chef 16.2.73-universal-mingw32 → 16.4.41-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (316) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +4 -4
  3. data/Rakefile +1 -1
  4. data/chef-universal-mingw32.gemspec +2 -3
  5. data/chef.gemspec +2 -1
  6. data/lib/chef/action_collection.rb +4 -0
  7. data/lib/chef/api_client/registration.rb +2 -2
  8. data/lib/chef/application.rb +13 -1
  9. data/lib/chef/application/apply.rb +5 -5
  10. data/lib/chef/application/windows_service.rb +27 -27
  11. data/lib/chef/{whitelist.rb → attribute_allowlist.rb} +11 -11
  12. data/lib/chef/{blacklist.rb → attribute_blocklist.rb} +9 -9
  13. data/lib/chef/chef_class.rb +0 -1
  14. data/lib/chef/chef_fs/chef_fs_data_store.rb +54 -54
  15. data/lib/chef/chef_fs/data_handler/organization_data_handler.rb +1 -2
  16. data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
  17. data/lib/chef/chef_fs/file_system/chef_server/cookbooks_dir.rb +1 -5
  18. data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
  19. data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
  20. data/lib/chef/chef_fs/file_system/repository/base_file.rb +1 -0
  21. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
  22. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
  23. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
  24. data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
  25. data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
  26. data/lib/chef/chef_fs/parallelizer/parallel_enumerable.rb +1 -1
  27. data/lib/chef/client.rb +14 -14
  28. data/lib/chef/cookbook/remote_file_vendor.rb +1 -3
  29. data/lib/chef/cookbook/syntax_check.rb +1 -2
  30. data/lib/chef/cookbook_loader.rb +15 -29
  31. data/lib/chef/data_bag.rb +1 -2
  32. data/lib/chef/data_collector/run_end_message.rb +11 -1
  33. data/lib/chef/deprecated.rb +8 -0
  34. data/lib/chef/dsl/platform_introspection.rb +9 -7
  35. data/lib/chef/encrypted_data_bag_item/decryptor.rb +1 -1
  36. data/lib/chef/environment.rb +3 -4
  37. data/lib/chef/exceptions.rb +4 -1
  38. data/lib/chef/file_content_management/tempfile.rb +9 -9
  39. data/lib/chef/handler.rb +2 -0
  40. data/lib/chef/http.rb +11 -11
  41. data/lib/chef/http/authenticator.rb +3 -1
  42. data/lib/chef/json_compat.rb +1 -1
  43. data/lib/chef/knife.rb +4 -4
  44. data/lib/chef/knife/bootstrap.rb +6 -12
  45. data/lib/chef/knife/bootstrap/train_connector.rb +1 -0
  46. data/lib/chef/knife/config_get.rb +1 -0
  47. data/lib/chef/knife/config_list_profiles.rb +4 -1
  48. data/lib/chef/knife/configure.rb +3 -1
  49. data/lib/chef/knife/cookbook_download.rb +1 -1
  50. data/lib/chef/knife/cookbook_metadata.rb +1 -1
  51. data/lib/chef/knife/cookbook_upload.rb +28 -33
  52. data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
  53. data/lib/chef/knife/core/generic_presenter.rb +1 -1
  54. data/lib/chef/knife/core/hashed_command_loader.rb +3 -2
  55. data/lib/chef/knife/core/subcommand_loader.rb +20 -1
  56. data/lib/chef/knife/core/ui.rb +8 -2
  57. data/lib/chef/knife/core/windows_bootstrap_context.rb +32 -25
  58. data/lib/chef/knife/delete.rb +15 -15
  59. data/lib/chef/knife/exec.rb +2 -2
  60. data/lib/chef/knife/rehash.rb +3 -21
  61. data/lib/chef/knife/ssh.rb +11 -7
  62. data/lib/chef/knife/xargs.rb +19 -19
  63. data/lib/chef/knife/yaml_convert.rb +1 -1
  64. data/lib/chef/log.rb +7 -2
  65. data/lib/chef/mixin/checksum.rb +0 -1
  66. data/lib/chef/mixin/chef_utils_wiring.rb +40 -0
  67. data/lib/chef/mixin/deep_merge.rb +35 -6
  68. data/{spec/unit/log_spec.rb → lib/chef/mixin/default_paths.rb} +13 -5
  69. data/lib/chef/mixin/openssl_helper.rb +30 -6
  70. data/lib/chef/mixin/path_sanity.rb +5 -4
  71. data/lib/chef/mixin/shell_out.rb +4 -188
  72. data/lib/chef/mixin/template.rb +1 -0
  73. data/lib/chef/mixin/which.rb +6 -3
  74. data/lib/chef/mixins.rb +1 -0
  75. data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
  76. data/lib/chef/node.rb +36 -12
  77. data/lib/chef/node/attribute.rb +2 -4
  78. data/lib/chef/node_map.rb +21 -18
  79. data/lib/chef/platform/service_helpers.rb +31 -28
  80. data/lib/chef/property.rb +1 -1
  81. data/lib/chef/provider/cron/unix.rb +0 -2
  82. data/lib/chef/provider/git.rb +17 -9
  83. data/lib/chef/provider/group.rb +0 -2
  84. data/lib/chef/provider/group/suse.rb +5 -5
  85. data/lib/chef/provider/ifconfig.rb +1 -4
  86. data/lib/chef/provider/mount.rb +0 -2
  87. data/lib/chef/provider/mount/solaris.rb +0 -1
  88. data/lib/chef/provider/package.rb +0 -2
  89. data/lib/chef/provider/package/rubygems.rb +1 -1
  90. data/lib/chef/provider/package/snap.rb +3 -4
  91. data/lib/chef/provider/package/windows.rb +9 -4
  92. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +9 -9
  93. data/lib/chef/provider/package/zypper.rb +0 -1
  94. data/lib/chef/provider/powershell_script.rb +21 -5
  95. data/lib/chef/provider/route.rb +1 -1
  96. data/lib/chef/provider/service.rb +2 -2
  97. data/lib/chef/provider/service/arch.rb +1 -1
  98. data/lib/chef/provider/service/debian.rb +1 -1
  99. data/lib/chef/provider/service/gentoo.rb +2 -2
  100. data/lib/chef/provider/service/macosx.rb +2 -2
  101. data/lib/chef/provider/service/openbsd.rb +1 -4
  102. data/lib/chef/provider/service/redhat.rb +2 -2
  103. data/lib/chef/provider/service/upstart.rb +1 -1
  104. data/lib/chef/provider/service/windows.rb +10 -10
  105. data/lib/chef/provider/systemd_unit.rb +0 -2
  106. data/lib/chef/provider/template/content.rb +1 -0
  107. data/lib/chef/provider/user/dscl.rb +2 -2
  108. data/lib/chef/provider/user/mac.rb +9 -9
  109. data/lib/chef/provider/windows_task.rb +0 -3
  110. data/lib/chef/provider/yum_repository.rb +1 -1
  111. data/lib/chef/provider/zypper_repository.rb +1 -2
  112. data/lib/chef/providers.rb +0 -1
  113. data/lib/chef/recipe.rb +1 -1
  114. data/lib/chef/resource.rb +8 -10
  115. data/lib/chef/resource/apt_repository.rb +1 -10
  116. data/lib/chef/resource/build_essential.rb +2 -2
  117. data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
  118. data/lib/chef/resource/chef_client_systemd_timer.rb +2 -2
  119. data/lib/chef/resource/chef_vault_secret.rb +13 -13
  120. data/lib/chef/resource/chocolatey_feature.rb +1 -2
  121. data/lib/chef/resource/cron/cron_d.rb +1 -1
  122. data/lib/chef/resource/cron_access.rb +2 -2
  123. data/lib/chef/resource/execute.rb +4 -5
  124. data/lib/chef/resource/homebrew_update.rb +2 -2
  125. data/lib/chef/resource/hostname.rb +18 -18
  126. data/lib/chef/resource/lwrp_base.rb +1 -0
  127. data/lib/chef/resource/macos_userdefaults.rb +176 -61
  128. data/lib/chef/resource/openssl_dhparam.rb +2 -0
  129. data/lib/chef/resource/openssl_ec_private_key.rb +2 -0
  130. data/lib/chef/resource/openssl_ec_public_key.rb +2 -0
  131. data/lib/chef/resource/openssl_rsa_private_key.rb +2 -0
  132. data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
  133. data/lib/chef/resource/openssl_x509_certificate.rb +35 -35
  134. data/lib/chef/resource/openssl_x509_crl.rb +3 -2
  135. data/lib/chef/resource/openssl_x509_request.rb +23 -20
  136. data/lib/chef/resource/osx_profile.rb +227 -5
  137. data/lib/chef/resource/powershell_package_source.rb +1 -1
  138. data/lib/chef/resource/powershell_script.rb +24 -30
  139. data/lib/chef/resource/service.rb +2 -2
  140. data/lib/chef/resource/ssh_known_hosts_entry.rb +1 -1
  141. data/lib/chef/resource/sudo.rb +2 -2
  142. data/lib/chef/resource/sysctl.rb +5 -5
  143. data/lib/chef/resource/timezone.rb +112 -73
  144. data/lib/chef/resource/user_ulimit.rb +1 -1
  145. data/lib/chef/resource/windows_ad_join.rb +2 -0
  146. data/lib/chef/resource/windows_audit_policy.rb +3 -0
  147. data/lib/chef/resource/windows_auto_run.rb +2 -0
  148. data/lib/chef/resource/windows_certificate.rb +2 -0
  149. data/lib/chef/resource/windows_dfs_folder.rb +2 -0
  150. data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
  151. data/lib/chef/resource/windows_dfs_server.rb +2 -0
  152. data/lib/chef/resource/windows_dns_record.rb +25 -5
  153. data/lib/chef/resource/windows_dns_zone.rb +12 -7
  154. data/lib/chef/resource/windows_feature.rb +2 -0
  155. data/lib/chef/resource/windows_feature_dism.rb +10 -0
  156. data/lib/chef/resource/windows_feature_powershell.rb +14 -2
  157. data/lib/chef/resource/windows_firewall_profile.rb +199 -0
  158. data/lib/chef/resource/windows_firewall_rule.rb +5 -3
  159. data/lib/chef/resource/windows_font.rb +3 -1
  160. data/lib/chef/resource/windows_pagefile.rb +4 -0
  161. data/lib/chef/resource/windows_printer.rb +17 -18
  162. data/lib/chef/resource/windows_printer_port.rb +14 -13
  163. data/lib/chef/resource/windows_security_policy.rb +51 -20
  164. data/lib/chef/resource/windows_share.rb +5 -3
  165. data/lib/chef/resource/windows_shortcut.rb +2 -0
  166. data/lib/chef/resource/windows_uac.rb +2 -0
  167. data/lib/chef/resource/windows_user_privilege.rb +2 -0
  168. data/lib/chef/resource/windows_workgroup.rb +2 -3
  169. data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
  170. data/lib/chef/resource_inspector.rb +7 -1
  171. data/lib/chef/resources.rb +1 -0
  172. data/lib/chef/role.rb +3 -4
  173. data/lib/chef/run_context/cookbook_compiler.rb +20 -20
  174. data/lib/chef/run_status.rb +2 -6
  175. data/lib/chef/server_api_versions.rb +4 -0
  176. data/lib/chef/shell.rb +1 -1
  177. data/lib/chef/shell/shell_session.rb +2 -0
  178. data/lib/chef/util/backup.rb +1 -1
  179. data/lib/chef/util/diff.rb +11 -12
  180. data/lib/chef/util/powershell/cmdlet.rb +1 -1
  181. data/lib/chef/version.rb +2 -2
  182. data/lib/chef/win32/file.rb +2 -2
  183. data/lib/chef/win32/file/version_info.rb +5 -5
  184. data/lib/chef/win32/registry.rb +1 -2
  185. data/spec/data/ssl/chef-rspec.cert +15 -15
  186. data/spec/functional/knife/ssh_spec.rb +5 -16
  187. data/spec/functional/resource/aix_service_spec.rb +0 -2
  188. data/spec/functional/resource/aixinit_service_spec.rb +7 -8
  189. data/spec/functional/resource/apt_package_spec.rb +0 -1
  190. data/spec/functional/resource/bff_spec.rb +2 -2
  191. data/spec/functional/resource/cookbook_file_spec.rb +1 -1
  192. data/spec/functional/resource/cron_spec.rb +0 -1
  193. data/spec/functional/resource/dsc_resource_spec.rb +1 -1
  194. data/spec/functional/resource/dsc_script_spec.rb +0 -1
  195. data/spec/functional/resource/git_spec.rb +23 -1
  196. data/spec/functional/resource/group_spec.rb +12 -8
  197. data/spec/functional/resource/insserv_spec.rb +4 -5
  198. data/spec/functional/resource/link_spec.rb +20 -20
  199. data/spec/functional/resource/powershell_script_spec.rb +4 -4
  200. data/spec/functional/resource/remote_file_spec.rb +1 -7
  201. data/spec/functional/resource/rpm_spec.rb +2 -2
  202. data/spec/functional/resource/windows_certificate_spec.rb +3 -3
  203. data/spec/functional/resource/windows_font_spec.rb +49 -0
  204. data/spec/functional/resource/windows_security_policy_spec.rb +0 -3
  205. data/spec/functional/resource/windows_user_privilege_spec.rb +1 -1
  206. data/spec/functional/run_lock_spec.rb +26 -25
  207. data/spec/functional/shell_spec.rb +5 -5
  208. data/spec/functional/util/powershell/cmdlet_spec.rb +1 -1
  209. data/spec/functional/version_spec.rb +1 -1
  210. data/spec/functional/win32/registry_spec.rb +8 -8
  211. data/spec/functional/win32/service_manager_spec.rb +1 -1
  212. data/spec/integration/knife/common_options_spec.rb +12 -12
  213. data/spec/integration/knife/config_get_profile_spec.rb +69 -68
  214. data/spec/integration/knife/config_get_spec.rb +126 -125
  215. data/spec/integration/knife/config_list_profiles_spec.rb +181 -152
  216. data/spec/integration/knife/config_use_profile_spec.rb +110 -109
  217. data/spec/integration/knife/cookbook_upload_spec.rb +27 -0
  218. data/spec/integration/knife/diff_spec.rb +3 -1
  219. data/spec/integration/knife/download_spec.rb +3 -1
  220. data/spec/integration/knife/serve_spec.rb +5 -5
  221. data/spec/integration/knife/upload_spec.rb +3 -1
  222. data/spec/integration/recipes/accumulator_spec.rb +1 -1
  223. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +2 -2
  224. data/spec/integration/recipes/lwrp_spec.rb +1 -1
  225. data/spec/integration/recipes/notifies_spec.rb +1 -1
  226. data/spec/integration/recipes/notifying_block_spec.rb +1 -1
  227. data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
  228. data/spec/integration/recipes/resource_converge_if_changed_spec.rb +2 -0
  229. data/spec/integration/recipes/resource_load_spec.rb +2 -0
  230. data/spec/integration/recipes/unified_mode_spec.rb +1 -1
  231. data/spec/integration/recipes/use_partial_spec.rb +1 -1
  232. data/spec/scripts/ssl-serve.rb +1 -1
  233. data/spec/spec_helper.rb +16 -10
  234. data/spec/support/chef_helpers.rb +1 -20
  235. data/spec/support/platform_helpers.rb +9 -11
  236. data/spec/support/platforms/win32/spec_service.rb +1 -1
  237. data/spec/support/shared/functional/directory_resource.rb +1 -1
  238. data/spec/support/shared/functional/execute_resource.rb +1 -1
  239. data/spec/support/shared/functional/file_resource.rb +20 -21
  240. data/spec/support/shared/functional/win32_service.rb +1 -1
  241. data/spec/support/shared/functional/windows_script.rb +3 -3
  242. data/spec/support/shared/integration/integration_helper.rb +22 -52
  243. data/spec/support/shared/integration/knife_support.rb +2 -9
  244. data/spec/support/shared/unit/application_dot_d.rb +0 -1
  245. data/spec/support/shared/unit/script_resource.rb +6 -20
  246. data/spec/support/shared/unit/windows_script_resource.rb +15 -28
  247. data/spec/unit/application_spec.rb +4 -2
  248. data/spec/unit/chef_fs/file_system/operation_failed_error_spec.rb +2 -4
  249. data/spec/unit/chef_fs/{parallelizer.rb → parallelizer_spec.rb} +1 -1
  250. data/spec/unit/cookbook/gem_installer_spec.rb +2 -1
  251. data/spec/unit/data_collector_spec.rb +29 -1
  252. data/spec/unit/dsl/platform_introspection_spec.rb +1 -0
  253. data/spec/unit/environment_spec.rb +7 -7
  254. data/spec/unit/event_dispatch/dispatcher_spec.rb +3 -0
  255. data/spec/unit/http/api_versions_spec.rb +19 -1
  256. data/spec/unit/json_compat_spec.rb +1 -1
  257. data/spec/unit/knife/bootstrap_spec.rb +16 -20
  258. data/spec/unit/knife/cookbook_download_spec.rb +4 -4
  259. data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
  260. data/spec/unit/knife/cookbook_upload_spec.rb +7 -10
  261. data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
  262. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +21 -12
  263. data/spec/unit/knife/supermarket_share_spec.rb +1 -1
  264. data/spec/unit/log/syslog_spec.rb +6 -10
  265. data/spec/unit/log/winevt_spec.rb +21 -13
  266. data/spec/unit/lwrp_spec.rb +4 -4
  267. data/spec/unit/mixin/{path_sanity_spec.rb → default_paths_spec.rb} +14 -14
  268. data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
  269. data/spec/unit/mixin/securable_spec.rb +0 -1
  270. data/spec/unit/mixin/shell_out_spec.rb +25 -26
  271. data/spec/unit/mixin/template_spec.rb +30 -30
  272. data/spec/unit/mixin/which.rb +8 -0
  273. data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
  274. data/spec/unit/node/immutable_collections_spec.rb +6 -2
  275. data/spec/unit/node_spec.rb +103 -16
  276. data/spec/unit/property_spec.rb +5 -5
  277. data/spec/unit/provider/execute_spec.rb +0 -7
  278. data/spec/unit/provider/ifconfig_spec.rb +0 -1
  279. data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -1
  280. data/spec/unit/provider/package/rubygems_spec.rb +5 -10
  281. data/spec/unit/provider/package/smartos_spec.rb +1 -1
  282. data/spec/unit/provider/package/windows_spec.rb +30 -53
  283. data/spec/unit/provider/powershell_script_spec.rb +11 -4
  284. data/spec/unit/provider/remote_directory_spec.rb +9 -9
  285. data/spec/unit/provider/service/arch_service_spec.rb +3 -2
  286. data/spec/unit/provider/service/debian_service_spec.rb +1 -1
  287. data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
  288. data/spec/unit/provider/service/macosx_spec.rb +3 -3
  289. data/spec/unit/provider/service/redhat_spec.rb +3 -3
  290. data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
  291. data/spec/unit/provider/service/windows_spec.rb +2 -6
  292. data/spec/unit/provider/systemd_unit_spec.rb +28 -24
  293. data/spec/unit/provider_resolver_spec.rb +6 -6
  294. data/spec/unit/provider_spec.rb +1 -0
  295. data/spec/unit/resource/batch_spec.rb +6 -6
  296. data/spec/unit/resource/execute_spec.rb +123 -118
  297. data/spec/unit/resource/macos_user_defaults_spec.rb +103 -2
  298. data/spec/unit/resource/osx_profile_spec.rb +233 -0
  299. data/spec/unit/resource/powershell_script_spec.rb +11 -29
  300. data/spec/unit/resource/script_spec.rb +6 -1
  301. data/spec/unit/resource/timezone_spec.rb +63 -0
  302. data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
  303. data/spec/unit/resource/windows_firewall_profile_spec.rb +77 -0
  304. data/spec/unit/resource/windows_package_spec.rb +1 -0
  305. data/spec/unit/resource_reporter_spec.rb +1 -1
  306. data/spec/unit/role_spec.rb +11 -11
  307. data/spec/unit/run_context/cookbook_compiler_spec.rb +1 -1
  308. data/spec/unit/run_lock_spec.rb +1 -1
  309. data/spec/unit/scan_access_control_spec.rb +1 -1
  310. data/spec/unit/server_api_spec.rb +43 -16
  311. data/spec/unit/util/diff_spec.rb +1 -15
  312. data/spec/unit/win32/security_spec.rb +4 -3
  313. data/tasks/rspec.rb +1 -1
  314. metadata +39 -31
  315. data/lib/chef/provider/osx_profile.rb +0 -255
  316. data/spec/unit/provider/osx_profile_spec.rb +0 -255
@@ -23,6 +23,8 @@ class Chef
23
23
  require_relative "../mixin/openssl_helper"
24
24
  include Chef::Mixin::OpenSSLHelper
25
25
 
26
+ unified_mode true
27
+
26
28
  provides(:openssl_dhparam) { true }
27
29
 
28
30
  description "Use the **openssl_dhparam** resource to generate dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten."
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_ec_private_key
28
30
 
29
31
  description "Use the **openssl_ec_private_key** resource to generate an elliptic curve (EC) private key file. If a valid EC key file can be opened at the specified location, no new file will be created. If the EC key file cannot be opened, either because it does not exist or because the password to the EC key file does not match the password in the recipe, then it will be overwritten."
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_ec_public_key
28
30
 
29
31
  description "Use the **openssl_ec_public_key** resource to generate elliptic curve (EC) public key files from a given EC private key."
@@ -23,6 +23,8 @@ class Chef
23
23
  require_relative "../mixin/openssl_helper"
24
24
  include Chef::Mixin::OpenSSLHelper
25
25
 
26
+ unified_mode true
27
+
26
28
  provides(:openssl_rsa_private_key) { true }
27
29
  provides(:openssl_rsa_key) { true } # legacy cookbook resource name
28
30
 
@@ -23,6 +23,8 @@ class Chef
23
23
  require_relative "../mixin/openssl_helper"
24
24
  include Chef::Mixin::OpenSSLHelper
25
25
 
26
+ unified_mode true
27
+
26
28
  provides(:openssl_rsa_public_key) { true }
27
29
 
28
30
  examples <<~DOC
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_certificate
28
30
  provides(:openssl_x509) { true } # legacy cookbook name.
29
31
 
@@ -161,7 +163,7 @@ class Chef
161
163
  content cert.to_pem
162
164
  end
163
165
 
164
- if !new_resource.renew_before_expiry.nil? && cert_need_renewall?(new_resource.path, new_resource.renew_before_expiry)
166
+ if !new_resource.renew_before_expiry.nil? && cert_need_renewal?(new_resource.path, new_resource.renew_before_expiry)
165
167
  file new_resource.path do
166
168
  action :create
167
169
  owner new_resource.owner unless new_resource.owner.nil?
@@ -173,7 +175,7 @@ class Chef
173
175
  end
174
176
 
175
177
  if new_resource.csr_file.nil?
176
- file new_resource.key_file do
178
+ file key_file do
177
179
  action :create_if_missing
178
180
  owner new_resource.owner unless new_resource.owner.nil?
179
181
  group new_resource.group unless new_resource.group.nil?
@@ -185,54 +187,53 @@ class Chef
185
187
  end
186
188
 
187
189
  action_class do
188
- def generate_key_file
189
- unless new_resource.key_file
190
- path, file = ::File.split(new_resource.path)
191
- filename = ::File.basename(file, ::File.extname(file))
192
- new_resource.key_file path + "/" + filename + ".key"
193
- end
194
- new_resource.key_file
190
+ def key_file
191
+ @key_file ||=
192
+ if new_resource.key_file
193
+ new_resource.key_file
194
+ else
195
+ path, file = ::File.split(new_resource.path)
196
+ filename = ::File.basename(file, ::File.extname(file))
197
+ path + "/" + filename + ".key"
198
+ end
195
199
  end
196
200
 
197
201
  def key
198
- @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
199
- OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
202
+ @key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
203
+ OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
200
204
  elsif new_resource.key_type == "rsa"
201
205
  gen_rsa_priv_key(new_resource.key_length)
202
206
  else
203
207
  gen_ec_priv_key(new_resource.key_curve)
204
208
  end
205
- @key
206
209
  end
207
210
 
208
211
  def request
209
- request = if new_resource.csr_file.nil?
210
- gen_x509_request(subject, key)
211
- else
212
- OpenSSL::X509::Request.new ::File.read(new_resource.csr_file)
213
- end
214
- request
212
+ if new_resource.csr_file.nil?
213
+ gen_x509_request(subject, key)
214
+ else
215
+ OpenSSL::X509::Request.new ::File.read(new_resource.csr_file)
216
+ end
215
217
  end
216
218
 
217
219
  def subject
218
- subject = OpenSSL::X509::Name.new
219
- subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
220
- subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
221
- subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
222
- subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
223
- subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
224
- subject.add_entry("CN", new_resource.common_name)
225
- subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
226
- subject
220
+ OpenSSL::X509::Name.new.tap do |csr_subject|
221
+ csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
222
+ csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
223
+ csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
224
+ csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
225
+ csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
226
+ csr_subject.add_entry("CN", new_resource.common_name)
227
+ csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
228
+ end
227
229
  end
228
230
 
229
231
  def ca_private_key
230
- ca_private_key = if new_resource.csr_file.nil?
231
- key
232
- else
233
- OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
234
- end
235
- ca_private_key
232
+ if new_resource.csr_file.nil?
233
+ key
234
+ else
235
+ OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
236
+ end
236
237
  end
237
238
 
238
239
  def ca_info
@@ -258,8 +259,7 @@ class Chef
258
259
  end
259
260
 
260
261
  def cert
261
- cert = gen_x509_cert(request, extensions, ca_info, ca_private_key)
262
- cert
262
+ gen_x509_cert(request, extensions, ca_info, ca_private_key)
263
263
  end
264
264
  end
265
265
  end
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_crl
28
30
 
29
31
  description "Use the **openssl_x509_crl** resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
@@ -113,8 +115,7 @@ class Chef
113
115
  end
114
116
 
115
117
  def ca_private_key
116
- ca_private_key = ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
117
- ca_private_key
118
+ ::OpenSSL::PKey.read ::File.read(new_resource.ca_key_file), new_resource.ca_key_pass
118
119
  end
119
120
 
120
121
  def crl
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_request
28
30
 
29
31
  description "Use the **openssl_x509_request** resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate."
@@ -132,7 +134,7 @@ class Chef
132
134
  action :create
133
135
  end
134
136
 
135
- file new_resource.key_file do
137
+ file key_file do
136
138
  owner new_resource.owner unless new_resource.owner.nil?
137
139
  group new_resource.group unless new_resource.group.nil?
138
140
  mode new_resource.mode unless new_resource.mode.nil?
@@ -145,36 +147,37 @@ class Chef
145
147
  end
146
148
 
147
149
  action_class do
148
- def generate_key_file
149
- unless new_resource.key_file
150
- path, file = ::File.split(new_resource.path)
151
- filename = ::File.basename(file, ::File.extname(file))
152
- new_resource.key_file path + "/" + filename + ".key"
153
- end
154
- new_resource.key_file
150
+ def key_file
151
+ @key_file ||=
152
+ if new_resource.key_file
153
+ new_resource.key_file
154
+ else
155
+ path, file = ::File.split(new_resource.path)
156
+ filename = ::File.basename(file, ::File.extname(file))
157
+ path + "/" + filename + ".key"
158
+ end
155
159
  end
156
160
 
157
161
  def key
158
- @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
159
- OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
162
+ @key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
163
+ OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
160
164
  elsif new_resource.key_type == "rsa"
161
165
  gen_rsa_priv_key(new_resource.key_length)
162
166
  else
163
167
  gen_ec_priv_key(new_resource.key_curve)
164
168
  end
165
- @key
166
169
  end
167
170
 
168
171
  def subject
169
- csr_subject = OpenSSL::X509::Name.new
170
- csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
171
- csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
172
- csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
173
- csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
174
- csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
175
- csr_subject.add_entry("CN", new_resource.common_name)
176
- csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
177
- csr_subject
172
+ OpenSSL::X509::Name.new.tap do |csr_subject|
173
+ csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
174
+ csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
175
+ csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
176
+ csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
177
+ csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
178
+ csr_subject.add_entry("CN", new_resource.common_name)
179
+ csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
180
+ end
178
181
  end
179
182
 
180
183
  def csr
@@ -17,6 +17,10 @@
17
17
  #
18
18
 
19
19
  require_relative "../resource"
20
+ require_relative "../log"
21
+ require_relative "../resource/file"
22
+ require "uuidtools"
23
+ require "plist"
20
24
 
21
25
  class Chef
22
26
  class Resource
@@ -29,9 +33,6 @@ class Chef
29
33
  description "Use the **osx_profile** resource to manage configuration profiles (.mobileconfig files) on the macOS platform. The osx_profile resource installs profiles by using the uuidgen library to generate a unique ProfileUUID, and then using the profiles command to install the profile on the system."
30
34
  introduced "12.7"
31
35
 
32
- default_action :install
33
- allowed_actions :install, :remove
34
-
35
36
  property :profile_name, String,
36
37
  description: "Use to specify the name of the profile, if different from the name of the resource block.",
37
38
  name_property: true
@@ -42,8 +43,229 @@ class Chef
42
43
  property :identifier, String,
43
44
  description: "Use to specify the identifier for the profile, such as com.company.screensaver."
44
45
 
45
- property :path, String,
46
- description: "The path to write the profile to disk before loading it."
46
+ # this is not a property it is necessary for the tempfile this resource uses to work (FIXME: this is terrible)
47
+ #
48
+ # @api private
49
+ #
50
+ def path(path = nil)
51
+ @path ||= path
52
+ @path
53
+ end
54
+
55
+ action_class do
56
+ def load_current_resource
57
+ @current_resource = Chef::Resource::OsxProfile.new(new_resource.name)
58
+ current_resource.profile_name(new_resource.profile_name)
59
+
60
+ if new_profile_hash
61
+ new_profile_hash["PayloadUUID"] = config_uuid(new_profile_hash)
62
+ end
63
+
64
+ current_resource.profile(current_profile)
65
+ end
66
+
67
+ def current_profile
68
+ all_profiles = get_installed_profiles
69
+
70
+ if all_profiles && all_profiles.key?("_computerlevel")
71
+ return all_profiles["_computerlevel"].find do |item|
72
+ item["ProfileIdentifier"] == new_profile_identifier
73
+ end
74
+ end
75
+ nil
76
+ end
77
+
78
+ def invalid_profile_name?(name_or_identifier)
79
+ name_or_identifier.end_with?(".mobileconfig") || !/^\w+(?:(\.| )\w+)+$/.match(name_or_identifier)
80
+ end
81
+
82
+ def check_resource_semantics!
83
+ if mac? && node["platform_version"] =~ ">= 11.0"
84
+ raise "The osx_profile resource is not available on macOS Big Sur or above due to Apple's removal of support for CLI profile installation"
85
+ end
86
+
87
+ if action == :remove
88
+ if new_profile_identifier
89
+ if invalid_profile_name?(new_profile_identifier)
90
+ raise "when removing using the identifier property, it must match the profile identifier"
91
+ end
92
+ else
93
+ if invalid_profile_name?(new_resource.profile_name)
94
+ raise "When removing by resource name, it must match the profile identifier"
95
+ end
96
+ end
97
+ end
98
+
99
+ if action == :install
100
+ if new_profile_hash.is_a?(Hash) && !new_profile_hash.include?("PayloadIdentifier")
101
+ raise "The specified profile does not seem to be valid"
102
+ end
103
+ if new_profile_hash.is_a?(String) && !new_profile_hash.end_with?(".mobileconfig")
104
+ raise "#{new_profile_hash}' is not a valid profile"
105
+ end
106
+ end
107
+ end
108
+ end
109
+
110
+ action :install do
111
+ unless profile_installed?
112
+ converge_by("install profile #{new_profile_identifier}") do
113
+ profile_path = write_profile_to_disk
114
+ install_profile(profile_path)
115
+ get_installed_profiles(true)
116
+ end
117
+ end
118
+ end
119
+
120
+ action :remove do
121
+ # Clean up profile after removing it
122
+ if profile_installed?
123
+ converge_by("remove profile #{new_profile_identifier}") do
124
+ remove_profile
125
+ get_installed_profiles(true)
126
+ end
127
+ end
128
+ end
129
+
130
+ action_class do
131
+ private
132
+
133
+ def profile
134
+ @profile ||= new_resource.profile || new_resource.profile_name
135
+ end
136
+
137
+ def new_profile_hash
138
+ @new_profile_hash ||= get_profile_hash(profile)
139
+ end
140
+
141
+ def new_profile_identifier
142
+ @new_profile_identifier ||= if new_profile_hash
143
+ new_profile_hash["PayloadIdentifier"]
144
+ else
145
+ new_resource.identifier || new_resource.profile_name
146
+ end
147
+ end
148
+
149
+ def load_profile_hash(new_profile)
150
+ # file must exist in cookbook
151
+ return nil unless new_profile.end_with?(".mobileconfig")
152
+
153
+ unless cookbook_file_available?(new_profile)
154
+ raise Chef::Exceptions::FileNotFound, "#{self}: '#{new_profile}' not found in cookbook"
155
+ end
156
+
157
+ cookbook_profile = cache_cookbook_profile(new_profile)
158
+ ::Plist.parse_xml(cookbook_profile)
159
+ end
160
+
161
+ def cookbook_file_available?(cookbook_file)
162
+ run_context.has_cookbook_file_in_cookbook?(
163
+ new_resource.cookbook_name, cookbook_file
164
+ )
165
+ end
166
+
167
+ def get_cache_dir
168
+ Chef::FileCache.create_cache_path(
169
+ "profiles/#{new_resource.cookbook_name}"
170
+ )
171
+ end
172
+
173
+ def cache_cookbook_profile(cookbook_file)
174
+ Chef::FileCache.create_cache_path(
175
+ ::File.join(
176
+ "profiles",
177
+ new_resource.cookbook_name,
178
+ ::File.dirname(cookbook_file)
179
+ )
180
+ )
181
+
182
+ path = ::File.join( get_cache_dir, "#{cookbook_file}.remote")
183
+
184
+ cookbook_file path do
185
+ cookbook_name = new_resource.cookbook_name
186
+ source(cookbook_file)
187
+ backup(false)
188
+ run_action(:create)
189
+ end
190
+
191
+ path
192
+ end
193
+
194
+ def get_profile_hash(new_profile)
195
+ if new_profile.is_a?(Hash)
196
+ new_profile
197
+ elsif new_profile.is_a?(String)
198
+ load_profile_hash(new_profile)
199
+ end
200
+ end
201
+
202
+ def config_uuid(profile)
203
+ # Make a UUID of the profile contents and return as string
204
+ UUIDTools::UUID.sha1_create(
205
+ UUIDTools::UUID_DNS_NAMESPACE,
206
+ profile.to_s
207
+ ).to_s
208
+ end
209
+
210
+ def write_profile_to_disk
211
+ # FIXME: this is kind of terrible, the resource needs a tempfile to use and
212
+ # wants it created similarly to the file providers (with all the magic necessary
213
+ # for determining if it should go in the cwd or into a tmpdir), but it abuses
214
+ # the Chef::FileContentManagement::Tempfile API to do that, which requires setting
215
+ # a `path` method on the resource because of tight-coupling to the file provider
216
+ # pattern. We don't just want to use a file here because the point is to get
217
+ # at the tempfile pattern from the file provider, but to feed that into a shell
218
+ # command rather than deploying the file to somewhere on disk. There's some
219
+ # better API that needs extracting here.
220
+ new_resource.path(Chef::FileCache.create_cache_path("profiles"))
221
+ tempfile = Chef::FileContentManagement::Tempfile.new(new_resource).tempfile
222
+ tempfile.write(new_profile_hash.to_plist)
223
+ tempfile.close
224
+ tempfile.path
225
+ end
226
+
227
+ def install_profile(profile_path)
228
+ cmd = [ "/usr/bin/profiles", "-I", "-F", profile_path ]
229
+ logger.trace("cmd: #{cmd.join(" ")}")
230
+ shell_out!(*cmd)
231
+ end
232
+
233
+ def remove_profile
234
+ cmd = [ "/usr/bin/profiles", "-R", "-p", new_profile_identifier ]
235
+ logger.trace("cmd: #{cmd.join(" ")}")
236
+ shell_out!(*cmd)
237
+ end
238
+
239
+ #
240
+ # FIXME FIXME FIXME
241
+ # The node object should not be used for caching state like this and this is not a public API and may break.
242
+ # FIXME FIXME FIXME
243
+ #
244
+
245
+ def get_installed_profiles(update = nil)
246
+ if update
247
+ node.run_state[:config_profiles] = query_installed_profiles
248
+ else
249
+ node.run_state[:config_profiles] ||= query_installed_profiles
250
+ end
251
+ logger.trace("Saved profiles to run_state")
252
+ end
253
+
254
+ def query_installed_profiles
255
+ Tempfile.open("allprofiles.plist") do |tempfile|
256
+ shell_out( "/usr/bin/profiles", "-P", "-o", tempfile.path )
257
+ ::Plist.parse_xml(tempfile)
258
+ end
259
+ end
260
+
261
+ def profile_installed?
262
+ # Profile Identifier and UUID must match a currently installed profile
263
+ return false if current_resource.profile.nil? || current_resource.profile.empty?
264
+ return true if action == :remove
265
+
266
+ current_resource.profile["ProfileUUID"] == new_profile_hash["PayloadUUID"]
267
+ end
268
+ end
47
269
  end
48
270
  end
49
271
  end