chef 16.2.50-universal-mingw32 → 16.4.38-universal-mingw32

data/lib/chef/resource/homebrew_update.rb

@@ -86,7 +86,7 @@ class Chef
       end
 
       action :periodic do
-        return unless mac_os_x?
+        return unless macos?
 
         unless brew_up_to_date?
           converge_by "update new lists of packages" do
@@ -96,7 +96,7 @@ class Chef
       end
 
       action :update do
-        return unless mac_os_x?
+        return unless macos?
 
         converge_by "force update new lists of packages" do
           do_update

data/lib/chef/resource/hostname.rb

@@ -87,8 +87,7 @@ class Chef
         def updated_ec2_config_xml
           begin
             require "rexml/document" unless defined?(REXML::Document)
-            config_file = 'C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml'
-            config = REXML::Document.new(::File.read(config_file))
+            config = REXML::Document.new(::File.read(WINDOWS_EC2_CONFIG))
             # find an element named State with a sibling element whose value is Ec2SetComputerName
             REXML::XPath.each(config, "//Plugin/State[../Name/text() = 'Ec2SetComputerName']") do |element|
               element.text = "Disabled"
@@ -223,35 +222,36 @@ class Chef
           end
 
         else # windows
+          WINDOWS_EC2_CONFIG = 'C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml'.freeze
+
           raise "Windows hostnames cannot contain a period." if new_resource.hostname.match?(/\./)
 
           # suppress EC2 config service from setting our hostname
-          if ::File.exist?('C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml')
+          if ::File.exist?(WINDOWS_EC2_CONFIG)
             xml_contents = updated_ec2_config_xml
             if xml_contents.empty?
               Chef::Log.warn('Unable to properly parse and update C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml contents. Skipping file update.')
             else
-              declare_resource(:file, 'C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml') do
+              file WINDOWS_EC2_CONFIG do
                 content xml_contents
               end
             end
           end
 
-          # update via netdom
-          declare_resource(:powershell_script, "set hostname") do
-            code <<-EOH
-              $sysInfo = Get-WmiObject -Class Win32_ComputerSystem
-              $sysInfo.Rename("#{new_resource.hostname}")
-            EOH
-            notifies :request_reboot, "reboot[setting hostname]"
-            not_if { Socket.gethostbyname(Socket.gethostname).first == new_resource.hostname }
-          end
+          unless Socket.gethostbyname(Socket.gethostname).first == new_resource.hostname
+            converge_by "set hostname to #{new_resource.hostname}" do
+              powershell_out! <<~EOH
+                $sysInfo = Get-WmiObject -Class Win32_ComputerSystem
+                $sysInfo.Rename("#{new_resource.hostname}")
+              EOH
+            end
 
-          # reboot because $windows
-          declare_resource(:reboot, "setting hostname") do
-            reason "#{Chef::Dist::PRODUCT} updated system hostname"
-            action :nothing
-            only_if { new_resource.windows_reboot }
+            # reboot because $windows
+            reboot "setting hostname" do
+              reason "#{Chef::Dist::PRODUCT} updated system hostname"
+              only_if { new_resource.windows_reboot }
+              action :request_reboot
+            end
           end
         end
       end

data/lib/chef/resource/launchd.rb

@@ -68,7 +68,7 @@ class Chef
       # check.  According to `man 5 launchd.plist`:
       #   StartCalendarInterval <dictionary of integers or array of dictionaries of integers>
       #     ... Missing arguments are considered to be wildcard.
-      # What the man page doesn't state, but what was observed (OSX 10.11.5, launchctrl v3.4.0)
+      # What the man page doesn't state, but what was observed (OSX 10.11.5, launchctl v3.4.0)
       # Is that keys that are specified, but invalid, will also be treated as a wildcard
       # this means that an entry like:
       #   { "Hour"=>0, "Weekday"=>"6-7"}

data/lib/chef/resource/lwrp_base.rb

@@ -103,6 +103,7 @@ class Chef
         protected
 
         attr_writer :loaded_lwrps
+
         def loaded_lwrps
           @loaded_lwrps ||= {}
         end

data/lib/chef/resource/macos_userdefaults.rb

@@ -16,6 +16,8 @@
 #
 
 require_relative "../resource"
+require_relative "../dist"
+require "plist"
 
 class Chef
   class Resource
@@ -28,99 +30,210 @@ class Chef
 
       description "Use the **macos_userdefaults** resource to manage the macOS user defaults system. The properties of this resource are passed to the defaults command, and the parameters follow the convention of that command. See the defaults(1) man page for details on how the tool works."
       introduced "14.0"
+      examples <<~DOC
+        **Specify a global domain value**
+
+        ```ruby
+        macos_userdefaults 'Full keyboard access to all controls' do
+          key 'AppleKeyboardUIMode'
+          value 2
+        end
+        ```
+
+        **Setting a value on a specific domain**
+
+        ```ruby
+        macos_userdefaults 'Enable macOS firewall' do
+          domain '/Library/Preferences/com.apple.alf'
+          key 'globalstate'
+          value 1
+        end
+        ```
+
+        **Specifying the type of a key to skip automatic type detection**
+
+        ```ruby
+        macos_userdefaults 'Finder expanded save dialogs' do
+          key 'NSNavPanelExpandedStateForSaveMode'
+          value 'TRUE'
+          type 'bool'
+        end
+        ```
+      DOC
 
       property :domain, String,
         description: "The domain that the user defaults belong to.",
-        required: true
+        default: "NSGlobalDomain",
+        default_description: "NSGlobalDomain: the global domain.",
+        desired_state: false
 
       property :global, [TrueClass, FalseClass],
         description: "Determines whether or not the domain is global.",
-        default: false
+        deprecated: true,
+        default: false,
+        desired_state: false
 
       property :key, String,
-        description: "The preference key."
+        description: "The preference key.",
+        required: true
+
+      property :host, [String, Symbol],
+        description: "Set either :current or a hostname to set the user default at the host level.",
+        desired_state: false,
+        introduced: "16.3"
 
       property :value, [Integer, Float, String, TrueClass, FalseClass, Hash, Array],
-        description: "The value of the key.",
-        required: true
+        description: "The value of the key. Note: With the `type` property set to `bool`, `String` forms of Boolean true/false values that Apple accepts in the defaults command will be coerced: 0/1, 'TRUE'/'FALSE,' 'true'/false', 'YES'/'NO', or 'yes'/'no'.",
+        required: [:write],
+        coerce: proc { |v| v.is_a?(Hash) ? v.transform_keys(&:to_s) : v } # make sure keys are all strings for comparison
 
       property :type, String,
         description: "The value type of the preference key.",
-        default: ""
+        equal_to: %w{bool string int float array dict},
+        desired_state: false
 
       property :user, String,
-        description: "The system user that the default will be applied to."
+        description: "The system user that the default will be applied to.",
+        desired_state: false
 
       property :sudo, [TrueClass, FalseClass],
-        description: "Set to true if the setting you wish to modify requires privileged access.",
+        description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the '/usr/bin/defaults' command to be setup for the user running #{Chef::Dist::PRODUCT}.",
         default: false,
         desired_state: false
 
-      # @todo this should get refactored away: https://github.com/chef/chef/issues/7622
-      property :is_set, [TrueClass, FalseClass],
-        default: false,
-        desired_state: false,
-        skip_docs: true
+      load_current_value do |desired|
+        Chef::Log.debug "#load_current_value: shelling out \"#{defaults_export_cmd(desired).join(" ")}\" to determine state"
+        state = shell_out(defaults_export_cmd(desired), user: desired.user)
 
-      # coerce various ways of representing a boolean into either 0 (false) or 1 (true)
-      # which is what the defaults CLI expects. Why? Well defaults itself accepts a few
-      # different formats, but when you do a read command it all comes back as 1 or 0.
-      def coerce_booleans(val)
-        return 1 if [true, "TRUE", "1", "true", "YES", "yes"].include?(val)
-        return 0 if [false, "FALSE", "0", "false", "NO", "no"].include?(val)
+        if state.error? || state.stdout.empty?
+          Chef::Log.debug "#load_current_value: #{defaults_export_cmd(desired).join(" ")} returned stdout: #{state.stdout} and stderr: #{state.stderr}"
+          current_value_does_not_exist!
+        end
+
+        plist_data = ::Plist.parse_xml(state.stdout)
+
+        # handle the situation where the key doesn't exist in the domain
+        if plist_data.key?(desired.key)
+          key desired.key
+        else
+          current_value_does_not_exist!
+        end
 
-        val
+        value plist_data[desired.key]
       end
 
-      load_current_value do |desired|
-        value = coerce_booleans(desired.value)
-        cmd = "defaults read '#{desired.domain}' "
-        cmd << "'#{desired.key}' " if desired.key
-        cmd << " | grep -qx '#{value}'"
-
-        vc = if desired.user.nil?
-               shell_out(cmd)
-             else
-               shell_out(cmd, user: desired.user)
-             end
-
-        is_set !vc.error?
+      #
+      # The defaults command to export a domain
+      #
+      # @return [Array] defaults command
+      #
+      def defaults_export_cmd(resource)
+        state_cmd = ["/usr/bin/defaults"]
+
+        if resource.host == "current"
+          state_cmd.concat(["-currentHost"])
+        elsif resource.host # they specified a non-nil value, which is a hostname
+          state_cmd.concat(["-host", resource.host])
+        end
+
+        state_cmd.concat(["export", resource.domain, "-"])
+        state_cmd
       end
 
       action :write do
-        description "Write the setting to the specified domain"
-
-        unless current_resource.is_set
-          cmd = ["defaults write"]
-          cmd.unshift("sudo") if new_resource.sudo
-
-          cmd << if new_resource.global
-                   "NSGlobalDomain"
-                 else
-                   "'#{new_resource.domain}'"
-                 end
-
-          cmd << "'#{new_resource.key}'" if new_resource.key
-          value = new_resource.value
-          type = new_resource.type.empty? ? value_type(value) : new_resource.type
-          # creates a string of Key1 Value1 Key2 Value2...
-          value = value.map { |k, v| "\"#{k}\" \"#{v}\"" }.join(" ") if type == "dict"
-          if type == "array"
-            value = value.join("' '")
-            value = "'#{value}'"
-          end
-          cmd << "-#{type}" if type
-          cmd << value
+        description "Write the value to the specified domain/key."
 
-          # FIXME: this should use cmd directly as an array argument, but then the quoting
-          # of individual args above needs to be removed as well.
-          execute cmd.join(" ") do
-            user new_resource.user unless new_resource.user.nil?
-          end
+        converge_if_changed do
+          cmd = defaults_modify_cmd
+          Chef::Log.debug("Updating defaults value by shelling out: #{cmd.join(" ")}")
+
+          shell_out!(cmd, user: new_resource.user)
+        end
+      end
+
+      action :delete do
+        description "Delete a key from a domain."
+
+        # if it's not there there's nothing to remove
+        return unless current_resource
+
+        converge_by("delete domain:#{new_resource.domain} key:#{new_resource.key}") do
+
+          cmd = defaults_modify_cmd
+          Chef::Log.debug("Removing defaults key by shelling out: #{cmd.join(" ")}")
+
+          shell_out!(cmd, user: new_resource.user)
         end
       end
 
       action_class do
+        #
+        # The command used to write or delete delete values from domains
+        #
+        # @return [Array] Array representation of defaults command to run
+        #
+        def defaults_modify_cmd
+          cmd = ["/usr/bin/defaults"]
+
+          if new_resource.host == :current
+            cmd.concat(["-currentHost"])
+          elsif new_resource.host # they specified a non-nil value, which is a hostname
+            cmd.concat(["-host", new_resource.host])
+          end
+
+          cmd.concat([action.to_s, new_resource.domain, new_resource.key])
+          cmd.concat(processed_value) if action == :write
+          cmd.prepend("sudo") if new_resource.sudo
+          cmd
+        end
+
+        #
+        # convert the provided value into the format defaults expects
+        #
+        # @return [array] array of values starting with the type if applicable
+        #
+        def processed_value
+          type = new_resource.type || value_type(new_resource.value)
+
+          # when dict this creates an array of values ["Key1", "Value1", "Key2", "Value2" ...]
+          cmd_values = ["-#{type}"]
+
+          case type
+          when "dict"
+            cmd_values.concat(new_resource.value.flatten)
+          when "array"
+            cmd_values.concat(new_resource.value)
+          when "bool"
+            cmd_values.concat(bool_to_defaults_bool(new_resource.value))
+          else
+            cmd_values.concat([new_resource.value])
+          end
+
+          cmd_values
+        end
+
+        #
+        # defaults booleans on the CLI must be 'TRUE' or 'FALSE' so convert various inputs to that
+        #
+        # @param [String, Integer, Boolean] input <description>
+        #
+        # @return [String] TRUE or FALSE
+        #
+        def bool_to_defaults_bool(input)
+          return ["TRUE"] if [true, "TRUE", "1", "true", "YES", "yes"].include?(input)
+          return ["FALSE"] if [false, "FALSE", "0", "false", "NO", "no"].include?(input)
+
+          # make sure it's very clear bad input was given
+          raise ArgumentError, "#{input} cannot be converted to a boolean value for use with Apple's defaults command. Acceptable values are: 'TRUE', 'YES', 'true, 'yes', '0', true, 'FALSE', 'false', 'NO', 'no', '1', or false."
+        end
+
+        #
+        # convert ruby type to defaults type
+        #
+        # @param [Integer, Float, String, TrueClass, FalseClass, Hash, Array] value The value being set
+        #
+        # @return [string, nil] the type value used by defaults or nil if not applicable
+        #
         def value_type(value)
           case value
           when true, false
@@ -133,6 +246,8 @@ class Chef
             "dict"
           when Array
             "array"
+          when String
+            "string"
           end
         end
       end

data/lib/chef/resource/openssl_dhparam.rb

@@ -23,6 +23,8 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
+      unified_mode true
+
       provides(:openssl_dhparam) { true }
 
       description "Use the **openssl_dhparam** resource to generate dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten."

data/lib/chef/resource/openssl_ec_private_key.rb

@@ -24,6 +24,8 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
+      unified_mode true
+
       provides :openssl_ec_private_key
 
       description "Use the **openssl_ec_private_key** resource to generate an elliptic curve (EC) private key file. If a valid EC key file can be opened at the specified location, no new file will be created. If the EC key file cannot be opened, either because it does not exist or because the password to the EC key file does not match the password in the recipe, then it will be overwritten."

data/lib/chef/resource/openssl_ec_public_key.rb

@@ -24,6 +24,8 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
+      unified_mode true
+
       provides :openssl_ec_public_key
 
       description "Use the **openssl_ec_public_key** resource to generate elliptic curve (EC) public key files from a given EC private key."

data/lib/chef/resource/openssl_rsa_private_key.rb

@@ -23,6 +23,8 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
+      unified_mode true
+
       provides(:openssl_rsa_private_key) { true }
       provides(:openssl_rsa_key) { true } # legacy cookbook resource name
 

data/lib/chef/resource/openssl_rsa_public_key.rb

@@ -23,6 +23,8 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
+      unified_mode true
+
       provides(:openssl_rsa_public_key) { true }
 
       examples <<~DOC

data/lib/chef/resource/openssl_x509_certificate.rb

@@ -24,6 +24,8 @@ class Chef
       require_relative "../mixin/openssl_helper"
       include Chef::Mixin::OpenSSLHelper
 
+      unified_mode true
+
       provides :openssl_x509_certificate
       provides(:openssl_x509) { true } # legacy cookbook name.
 
@@ -161,7 +163,7 @@ class Chef
           content cert.to_pem
         end
 
-        if !new_resource.renew_before_expiry.nil? && cert_need_renewall?(new_resource.path, new_resource.renew_before_expiry)
+        if !new_resource.renew_before_expiry.nil? && cert_need_renewal?(new_resource.path, new_resource.renew_before_expiry)
           file new_resource.path do
             action :create
             owner new_resource.owner unless new_resource.owner.nil?
@@ -173,7 +175,7 @@ class Chef
         end
 
         if new_resource.csr_file.nil?
-          file new_resource.key_file do
+          file key_file do
             action :create_if_missing
             owner new_resource.owner unless new_resource.owner.nil?
             group new_resource.group unless new_resource.group.nil?
@@ -185,54 +187,53 @@ class Chef
       end
 
       action_class do
-        def generate_key_file
-          unless new_resource.key_file
-            path, file = ::File.split(new_resource.path)
-            filename = ::File.basename(file, ::File.extname(file))
-            new_resource.key_file path + "/" + filename + ".key"
-          end
-          new_resource.key_file
+        def key_file
+          @key_file ||=
+            if new_resource.key_file
+              new_resource.key_file
+            else
+              path, file = ::File.split(new_resource.path)
+              filename = ::File.basename(file, ::File.extname(file))
+              path + "/" + filename + ".key"
+            end
         end
 
         def key
-          @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
-                     OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
+          @key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
+                     OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
                    elsif new_resource.key_type == "rsa"
                      gen_rsa_priv_key(new_resource.key_length)
                    else
                      gen_ec_priv_key(new_resource.key_curve)
                    end
-          @key
         end
 
         def request
-          request = if new_resource.csr_file.nil?
-                      gen_x509_request(subject, key)
-                    else
-                      OpenSSL::X509::Request.new ::File.read(new_resource.csr_file)
-                    end
-          request
+          if new_resource.csr_file.nil?
+            gen_x509_request(subject, key)
+          else
+            OpenSSL::X509::Request.new ::File.read(new_resource.csr_file)
+          end
         end
 
         def subject
-          subject = OpenSSL::X509::Name.new
-          subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
-          subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
-          subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
-          subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
-          subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
-          subject.add_entry("CN", new_resource.common_name)
-          subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
-          subject
+          OpenSSL::X509::Name.new.tap do |csr_subject|
+            csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
+            csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
+            csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
+            csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
+            csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
+            csr_subject.add_entry("CN", new_resource.common_name)
+            csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
+          end
         end
 
         def ca_private_key
-          ca_private_key = if new_resource.csr_file.nil?
-                             key
-                           else
-                             OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
-                           end
-          ca_private_key
+          if new_resource.csr_file.nil?
+            key
+          else
+            OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
+          end
         end
 
         def ca_info
@@ -258,8 +259,7 @@ class Chef
         end
 
         def cert
-          cert = gen_x509_cert(request, extensions, ca_info, ca_private_key)
-          cert
+          gen_x509_cert(request, extensions, ca_info, ca_private_key)
         end
       end
     end