provider/systemd_unit.rb +0 -2
- data/lib/chef/provider/template/content.rb +1 -0
- data/lib/chef/provider/user/dscl.rb +2 -2
- data/lib/chef/provider/user/mac.rb +9 -9
- data/lib/chef/provider/windows_task.rb +0 -3
- data/lib/chef/provider/yum_repository.rb +1 -1
- data/lib/chef/provider/zypper_repository.rb +1 -2
- data/lib/chef/providers.rb +0 -1
- data/lib/chef/recipe.rb +1 -1
- data/lib/chef/resource.rb +9 -11
- data/lib/chef/resource/apt_repository.rb +1 -10
- data/lib/chef/resource/build_essential.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
- data/lib/chef/resource/chef_client_systemd_timer.rb +2 -2
- data/lib/chef/resource/chef_vault_secret.rb +13 -13
- data/lib/chef/resource/chocolatey_feature.rb +1 -2
- data/lib/chef/resource/cron/cron_d.rb +1 -1
- data/lib/chef/resource/cron_access.rb +2 -2
- data/lib/chef/resource/dmg_package.rb +1 -1
- data/lib/chef/resource/execute.rb +4 -5
- data/lib/chef/resource/homebrew_update.rb +2 -2
- data/lib/chef/resource/hostname.rb +18 -18
- data/lib/chef/resource/launchd.rb +1 -1
- data/lib/chef/resource/lwrp_base.rb +1 -0
- data/lib/chef/resource/macos_userdefaults.rb +176 -61
- data/lib/chef/resource/openssl_dhparam.rb +2 -0
- data/lib/chef/resource/openssl_ec_private_key.rb +2 -0
- data/lib/chef/resource/openssl_ec_public_key.rb +2 -0
- data/lib/chef/resource/openssl_rsa_private_key.rb +2 -0
- data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
- data/lib/chef/resource/openssl_x509_certificate.rb +35 -35
- data/lib/chef/resource/openssl_x509_crl.rb +3 -2
- data/lib/chef/resource/openssl_x509_request.rb +23 -20
- data/lib/chef/resource/osx_profile.rb +227 -5
- data/lib/chef/resource/powershell_package_source.rb +1 -1
- data/lib/chef/resource/powershell_script.rb +24 -30
- data/lib/chef/resource/service.rb +2 -2
- data/lib/chef/resource/ssh_known_hosts_entry.rb +1 -1
- data/lib/chef/resource/sudo.rb +2 -2
- data/lib/chef/resource/sysctl.rb +5 -5
- data/lib/chef/resource/user_ulimit.rb +1 -1
- data/lib/chef/resource/windows_ad_join.rb +2 -0
- data/lib/chef/resource/windows_audit_policy.rb +3 -0
- data/lib/chef/resource/windows_auto_run.rb +2 -0
- data/lib/chef/resource/windows_certificate.rb +2 -0
- data/lib/chef/resource/windows_dfs_folder.rb +2 -0
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
- data/lib/chef/resource/windows_dfs_server.rb +2 -0
- data/lib/chef/resource/windows_dns_record.rb +25 -5
- data/lib/chef/resource/windows_dns_zone.rb +12 -7
- data/lib/chef/resource/windows_feature.rb +2 -0
- data/lib/chef/resource/windows_feature_dism.rb +10 -0
- data/lib/chef/resource/windows_feature_powershell.rb +14 -2
- data/lib/chef/resource/windows_firewall_profile.rb +199 -0
- data/lib/chef/resource/windows_firewall_rule.rb +5 -3
- data/lib/chef/resource/windows_font.rb +3 -1
- data/lib/chef/resource/windows_pagefile.rb +4 -0
- data/lib/chef/resource/windows_printer.rb +17 -18
- data/lib/chef/resource/windows_printer_port.rb +14 -13
- data/lib/chef/resource/windows_security_policy.rb +51 -20
- data/lib/chef/resource/windows_share.rb +5 -3
- data/lib/chef/resource/windows_shortcut.rb +2 -0
- data/lib/chef/resource/windows_uac.rb +2 -0
- data/lib/chef/resource/windows_user_privilege.rb +27 -2
- data/lib/chef/resource/windows_workgroup.rb +2 -3
- data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
- data/lib/chef/resource_inspector.rb +7 -1
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/role.rb +3 -4
- data/lib/chef/run_context/cookbook_compiler.rb +20 -20
- data/lib/chef/run_status.rb +2 -6
- data/lib/chef/server_api_versions.rb +4 -0
- data/lib/chef/shell.rb +1 -1
- data/lib/chef/shell/shell_session.rb +2 -0
- data/lib/chef/util/backup.rb +1 -1
- data/lib/chef/util/diff.rb +11 -12
- data/lib/chef/util/powershell/cmdlet.rb +1 -1
- data/lib/chef/version.rb +2 -2
- data/lib/chef/win32/file.rb +2 -2
- data/lib/chef/win32/file/version_info.rb +5 -5
- data/lib/chef/win32/registry.rb +1 -2
- data/spec/data/ssl/chef-rspec.cert +15 -15
- data/spec/functional/knife/configure_spec.rb +1 -1
- data/spec/functional/knife/ssh_spec.rb +5 -16
- data/spec/functional/resource/aix_service_spec.rb +9 -2
- data/spec/functional/resource/aixinit_service_spec.rb +8 -9
- data/spec/functional/resource/apt_package_spec.rb +0 -1
- data/spec/functional/resource/bash_spec.rb +3 -2
- data/spec/functional/resource/bff_spec.rb +3 -3
- data/spec/functional/resource/chocolatey_package_spec.rb +4 -0
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/cron_spec.rb +10 -2
- data/spec/functional/resource/dnf_package_spec.rb +4 -1
- data/spec/functional/resource/dsc_resource_spec.rb +1 -1
- data/spec/functional/resource/dsc_script_spec.rb +0 -1
- data/spec/functional/resource/execute_spec.rb +1 -1
- data/spec/functional/resource/git_spec.rb +23 -1
- data/spec/functional/resource/group_spec.rb +21 -9
- data/spec/functional/resource/ifconfig_spec.rb +9 -1
- data/spec/functional/resource/insserv_spec.rb +7 -7
- data/spec/functional/resource/link_spec.rb +22 -25
- data/spec/functional/resource/mount_spec.rb +9 -1
- data/spec/functional/resource/msu_package_spec.rb +9 -3
- data/spec/functional/resource/powershell_script_spec.rb +8 -8
- data/spec/functional/resource/remote_file_spec.rb +7 -13
- data/spec/functional/resource/rpm_spec.rb +3 -3
- data/spec/functional/resource/timezone_spec.rb +2 -0
- data/spec/functional/resource/windows_certificate_spec.rb +3 -3
- data/spec/functional/resource/windows_font_spec.rb +49 -0
- data/spec/functional/resource/windows_package_spec.rb +0 -1
- data/spec/functional/resource/windows_path_spec.rb +4 -0
- data/spec/functional/resource/windows_security_policy_spec.rb +0 -4
- data/spec/functional/resource/windows_service_spec.rb +4 -0
- data/spec/functional/resource/windows_task_spec.rb +4 -3
- data/spec/functional/resource/windows_user_privilege_spec.rb +1 -2
- data/spec/functional/resource/yum_package_spec.rb +4 -1
- data/spec/functional/resource/zypper_package_spec.rb +4 -1
- data/spec/functional/run_lock_spec.rb +26 -25
- data/spec/functional/shell_spec.rb +5 -6
- data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/crypto_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +8 -8
- data/spec/functional/win32/service_manager_spec.rb +1 -1
- data/spec/integration/knife/common_options_spec.rb +12 -12
- data/spec/integration/knife/config_get_profile_spec.rb +69 -68
- data/spec/integration/knife/config_get_spec.rb +126 -125
- data/spec/integration/knife/config_list_profiles_spec.rb +181 -152
- data/spec/integration/knife/config_use_profile_spec.rb +110 -109
- data/spec/integration/knife/cookbook_upload_spec.rb +28 -1
- data/spec/integration/knife/data_bag_from_file_spec.rb +1 -1
- data/spec/integration/knife/diff_spec.rb +3 -1
- data/spec/integration/knife/download_spec.rb +3 -1
- data/spec/integration/knife/environment_from_file_spec.rb +1 -1
- data/spec/integration/knife/node_from_file_spec.rb +1 -1
- data/spec/integration/knife/role_from_file_spec.rb +1 -1
- data/spec/integration/knife/serve_spec.rb +5 -5
- data/spec/integration/knife/upload_spec.rb +3 -1
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +2 -2
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/recipe_dsl_spec.rb +5 -1
- data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
- data/spec/integration/recipes/resource_load_spec.rb +4 -2
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +1 -1
- data/spec/scripts/ssl-serve.rb +1 -1
- data/spec/spec_helper.rb +16 -10
- data/spec/support/chef_helpers.rb +1 -20
- data/spec/support/platform_helpers.rb +9 -11
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/shared/functional/directory_resource.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/file_resource.rb +20 -21
- data/spec/support/shared/functional/securable_resource.rb +1 -2
- data/spec/support/shared/functional/securable_resource_with_reporting.rb +0 -1
- data/spec/support/shared/functional/win32_service.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +5 -5
- data/spec/support/shared/integration/integration_helper.rb +22 -52
- data/spec/support/shared/integration/knife_support.rb +2 -9
- data/spec/support/shared/unit/application_dot_d.rb +0 -1
- data/spec/support/shared/unit/provider/file.rb +12 -8
- data/spec/support/shared/unit/script_resource.rb +6 -20
- data/spec/support/shared/unit/windows_script_resource.rb +15 -28
- data/spec/unit/application/solo_spec.rb +4 -2
- data/spec/unit/application_spec.rb +4 -2
- data/spec/unit/chef_fs/config_spec.rb +2 -2
- data/spec/unit/chef_fs/diff_spec.rb +8 -8
- data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
- data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
- data/spec/unit/client_spec.rb +4 -1
- data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
- data/spec/unit/cookbook/synchronizer_spec.rb +26 -24
- data/spec/unit/data_bag_spec.rb +6 -3
- data/spec/unit/data_collector_spec.rb +29 -1
- data/spec/unit/decorator_spec.rb +23 -23
- data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
- data/spec/unit/environment_spec.rb +12 -8
- data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
- data/spec/unit/guard_interpreter_spec.rb +1 -1
- data/spec/unit/http/api_versions_spec.rb +20 -2
- data/spec/unit/json_compat_spec.rb +1 -1
- data/spec/unit/knife/bootstrap_spec.rb +17 -20
- data/spec/unit/knife/cookbook_download_spec.rb +6 -6
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
- data/spec/unit/knife/cookbook_show_spec.rb +6 -7
- data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +21 -12
- data/spec/unit/knife/data_bag_edit_spec.rb +1 -1
- data/spec/unit/knife/supermarket_share_spec.rb +1 -1
- data/spec/unit/log/syslog_spec.rb +6 -10
- data/spec/unit/log/winevt_spec.rb +21 -13
- data/spec/unit/lwrp_spec.rb +9 -6
- data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
- data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
- data/spec/unit/mixin/powershell_out_spec.rb +2 -4
- data/spec/unit/mixin/powershell_type_coercions_spec.rb +1 -1
- data/spec/unit/mixin/securable_spec.rb +0 -1
- data/spec/unit/mixin/shell_out_spec.rb +25 -26
- data/spec/unit/mixin/subclass_directive_spec.rb +2 -2
- data/spec/unit/mixin/template_spec.rb +30 -30
- data/spec/unit/mixin/unformatter_spec.rb +2 -2
- data/spec/unit/mixin/uris_spec.rb +1 -1
- data/spec/unit/mixin/which.rb +8 -0
- data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
- data/spec/unit/node/immutable_collections_spec.rb +6 -2
- data/spec/unit/node_spec.rb +103 -16
- data/spec/unit/property_spec.rb +5 -5
- data/spec/unit/provider/batch_spec.rb +1 -1
- data/spec/unit/provider/cron/unix_spec.rb +1 -1
- data/spec/unit/provider/dsc_resource_spec.rb +22 -38
- data/spec/unit/provider/dsc_script_spec.rb +10 -10
- data/spec/unit/provider/execute_spec.rb +1 -8
- data/spec/unit/provider/git_spec.rb +3 -3
- data/spec/unit/provider/ifconfig_spec.rb +0 -1
- data/spec/unit/provider/mdadm_spec.rb +1 -3
- data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
- data/spec/unit/provider/package/openbsd_spec.rb +1 -1
- data/spec/unit/provider/package/pacman_spec.rb +17 -20
- data/spec/unit/provider/package/rubygems_spec.rb +5 -10
- data/spec/unit/provider/package/smartos_spec.rb +1 -1
- data/spec/unit/provider/package/windows/registry_uninstall_entry_spec.rb +3 -3
- data/spec/unit/provider/package/windows_spec.rb +30 -53
- data/spec/unit/provider/powershell_script_spec.rb +11 -4
- data/spec/unit/provider/remote_directory_spec.rb +9 -9
- data/spec/unit/provider/service/arch_service_spec.rb +3 -2
- data/spec/unit/provider/service/debian_service_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
- data/spec/unit/provider/service/macosx_spec.rb +3 -3
- data/spec/unit/provider/service/redhat_spec.rb +3 -3
- data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
- data/spec/unit/provider/service/windows_spec.rb +2 -6
- data/spec/unit/provider/systemd_unit_spec.rb +28 -24
- data/spec/unit/provider/user/dscl_spec.rb +2 -2
- data/spec/unit/provider/windows_env_spec.rb +5 -4
- data/spec/unit/provider_resolver_spec.rb +6 -6
- data/spec/unit/provider_spec.rb +1 -0
- data/spec/unit/resource/batch_spec.rb +6 -6
- data/spec/unit/resource/chef_client_cron_spec.rb +23 -7
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +7 -4
- data/spec/unit/resource/execute_spec.rb +123 -118
- data/spec/unit/resource/file/verification_spec.rb +2 -1
- data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
- data/spec/unit/resource/osx_profile_spec.rb +233 -0
- data/spec/unit/resource/powershell_script_spec.rb +11 -29
- data/spec/unit/resource/script_spec.rb +6 -1
- data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
- data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
- data/spec/unit/resource/windows_package_spec.rb +1 -0
- data/spec/unit/resource_reporter_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +25 -8
- data/spec/unit/role_spec.rb +30 -28
- data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
- data/spec/unit/run_lock_spec.rb +1 -1
- data/spec/unit/scan_access_control_spec.rb +1 -1
- data/spec/unit/server_api_spec.rb +43 -16
- data/spec/unit/util/backup_spec.rb +1 -1
- data/spec/unit/util/diff_spec.rb +1 -15
- data/spec/unit/util/powershell/ps_credential_spec.rb +2 -2
- data/spec/unit/util/selinux_spec.rb +2 -1
- data/spec/unit/win32/security_spec.rb +4 -3
- data/tasks/rspec.rb +1 -1
- metadata +53 -40
- data/lib/chef/provider/osx_profile.rb +0 -255
- data/spec/unit/provider/osx_profile_spec.rb +0 -255
@@ -24,6 +24,8 @@ require_relative "../json_compat"
|
|
24
24
|
class Chef
|
25
25
|
class Resource
|
26
26
|
class WindowsFirewallRule < Chef::Resource
|
27
|
+
unified_mode true
|
28
|
+
|
27
29
|
provides :windows_firewall_rule
|
28
30
|
|
29
31
|
description "Use the **windows_firewall_rule** resource to create, change or remove Windows firewall rules."
|
@@ -273,11 +275,11 @@ class Chef
|
|
273
275
|
requirements.assert(:create) do |a|
|
274
276
|
a.assertion do
|
275
277
|
if new_resource.icmp_type.is_a?(Integer)
|
276
|
-
(0..255).
|
278
|
+
(0..255).cover?(new_resource.icmp_type)
|
277
279
|
elsif new_resource.icmp_type.is_a?(String) && !new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
|
278
|
-
(0..255).
|
280
|
+
(0..255).cover?(new_resource.icmp_type.to_i)
|
279
281
|
elsif new_resource.icmp_type.is_a?(String) && new_resource.icmp_type.include?(":") && new_resource.protocol.start_with?("ICMP")
|
280
|
-
new_resource.icmp_type.split(":").all? { |type| (0..255).
|
282
|
+
new_resource.icmp_type.split(":").all? { |type| (0..255).cover?(type.to_i) }
|
281
283
|
else
|
282
284
|
true
|
283
285
|
end
|
@@ -21,6 +21,7 @@ class Chef
|
|
21
21
|
class Resource
|
22
22
|
class WindowsFont < Chef::Resource
|
23
23
|
require_relative "../util/path_helper"
|
24
|
+
unified_mode true
|
24
25
|
|
25
26
|
provides(:windows_font) { true }
|
26
27
|
|
@@ -98,8 +99,9 @@ class Chef
|
|
98
99
|
def font_exists?
|
99
100
|
require "win32ole" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
|
100
101
|
fonts_dir = WIN32OLE.new("WScript.Shell").SpecialFolders("Fonts")
|
102
|
+
fonts_dir_local = Chef::Util::PathHelper.join(ENV["home"], "AppData/Local/Microsoft/Windows/fonts")
|
101
103
|
logger.trace("Seeing if the font at #{Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)} exists")
|
102
|
-
::File.exist?(Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name))
|
104
|
+
::File.exist?(Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)) || ::File.exist?(Chef::Util::PathHelper.join(fonts_dir_local, new_resource.font_name))
|
103
105
|
end
|
104
106
|
|
105
107
|
# Parse out the schema provided to us to see if it's one we support via remote_file.
|
@@ -20,6 +20,8 @@ require_relative "../resource"
|
|
20
20
|
class Chef
|
21
21
|
class Resource
|
22
22
|
class WindowsPagefile < Chef::Resource
|
23
|
+
unified_mode true
|
24
|
+
|
23
25
|
provides(:windows_pagefile) { true }
|
24
26
|
|
25
27
|
description "Use the **windows_pagefile** resource to configure pagefile settings on Windows."
|
@@ -109,6 +111,8 @@ class Chef
|
|
109
111
|
end
|
110
112
|
|
111
113
|
action_class do
|
114
|
+
private
|
115
|
+
|
112
116
|
# make sure the provided name property matches the appropriate format
|
113
117
|
# we do this here and not in the property itself because if automatic_managed
|
114
118
|
# is set then this validation is not necessary / doesn't make sense at all
|
@@ -22,6 +22,8 @@ require_relative "../resource"
|
|
22
22
|
class Chef
|
23
23
|
class Resource
|
24
24
|
class WindowsPrinter < Chef::Resource
|
25
|
+
unified_mode true
|
26
|
+
|
25
27
|
require "resolv"
|
26
28
|
|
27
29
|
provides(:windows_printer) { true }
|
@@ -79,31 +81,17 @@ class Chef
|
|
79
81
|
validation_message: "The ipv4_address property must be in the IPv4 format of `WWW.XXX.YYY.ZZZ`",
|
80
82
|
regex: Resolv::IPv4::Regex
|
81
83
|
|
82
|
-
property :exists, [TrueClass, FalseClass],
|
83
|
-
skip_docs: true
|
84
|
-
|
85
84
|
PRINTERS_REG_KEY = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\'.freeze unless defined?(PRINTERS_REG_KEY)
|
86
85
|
|
87
|
-
# does the printer exist
|
88
|
-
#
|
89
|
-
# @param [String] name the name of the printer
|
90
|
-
# @return [Boolean]
|
91
|
-
def printer_exists?(name)
|
92
|
-
printer_reg_key = PRINTERS_REG_KEY + name
|
93
|
-
logger.trace "Checking to see if this reg key exists: '#{printer_reg_key}'"
|
94
|
-
registry_key_exists?(printer_reg_key)
|
95
|
-
end
|
96
|
-
|
97
86
|
# @todo Set @current_resource printer properties from registry
|
98
87
|
load_current_value do |desired|
|
99
88
|
name desired.name
|
100
|
-
exists printer_exists?(desired.name)
|
101
89
|
end
|
102
90
|
|
103
91
|
action :create do
|
104
92
|
description "Create a new printer and a printer port if one doesn't already exist."
|
105
93
|
|
106
|
-
if
|
94
|
+
if printer_exists?
|
107
95
|
Chef::Log.info "#{@new_resource} already exists - nothing to do."
|
108
96
|
else
|
109
97
|
converge_by("Create #{@new_resource}") do
|
@@ -115,7 +103,7 @@ class Chef
|
|
115
103
|
action :delete do
|
116
104
|
description "Delete an existing printer. Note this does not delete the associated printer port."
|
117
105
|
|
118
|
-
if
|
106
|
+
if printer_exists?
|
119
107
|
converge_by("Delete #{@new_resource}") do
|
120
108
|
delete_printer
|
121
109
|
end
|
@@ -125,11 +113,22 @@ class Chef
|
|
125
113
|
end
|
126
114
|
|
127
115
|
action_class do
|
116
|
+
private
|
117
|
+
|
118
|
+
# does the printer exist
|
119
|
+
#
|
120
|
+
# @param [String] name the name of the printer
|
121
|
+
# @return [Boolean]
|
122
|
+
def printer_exists?
|
123
|
+
printer_reg_key = PRINTERS_REG_KEY + new_resource.name
|
124
|
+
logger.trace "Checking to see if this reg key exists: '#{printer_reg_key}'"
|
125
|
+
registry_key_exists?(printer_reg_key)
|
126
|
+
end
|
127
|
+
|
128
128
|
# creates the printer port and then the printer
|
129
129
|
def create_printer
|
130
130
|
# Create the printer port first
|
131
|
-
windows_printer_port new_resource.ipv4_address
|
132
|
-
end
|
131
|
+
windows_printer_port new_resource.ipv4_address
|
133
132
|
|
134
133
|
port_name = "IP_#{new_resource.ipv4_address}"
|
135
134
|
|
@@ -22,6 +22,8 @@ require_relative "../resource"
|
|
22
22
|
class Chef
|
23
23
|
class Resource
|
24
24
|
class WindowsPrinterPort < Chef::Resource
|
25
|
+
unified_mode true
|
26
|
+
|
25
27
|
require "resolv"
|
26
28
|
|
27
29
|
provides(:windows_printer_port) { true }
|
@@ -82,30 +84,19 @@ class Chef
|
|
82
84
|
validation_message: "port_protocol must be either 1 for RAW or 2 for LPR!",
|
83
85
|
default: 1, equal_to: [1, 2]
|
84
86
|
|
85
|
-
property :exists, [TrueClass, FalseClass],
|
86
|
-
skip_docs: true
|
87
|
-
|
88
87
|
PORTS_REG_KEY = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\\'.freeze unless defined?(PORTS_REG_KEY)
|
89
88
|
|
90
|
-
def port_exists?(name)
|
91
|
-
port_reg_key = PORTS_REG_KEY + name
|
92
|
-
|
93
|
-
logger.trace "Checking to see if this reg key exists: '#{port_reg_key}'"
|
94
|
-
registry_key_exists?(port_reg_key)
|
95
|
-
end
|
96
|
-
|
97
89
|
# @todo Set @current_resource port properties from registry
|
98
90
|
load_current_value do |desired|
|
99
91
|
name desired.name
|
100
92
|
ipv4_address desired.ipv4_address
|
101
93
|
port_name desired.port_name || "IP_#{desired.ipv4_address}"
|
102
|
-
exists port_exists?(desired.port_name || "IP_#{desired.ipv4_address}")
|
103
94
|
end
|
104
95
|
|
105
96
|
action :create do
|
106
97
|
description "Create the new printer port if it does not already exist."
|
107
98
|
|
108
|
-
if
|
99
|
+
if port_exists?
|
109
100
|
Chef::Log.info "#{@new_resource} already exists - nothing to do."
|
110
101
|
else
|
111
102
|
converge_by("Create #{@new_resource}") do
|
@@ -117,7 +108,7 @@ class Chef
|
|
117
108
|
action :delete do
|
118
109
|
description "Delete an existing printer port."
|
119
110
|
|
120
|
-
if
|
111
|
+
if port_exists?
|
121
112
|
converge_by("Delete #{@new_resource}") do
|
122
113
|
delete_printer_port
|
123
114
|
end
|
@@ -127,6 +118,16 @@ class Chef
|
|
127
118
|
end
|
128
119
|
|
129
120
|
action_class do
|
121
|
+
private
|
122
|
+
|
123
|
+
def port_exists?
|
124
|
+
name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
|
125
|
+
port_reg_key = PORTS_REG_KEY + name
|
126
|
+
|
127
|
+
logger.trace "Checking to see if this reg key exists: '#{port_reg_key}'"
|
128
|
+
registry_key_exists?(port_reg_key)
|
129
|
+
end
|
130
|
+
|
130
131
|
def create_printer_port
|
131
132
|
port_name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
|
132
133
|
|
@@ -21,6 +21,8 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsSecurityPolicy < Chef::Resource
|
24
|
+
unified_mode true
|
25
|
+
|
24
26
|
provides :windows_security_policy
|
25
27
|
|
26
28
|
# The valid policy_names options found here
|
@@ -80,13 +82,55 @@ class Chef
|
|
80
82
|
property :secvalue, String, required: true,
|
81
83
|
description: "Policy value to be set for policy name."
|
82
84
|
|
85
|
+
load_current_value do |desired|
|
86
|
+
powershell_code = <<-CODE
|
87
|
+
C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\secopts_export.inf | Out-Null
|
88
|
+
# cspell:disable-next-line
|
89
|
+
$security_options_data = (Get-Content $env:TEMP\\secopts_export.inf | Select-String -Pattern "^[CEFLMNPR].* =.*$" | Out-String)
|
90
|
+
Remove-Item $env:TEMP\\secopts_export.inf -force
|
91
|
+
$security_options_hash = ($security_options_data -Replace '"'| ConvertFrom-StringData)
|
92
|
+
([PSCustomObject]@{
|
93
|
+
RequireLogonToChangePassword = $security_options_hash.RequireLogonToChangePassword
|
94
|
+
PasswordComplexity = $security_options_hash.PasswordComplexity
|
95
|
+
LSAAnonymousNameLookup = $security_options_hash.LSAAnonymousNameLookup
|
96
|
+
EnableAdminAccount = $security_options_hash.EnableAdminAccount
|
97
|
+
PasswordHistorySize = $security_options_hash.PasswordHistorySize
|
98
|
+
MinimumPasswordLength = $security_options_hash.MinimumPasswordLength
|
99
|
+
ResetLockoutCount = $security_options_hash.ResetLockoutCount
|
100
|
+
MaximumPasswordAge = $security_options_hash.MaximumPasswordAge
|
101
|
+
ClearTextPassword = $security_options_hash.ClearTextPassword
|
102
|
+
NewAdministratorName = $security_options_hash.NewAdministratorName
|
103
|
+
LockoutDuration = $security_options_hash.LockoutDuration
|
104
|
+
EnableGuestAccount = $security_options_hash.EnableGuestAccount
|
105
|
+
ForceLogoffWhenHourExpire = $security_options_hash.ForceLogoffWhenHourExpire
|
106
|
+
MinimumPasswordAge = $security_options_hash.MinimumPasswordAge
|
107
|
+
NewGuestName = $security_options_hash.NewGuestName
|
108
|
+
LockoutBadCount = $security_options_hash.LockoutBadCount
|
109
|
+
}) | ConvertTo-Json
|
110
|
+
CODE
|
111
|
+
output = powershell_out(powershell_code)
|
112
|
+
current_value_does_not_exist! if output.stdout.empty?
|
113
|
+
state = Chef::JSONCompat.from_json(output.stdout)
|
114
|
+
|
115
|
+
if desired.secoption == "ResetLockoutCount" || desired.secoption == "LockoutDuration"
|
116
|
+
if state["LockoutBadCount"] == "0"
|
117
|
+
raise Chef::Exceptions::ValidationFailed.new "#{desired.secoption} cannot be set unless the \"LockoutBadCount\" security policy has been set to a non-zero value"
|
118
|
+
else
|
119
|
+
secvalue state[desired.secoption.to_s]
|
120
|
+
end
|
121
|
+
else
|
122
|
+
secvalue state[desired.secoption.to_s]
|
123
|
+
end
|
124
|
+
end
|
125
|
+
|
83
126
|
action :set do
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
127
|
+
converge_if_changed :secvalue do
|
128
|
+
security_option = new_resource.secoption
|
129
|
+
security_value = new_resource.secvalue
|
130
|
+
|
131
|
+
cmd = <<-EOH
|
89
132
|
$security_option = "#{security_option}"
|
133
|
+
C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
|
90
134
|
if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") )
|
91
135
|
{
|
92
136
|
$#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content $env:TEMP\\#{security_option}_Export.inf
|
@@ -99,21 +143,8 @@ class Chef
|
|
99
143
|
}
|
100
144
|
Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
|
101
145
|
EOH
|
102
|
-
|
103
|
-
|
104
|
-
$ExportAudit = (Get-Content $env:TEMP\\#{security_option}_Export.inf | Select-String -Pattern #{security_option})
|
105
|
-
$check_digit = $ExportAudit -match '#{security_option} = #{security_value}'
|
106
|
-
$check_string = $ExportAudit -match '#{security_option} = "#{security_value}"'
|
107
|
-
if ( $check_string -Or $check_digit )
|
108
|
-
{
|
109
|
-
Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
|
110
|
-
$true
|
111
|
-
}
|
112
|
-
else
|
113
|
-
{
|
114
|
-
$false
|
115
|
-
}
|
116
|
-
EOH
|
146
|
+
|
147
|
+
powershell_out!(cmd)
|
117
148
|
end
|
118
149
|
end
|
119
150
|
end
|
@@ -26,6 +26,8 @@ require_relative "../util/path_helper"
|
|
26
26
|
class Chef
|
27
27
|
class Resource
|
28
28
|
class WindowsShare < Chef::Resource
|
29
|
+
unified_mode true
|
30
|
+
|
29
31
|
provides :windows_share
|
30
32
|
|
31
33
|
description "Use the **windows_share** resource to create, modify and remove Windows shares."
|
@@ -59,7 +61,7 @@ class Chef
|
|
59
61
|
# Specifies the path of the location of the folder to share. The path must be fully qualified. Relative paths or paths that contain wildcard characters are not permitted.
|
60
62
|
property :path, String,
|
61
63
|
description: "The path of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created.",
|
62
|
-
coerce: proc { |p| p.
|
64
|
+
coerce: proc { |p| p.tr("/", "\\") || p }
|
63
65
|
|
64
66
|
# Specifies an optional description of the SMB share. A description of the share is displayed by running the Get-SmbShare cmdlet. The description may not contain more than 256 characters.
|
65
67
|
property :description, String,
|
@@ -117,8 +119,6 @@ class Chef
|
|
117
119
|
# Specifies which files and folders in the SMB share are visible to users. AccessBased: SMB does not the display the files and folders for a share to a user unless that user has rights to access the files and folders. By default, access-based enumeration is disabled for new SMB shares. Unrestricted: SMB displays files and folders to a user even when the user does not have permission to access the items.
|
118
120
|
# property :folder_enumeration_mode, String, equal_to: %(AccessBased Unrestricted)
|
119
121
|
|
120
|
-
include Chef::Mixin::PowershellOut
|
121
|
-
|
122
122
|
load_current_value do |desired|
|
123
123
|
# this command selects individual objects because EncryptData & CachingMode have underlying
|
124
124
|
# types that get converted to their Integer values by ConvertTo-Json & we need to make sure
|
@@ -233,6 +233,8 @@ class Chef
|
|
233
233
|
end
|
234
234
|
|
235
235
|
action_class do
|
236
|
+
private
|
237
|
+
|
236
238
|
def different_path?
|
237
239
|
return false if current_resource.nil? # going from nil to something isn't different for our concerns
|
238
240
|
return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path)
|
@@ -21,6 +21,8 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsShortcut < Chef::Resource
|
24
|
+
unified_mode true
|
25
|
+
|
24
26
|
provides(:windows_shortcut) { true }
|
25
27
|
|
26
28
|
description "Use the **windows_shortcut** resource to create shortcut files on Windows."
|
@@ -20,6 +20,8 @@ require_relative "../resource"
|
|
20
20
|
class Chef
|
21
21
|
class Resource
|
22
22
|
class WindowsUac < Chef::Resource
|
23
|
+
unified_mode true
|
24
|
+
|
23
25
|
provides :windows_uac
|
24
26
|
|
25
27
|
description 'The *windows_uac* resource configures UAC on Windows hosts by setting registry keys at `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`'
|
@@ -21,6 +21,8 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsUserPrivilege < Chef::Resource
|
24
|
+
unified_mode true
|
25
|
+
|
24
26
|
privilege_opts = %w{SeTrustedCredManAccessPrivilege
|
25
27
|
SeNetworkLogonRight
|
26
28
|
SeTcbPrivilege
|
@@ -112,6 +114,15 @@ class Chef
|
|
112
114
|
action :remove
|
113
115
|
end
|
114
116
|
```
|
117
|
+
|
118
|
+
**Clear all users from the SeDenyNetworkLogonRight Privilege**:
|
119
|
+
|
120
|
+
```ruby
|
121
|
+
windows_user_privilege 'Allow any user the Network Logon right' do
|
122
|
+
privilege 'SeDenyNetworkLogonRight'
|
123
|
+
action :clear
|
124
|
+
end
|
125
|
+
```
|
115
126
|
DOC
|
116
127
|
|
117
128
|
property :principal, String,
|
@@ -132,8 +143,8 @@ class Chef
|
|
132
143
|
}
|
133
144
|
|
134
145
|
load_current_value do |new_resource|
|
135
|
-
|
136
|
-
privilege Chef::ReservedNames::Win32::Security.get_account_right(new_resource.principal)
|
146
|
+
if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove))
|
147
|
+
privilege Chef::ReservedNames::Win32::Security.get_account_right(new_resource.principal)
|
137
148
|
end
|
138
149
|
end
|
139
150
|
|
@@ -180,6 +191,20 @@ class Chef
|
|
180
191
|
end
|
181
192
|
end
|
182
193
|
|
194
|
+
action :clear do
|
195
|
+
new_resource.privilege.each do |privilege|
|
196
|
+
accounts = Chef::ReservedNames::Win32::Security.get_account_with_user_rights(privilege)
|
197
|
+
|
198
|
+
# comparing the existing accounts for privilege with users
|
199
|
+
# Removing only accounts which is not matching with users in new_resource
|
200
|
+
accounts.each do |account|
|
201
|
+
converge_by("removing user '#{account}' from privilege #{privilege}") do
|
202
|
+
Chef::ReservedNames::Win32::Security.remove_account_right(account, privilege)
|
203
|
+
end
|
204
|
+
end
|
205
|
+
end
|
206
|
+
end
|
207
|
+
|
183
208
|
action :remove do
|
184
209
|
curr_res_privilege = current_resource.privilege
|
185
210
|
missing_res_privileges = (new_resource.privilege - curr_res_privilege)
|
@@ -16,7 +16,6 @@
|
|
16
16
|
#
|
17
17
|
|
18
18
|
require_relative "../resource"
|
19
|
-
require_relative "../mixin/powershell_out"
|
20
19
|
require_relative "../dist"
|
21
20
|
|
22
21
|
class Chef
|
@@ -24,8 +23,6 @@ class Chef
|
|
24
23
|
class WindowsWorkgroup < Chef::Resource
|
25
24
|
provides :windows_workgroup
|
26
25
|
|
27
|
-
include Chef::Mixin::PowershellOut
|
28
|
-
|
29
26
|
description "Use the **windows_workgroup** resource to join or change the workgroup of a Windows host."
|
30
27
|
introduced "14.5"
|
31
28
|
examples <<~DOC
|
@@ -57,6 +54,7 @@ class Chef
|
|
57
54
|
|
58
55
|
property :password, String,
|
59
56
|
description: "The password for the local administrator user. Required if using the `user` property.",
|
57
|
+
sensitive: true,
|
60
58
|
desired_state: false
|
61
59
|
|
62
60
|
property :reboot, Symbol,
|
@@ -83,6 +81,7 @@ class Chef
|
|
83
81
|
end
|
84
82
|
|
85
83
|
# define this again so we can default it to true. Otherwise failures print the password
|
84
|
+
# FIXME: this should now be unnecessary with the password property itself marked sensitive?
|
86
85
|
property :sensitive, [TrueClass, FalseClass],
|
87
86
|
default: true, desired_state: false
|
88
87
|
|