chef 16.2.73 → 16.4.41

data/lib/chef/resource/windows_printer_port.rb

@@ -22,6 +22,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsPrinterPort < Chef::Resource
+      unified_mode true
+
       require "resolv"
 
       provides(:windows_printer_port) { true }
@@ -82,30 +84,19 @@ class Chef
         validation_message: "port_protocol must be either 1 for RAW or 2 for LPR!",
         default: 1, equal_to: [1, 2]
 
-      property :exists, [TrueClass, FalseClass],
-        skip_docs: true
-
       PORTS_REG_KEY = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\\'.freeze unless defined?(PORTS_REG_KEY)
 
-      def port_exists?(name)
-        port_reg_key = PORTS_REG_KEY + name
-
-        logger.trace "Checking to see if this reg key exists: '#{port_reg_key}'"
-        registry_key_exists?(port_reg_key)
-      end
-
       # @todo Set @current_resource port properties from registry
       load_current_value do |desired|
         name desired.name
         ipv4_address desired.ipv4_address
         port_name desired.port_name || "IP_#{desired.ipv4_address}"
-        exists port_exists?(desired.port_name || "IP_#{desired.ipv4_address}")
       end
 
       action :create do
         description "Create the new printer port if it does not already exist."
 
-        if current_resource.exists
+        if port_exists?
           Chef::Log.info "#{@new_resource} already exists - nothing to do."
         else
           converge_by("Create #{@new_resource}") do
@@ -117,7 +108,7 @@ class Chef
       action :delete do
         description "Delete an existing printer port."
 
-        if current_resource.exists
+        if port_exists?
           converge_by("Delete #{@new_resource}") do
             delete_printer_port
           end
@@ -127,6 +118,16 @@ class Chef
       end
 
       action_class do
+        private
+
+        def port_exists?
+          name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
+          port_reg_key = PORTS_REG_KEY + name
+
+          logger.trace "Checking to see if this reg key exists: '#{port_reg_key}'"
+          registry_key_exists?(port_reg_key)
+        end
+
         def create_printer_port
           port_name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
 

data/lib/chef/resource/windows_security_policy.rb

@@ -21,6 +21,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsSecurityPolicy < Chef::Resource
+      unified_mode true
+
       provides :windows_security_policy
 
       # The valid policy_names options found here
@@ -80,13 +82,55 @@ class Chef
       property :secvalue, String, required: true,
       description: "Policy value to be set for policy name."
 
+      load_current_value do |desired|
+        powershell_code = <<-CODE
+          C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\secopts_export.inf | Out-Null
+          # cspell:disable-next-line
+          $security_options_data = (Get-Content $env:TEMP\\secopts_export.inf | Select-String -Pattern "^[CEFLMNPR].* =.*$" | Out-String)
+          Remove-Item $env:TEMP\\secopts_export.inf -force
+          $security_options_hash = ($security_options_data -Replace '"'| ConvertFrom-StringData)
+          ([PSCustomObject]@{
+            RequireLogonToChangePassword = $security_options_hash.RequireLogonToChangePassword
+            PasswordComplexity = $security_options_hash.PasswordComplexity
+            LSAAnonymousNameLookup = $security_options_hash.LSAAnonymousNameLookup
+            EnableAdminAccount = $security_options_hash.EnableAdminAccount
+            PasswordHistorySize = $security_options_hash.PasswordHistorySize
+            MinimumPasswordLength = $security_options_hash.MinimumPasswordLength
+            ResetLockoutCount = $security_options_hash.ResetLockoutCount
+            MaximumPasswordAge = $security_options_hash.MaximumPasswordAge
+            ClearTextPassword = $security_options_hash.ClearTextPassword
+            NewAdministratorName = $security_options_hash.NewAdministratorName
+            LockoutDuration = $security_options_hash.LockoutDuration
+            EnableGuestAccount = $security_options_hash.EnableGuestAccount
+            ForceLogoffWhenHourExpire = $security_options_hash.ForceLogoffWhenHourExpire
+            MinimumPasswordAge = $security_options_hash.MinimumPasswordAge
+            NewGuestName = $security_options_hash.NewGuestName
+            LockoutBadCount = $security_options_hash.LockoutBadCount
+          }) | ConvertTo-Json
+        CODE
+        output = powershell_out(powershell_code)
+        current_value_does_not_exist! if output.stdout.empty?
+        state = Chef::JSONCompat.from_json(output.stdout)
+
+        if desired.secoption == "ResetLockoutCount" || desired.secoption == "LockoutDuration"
+          if state["LockoutBadCount"] == "0"
+            raise Chef::Exceptions::ValidationFailed.new "#{desired.secoption} cannot be set unless the \"LockoutBadCount\" security policy has been set to a non-zero value"
+          else
+            secvalue state[desired.secoption.to_s]
+          end
+        else
+          secvalue state[desired.secoption.to_s]
+        end
+      end
+
       action :set do
-        security_option = new_resource.secoption
-        security_value = new_resource.secvalue
-        powershell_script "#{security_option} set to #{security_value}" do
-          convert_boolean_return true
-          code <<-EOH
+        converge_if_changed :secvalue do
+          security_option = new_resource.secoption
+          security_value = new_resource.secvalue
+
+          cmd = <<-EOH
             $security_option = "#{security_option}"
+            C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
             if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") )
               {
                 $#{security_option}_Remediation = (Get-Content $env:TEMP\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content $env:TEMP\\#{security_option}_Export.inf
@@ -99,21 +143,8 @@ class Chef
               }
             Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
           EOH
-          not_if <<-EOH
-            $#{security_option}_Export = C:\\Windows\\System32\\secedit /export /cfg $env:TEMP\\#{security_option}_Export.inf
-            $ExportAudit = (Get-Content $env:TEMP\\#{security_option}_Export.inf | Select-String -Pattern #{security_option})
-            $check_digit = $ExportAudit -match '#{security_option} = #{security_value}'
-            $check_string = $ExportAudit -match '#{security_option} = "#{security_value}"'
-            if ( $check_string -Or $check_digit )
-              {
-                Remove-Item $env:TEMP\\#{security_option}_Export.inf -force
-                $true
-              }
-            else
-              {
-                $false
-              }
-          EOH
+
+          powershell_out!(cmd)
         end
       end
     end

data/lib/chef/resource/windows_share.rb

@@ -26,6 +26,8 @@ require_relative "../util/path_helper"
 class Chef
   class Resource
     class WindowsShare < Chef::Resource
+      unified_mode true
+
       provides :windows_share
 
       description "Use the **windows_share** resource to create, modify and remove Windows shares."
@@ -59,7 +61,7 @@ class Chef
       # Specifies the path of the location of the folder to share. The path must be fully qualified. Relative paths or paths that contain wildcard characters are not permitted.
       property :path, String,
         description: "The path of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created.",
-        coerce: proc { |p| p.gsub(%r{/}, "\\") || p }
+        coerce: proc { |p| p.tr("/", "\\") || p }
 
       # Specifies an optional description of the SMB share. A description of the share is displayed by running the Get-SmbShare cmdlet. The description may not contain more than 256 characters.
       property :description, String,
@@ -117,8 +119,6 @@ class Chef
       # Specifies which files and folders in the SMB share are visible to users. AccessBased: SMB does not the display the files and folders for a share to a user unless that user has rights to access the files and folders. By default, access-based enumeration is disabled for new SMB shares. Unrestricted: SMB displays files and folders to a user even when the user does not have permission to access the items.
       # property :folder_enumeration_mode, String, equal_to: %(AccessBased Unrestricted)
 
-      include Chef::Mixin::PowershellOut
-
       load_current_value do |desired|
         # this command selects individual objects because EncryptData & CachingMode have underlying
         # types that get converted to their Integer values by ConvertTo-Json & we need to make sure
@@ -233,6 +233,8 @@ class Chef
       end
 
       action_class do
+        private
+
         def different_path?
           return false if current_resource.nil? # going from nil to something isn't different for our concerns
           return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path)

data/lib/chef/resource/windows_shortcut.rb

@@ -21,6 +21,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsShortcut < Chef::Resource
+      unified_mode true
+
       provides(:windows_shortcut) { true }
 
       description "Use the **windows_shortcut** resource to create shortcut files on Windows."

data/lib/chef/resource/windows_uac.rb

@@ -20,6 +20,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsUac < Chef::Resource
+      unified_mode true
+
       provides :windows_uac
 
       description 'The *windows_uac* resource configures UAC on Windows hosts by setting registry keys at `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`'

data/lib/chef/resource/windows_user_privilege.rb

@@ -21,6 +21,8 @@ require_relative "../resource"
 class Chef
   class Resource
     class WindowsUserPrivilege < Chef::Resource
+      unified_mode true
+
       privilege_opts = %w{SeTrustedCredManAccessPrivilege
                           SeNetworkLogonRight
                           SeTcbPrivilege

data/lib/chef/resource/windows_workgroup.rb

@@ -16,7 +16,6 @@
 #
 
 require_relative "../resource"
-require_relative "../mixin/powershell_out"
 require_relative "../dist"
 
 class Chef
@@ -24,8 +23,6 @@ class Chef
     class WindowsWorkgroup < Chef::Resource
       provides :windows_workgroup
 
-      include Chef::Mixin::PowershellOut
-
       description "Use the **windows_workgroup** resource to join or change the workgroup of a Windows host."
       introduced "14.5"
       examples <<~DOC
@@ -57,6 +54,7 @@ class Chef
 
       property :password, String,
         description: "The password for the local administrator user. Required if using the `user` property.",
+        sensitive: true,
         desired_state: false
 
       property :reboot, Symbol,
@@ -83,6 +81,7 @@ class Chef
       end
 
       # define this again so we can default it to true. Otherwise failures print the password
+      # FIXME: this should now be unnecessary with the password property itself marked sensitive?
       property :sensitive, [TrueClass, FalseClass],
         default: true, desired_state: false
 

data/lib/chef/resource_collection/stepable_iterator.rb

@@ -20,8 +20,7 @@ class Chef
     class StepableIterator
 
       def self.for_collection(new_collection)
-        instance = new(new_collection)
-        instance
+        new(new_collection)
       end
 
       attr_accessor :collection

data/lib/chef/resource_inspector.rb

@@ -59,11 +59,17 @@ module ResourceInspector
                required: opts[:required] || false,
                default: opts[:default_description] || get_default(opts[:default]),
                name_property: opts[:name_property] || false,
-               equal_to: Array(opts[:equal_to]).sort.map(&:inspect) }
+               equal_to: sort_equal_to(opts[:equal_to]) }
     end
     data
   end
 
+  def self.sort_equal_to(equal_to)
+    Array(equal_to).sort.map(&:inspect)
+  rescue ArgumentError
+    Array(equal_to).map(&:inspect)
+  end
+
   def self.extract_cookbook(path, complete)
     path = File.expand_path(path)
     dir, name = File.split(path)

data/lib/chef/resources.rb

@@ -153,6 +153,7 @@ require_relative "resource/windows_dns_zone"
 require_relative "resource/windows_feature"
 require_relative "resource/windows_feature_dism"
 require_relative "resource/windows_feature_powershell"
+require_relative "resource/windows_firewall_profile"
 require_relative "resource/windows_firewall_rule"
 require_relative "resource/windows_font"
 require_relative "resource/windows_pagefile"

data/lib/chef/role.rb

@@ -133,7 +133,7 @@ class Chef
     def to_h
       env_run_lists_without_default = @env_run_lists.dup
       env_run_lists_without_default.delete("_default")
-      result = {
+      {
         "name" => @name,
         "description" => @description,
         "json_class" => self.class.name,
@@ -149,7 +149,6 @@ class Chef
           accumulator
         end,
       }
-      result
     end
 
     alias_method :to_hash, :to_h
@@ -257,11 +256,11 @@ class Chef
 
         js_path, rb_path = js_files.first, rb_files.first
 
-        if js_path && File.exists?(js_path)
+        if js_path && File.exist?(js_path)
           # from_json returns object.class => json_class in the JSON.
           hsh = Chef::JSONCompat.parse(IO.read(js_path))
           return from_hash(hsh)
-        elsif rb_path && File.exists?(rb_path)
+        elsif rb_path && File.exist?(rb_path)
           role = Chef::Role.new
           role.name(name)
           role.from_file(rb_path)

data/lib/chef/run_context/cookbook_compiler.rb

@@ -169,17 +169,17 @@ class Chef
       def compile_recipes
         @events.recipe_load_start(run_list_expansion.recipes.size)
         run_list_expansion.recipes.each do |recipe|
-          begin
-            path = resolve_recipe(recipe)
-            @run_context.load_recipe(recipe)
-            @events.recipe_file_loaded(path, recipe)
-          rescue Chef::Exceptions::RecipeNotFound => e
-            @events.recipe_not_found(e)
-            raise
-          rescue Exception => e
-            @events.recipe_file_load_failed(path, e, recipe)
-            raise
-          end
+
+          path = resolve_recipe(recipe)
+          @run_context.load_recipe(recipe)
+          @events.recipe_file_loaded(path, recipe)
+        rescue Chef::Exceptions::RecipeNotFound => e
+          @events.recipe_not_found(e)
+          raise
+        rescue Exception => e
+          @events.recipe_file_load_failed(path, e, recipe)
+          raise
+
         end
         @events.recipe_load_complete
       end
@@ -231,14 +231,14 @@ class Chef
 
       def load_libraries_from_cookbook(cookbook_name, globs = "**/*.rb")
         each_file_in_cookbook_by_segment(cookbook_name, :libraries, globs) do |filename|
-          begin
-            logger.trace("Loading cookbook #{cookbook_name}'s library file: #{filename}")
-            Kernel.require(filename)
-            @events.library_file_loaded(filename)
-          rescue Exception => e
-            @events.library_file_load_failed(filename, e)
-            raise
-          end
+
+          logger.trace("Loading cookbook #{cookbook_name}'s library file: #{filename}")
+          Kernel.require(filename)
+          @events.library_file_loaded(filename)
+        rescue Exception => e
+          @events.library_file_load_failed(filename, e)
+          raise
+
         end
       end
 
@@ -325,7 +325,7 @@ class Chef
 
       def count_files_by_segment(segment, root_alias = nil)
         cookbook_collection.inject(0) do |count, cookbook_by_name|
-          count + cookbook_by_name[1].segment_filenames(segment).size + (root_alias ? cookbook_by_name[1].files_for(:root_files).select { |record| record[:name] == root_alias }.size : 0)
+          count + cookbook_by_name[1].segment_filenames(segment).size + (root_alias ? cookbook_by_name[1].files_for(:root_files).count { |record| record[:name] == root_alias } : 0)
         end
       end
 

data/lib/chef/run_status.rb

@@ -25,17 +25,13 @@ class Chef::RunStatus
 
   attr_reader :events
 
-  attr_reader :run_context
-
-  attr_writer :run_context
+  attr_accessor :run_context
 
   attr_reader :start_time
 
   attr_reader :end_time
 
-  attr_reader :exception
-
-  attr_writer :exception
+  attr_accessor :exception
 
   attr_accessor :run_id
 

data/lib/chef/server_api_versions.rb

@@ -51,6 +51,10 @@ class Chef
       @unversioned
     end
 
+    def negotiated?
+      !@versions.nil? || unversioned?
+    end
+
     def reset!
       @versions = nil
       @unversioned = false

data/lib/chef/shell.rb

@@ -339,7 +339,7 @@ module Shell
       config[:config_file] = config_file_for_shell_mode(environment)
       config_msg = config[:config_file] || "none (standalone session)"
       puts "loading configuration: #{config_msg}"
-      Chef::Config.from_file(config[:config_file]) if !config[:config_file].nil? && File.exists?(config[:config_file]) && File.readable?(config[:config_file])
+      Chef::Config.from_file(config[:config_file]) if !config[:config_file].nil? && File.exist?(config[:config_file]) && File.readable?(config[:config_file])
       Chef::Config.merge!(config)
     end
 

data/lib/chef/shell/shell_session.rb

@@ -41,6 +41,7 @@ module Shell
 
     attr_accessor :node, :compile, :recipe, :json_configuration
     attr_reader :node_attributes, :client
+
     def initialize
       @node_built = false
       formatter = Chef::Formatters.new(Chef::Config.formatter, STDOUT, STDERR)
@@ -75,6 +76,7 @@ module Shell
     end
 
     attr_writer :run_context
+
     def run_context
       @run_context ||= rebuild_context
     end

data/lib/chef/util/backup.rb

@@ -87,7 +87,7 @@ class Chef
       end
 
       def sorted_backup_files
-        unsorted_backup_files.sort { |a, b| b <=> a }
+        unsorted_backup_files.sort.reverse # faster than sort { |a, b| b <=> a }
       end
     end
   end