chef 16.3.38-universal-mingw32 → 16.5.64-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (405) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/Rakefile +2 -2
  4. data/bin/knife +1 -1
  5. data/chef-universal-mingw32.gemspec +0 -1
  6. data/chef.gemspec +2 -1
  7. data/distro/templates/powershell/chef/chef.psm1.erb +18 -18
  8. data/ext/win32-eventlog/Rakefile +2 -2
  9. data/ext/win32-eventlog/chef-log.man.erb +4 -4
  10. data/lib/chef/action_collection.rb +4 -0
  11. data/lib/chef/api_client/registration.rb +2 -2
  12. data/lib/chef/application.rb +19 -17
  13. data/lib/chef/application/apply.rb +17 -12
  14. data/lib/chef/application/base.rb +26 -23
  15. data/lib/chef/application/client.rb +10 -4
  16. data/lib/chef/application/exit_code.rb +13 -4
  17. data/lib/chef/application/knife.rb +22 -11
  18. data/lib/chef/application/solo.rb +2 -1
  19. data/lib/chef/application/windows_service.rb +39 -39
  20. data/lib/chef/application/windows_service_manager.rb +6 -6
  21. data/lib/chef/chef_class.rb +0 -1
  22. data/lib/chef/chef_fs/chef_fs_data_store.rb +54 -54
  23. data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
  24. data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
  25. data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
  26. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
  27. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
  28. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
  29. data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
  30. data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
  31. data/lib/chef/chef_fs/knife.rb +2 -2
  32. data/lib/chef/chef_fs/parallelizer.rb +0 -1
  33. data/lib/chef/client.rb +21 -22
  34. data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
  35. data/lib/chef/cookbook/synchronizer.rb +2 -2
  36. data/lib/chef/cookbook_site_streaming_uploader.rb +13 -11
  37. data/lib/chef/cookbook_uploader.rb +1 -1
  38. data/lib/chef/data_collector.rb +6 -5
  39. data/lib/chef/data_collector/config_validation.rb +22 -13
  40. data/lib/chef/data_collector/run_end_message.rb +13 -3
  41. data/lib/chef/data_collector/run_start_message.rb +1 -1
  42. data/lib/chef/deprecated.rb +1 -1
  43. data/lib/chef/deprecation/warnings.rb +2 -2
  44. data/lib/chef/digester.rb +2 -2
  45. data/lib/chef/dsl/chef_vault.rb +1 -1
  46. data/lib/chef/dsl/data_query.rb +2 -2
  47. data/lib/chef/dsl/platform_introspection.rb +9 -9
  48. data/lib/chef/encrypted_data_bag_item.rb +3 -4
  49. data/lib/chef/encrypted_data_bag_item/decryptor.rb +3 -3
  50. data/lib/chef/encrypted_data_bag_item/encryptor.rb +3 -3
  51. data/lib/chef/environment.rb +4 -4
  52. data/lib/chef/event_loggers/windows_eventlog.rb +2 -2
  53. data/lib/chef/exceptions.rb +5 -5
  54. data/lib/chef/file_access_control/windows.rb +5 -1
  55. data/lib/chef/file_content_management/tempfile.rb +9 -9
  56. data/lib/chef/formatters/doc.rb +7 -6
  57. data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +6 -5
  58. data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +3 -3
  59. data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +9 -9
  60. data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +2 -2
  61. data/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +3 -3
  62. data/lib/chef/formatters/minimal.rb +5 -4
  63. data/lib/chef/handler.rb +2 -0
  64. data/lib/chef/http.rb +15 -13
  65. data/lib/chef/http/auth_credentials.rb +5 -1
  66. data/lib/chef/http/authenticator.rb +3 -1
  67. data/lib/chef/http/basic_client.rb +4 -2
  68. data/lib/chef/http/decompressor.rb +1 -1
  69. data/lib/chef/http/http_request.rb +7 -5
  70. data/lib/chef/http/socketless_chef_zero_client.rb +5 -2
  71. data/lib/chef/http/ssl_policies.rb +1 -1
  72. data/lib/chef/json_compat.rb +2 -2
  73. data/lib/chef/knife.rb +4 -4
  74. data/lib/chef/knife/bootstrap.rb +18 -16
  75. data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
  76. data/lib/chef/knife/bootstrap/templates/chef-full.erb +3 -3
  77. data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +7 -7
  78. data/lib/chef/knife/client_create.rb +3 -3
  79. data/lib/chef/knife/config_get.rb +8 -97
  80. data/lib/chef/knife/config_get_profile.rb +9 -9
  81. data/lib/chef/knife/config_list.rb +139 -0
  82. data/lib/chef/knife/config_list_profiles.rb +8 -98
  83. data/lib/chef/knife/config_show.rb +127 -0
  84. data/lib/chef/knife/config_use.rb +61 -0
  85. data/lib/chef/knife/config_use_profile.rb +9 -24
  86. data/lib/chef/knife/configure.rb +4 -2
  87. data/lib/chef/knife/cookbook_download.rb +1 -1
  88. data/lib/chef/knife/cookbook_metadata.rb +1 -1
  89. data/lib/chef/knife/cookbook_upload.rb +23 -23
  90. data/lib/chef/knife/core/bootstrap_context.rb +2 -2
  91. data/lib/chef/knife/core/generic_presenter.rb +1 -1
  92. data/lib/chef/knife/core/hashed_command_loader.rb +2 -2
  93. data/lib/chef/knife/core/object_loader.rb +1 -1
  94. data/lib/chef/knife/core/windows_bootstrap_context.rb +42 -34
  95. data/lib/chef/knife/delete.rb +15 -15
  96. data/lib/chef/knife/exec.rb +4 -4
  97. data/lib/chef/knife/node_show.rb +2 -2
  98. data/lib/chef/knife/serve.rb +3 -3
  99. data/lib/chef/knife/ssh.rb +22 -7
  100. data/lib/chef/knife/ssl_check.rb +3 -3
  101. data/lib/chef/knife/status.rb +2 -2
  102. data/lib/chef/knife/user_create.rb +2 -2
  103. data/lib/chef/knife/xargs.rb +19 -19
  104. data/lib/chef/knife/yaml_convert.rb +1 -1
  105. data/lib/chef/local_mode.rb +2 -2
  106. data/lib/chef/log/syslog.rb +2 -2
  107. data/lib/chef/log/winevt.rb +2 -2
  108. data/lib/chef/mixin/checksum.rb +0 -1
  109. data/lib/chef/mixin/deep_merge.rb +35 -18
  110. data/lib/chef/mixin/openssl_helper.rb +4 -5
  111. data/lib/chef/mixin/shell_out.rb +1 -1
  112. data/lib/chef/mixin/template.rb +2 -2
  113. data/lib/chef/mixin/uris.rb +2 -2
  114. data/lib/chef/mixin/versioned_api.rb +1 -2
  115. data/lib/chef/mixin/which.rb +1 -1
  116. data/lib/chef/monkey_patches/net_http.rb +4 -4
  117. data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
  118. data/lib/chef/node/attribute.rb +2 -4
  119. data/lib/chef/node_map.rb +2 -2
  120. data/lib/chef/platform/service_helpers.rb +1 -1
  121. data/lib/chef/policy_builder/policyfile.rb +2 -2
  122. data/lib/chef/property.rb +1 -1
  123. data/lib/chef/provider.rb +0 -4
  124. data/lib/chef/provider/cron/unix.rb +0 -2
  125. data/lib/chef/provider/file.rb +2 -2
  126. data/lib/chef/provider/git.rb +5 -5
  127. data/lib/chef/provider/group.rb +0 -2
  128. data/lib/chef/provider/group/suse.rb +5 -5
  129. data/lib/chef/provider/ifconfig.rb +1 -4
  130. data/lib/chef/provider/launchd.rb +2 -2
  131. data/lib/chef/provider/mount.rb +0 -2
  132. data/lib/chef/provider/mount/linux.rb +63 -0
  133. data/lib/chef/provider/package.rb +0 -2
  134. data/lib/chef/provider/package/rubygems.rb +22 -19
  135. data/lib/chef/provider/package/snap.rb +1 -2
  136. data/lib/chef/provider/package/windows.rb +2 -2
  137. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +12 -10
  138. data/lib/chef/provider/package/zypper.rb +1 -1
  139. data/lib/chef/provider/powershell_script.rb +21 -5
  140. data/lib/chef/provider/remote_file/content.rb +3 -0
  141. data/lib/chef/provider/remote_file/ftp.rb +6 -4
  142. data/lib/chef/provider/remote_file/sftp.rb +6 -4
  143. data/lib/chef/provider/route.rb +2 -6
  144. data/lib/chef/provider/service/arch.rb +1 -1
  145. data/lib/chef/provider/service/debian.rb +1 -1
  146. data/lib/chef/provider/service/gentoo.rb +2 -2
  147. data/lib/chef/provider/service/macosx.rb +4 -4
  148. data/lib/chef/provider/service/openbsd.rb +1 -4
  149. data/lib/chef/provider/service/redhat.rb +2 -2
  150. data/lib/chef/provider/service/upstart.rb +1 -1
  151. data/lib/chef/provider/service/windows.rb +10 -10
  152. data/lib/chef/provider/systemd_unit.rb +0 -2
  153. data/lib/chef/provider/template/content.rb +1 -0
  154. data/lib/chef/provider/template_finder.rb +2 -10
  155. data/lib/chef/provider/user/dscl.rb +5 -5
  156. data/lib/chef/provider/user/mac.rb +10 -10
  157. data/lib/chef/provider/windows_task.rb +1 -5
  158. data/lib/chef/provider/zypper_repository.rb +2 -3
  159. data/lib/chef/provider_resolver.rb +1 -1
  160. data/lib/chef/providers.rb +1 -1
  161. data/lib/chef/recipe.rb +2 -2
  162. data/lib/chef/resource.rb +7 -11
  163. data/lib/chef/resource/apt_repository.rb +2 -11
  164. data/lib/chef/resource/bff_package.rb +22 -0
  165. data/lib/chef/resource/breakpoint.rb +57 -2
  166. data/lib/chef/resource/build_essential.rb +1 -1
  167. data/lib/chef/resource/cab_package.rb +29 -0
  168. data/lib/chef/resource/chef_client_cron.rb +32 -25
  169. data/lib/chef/resource/chef_client_launchd.rb +194 -0
  170. data/lib/chef/resource/chef_client_scheduled_task.rb +21 -18
  171. data/lib/chef/resource/chef_client_systemd_timer.rb +26 -19
  172. data/lib/chef/resource/chef_client_trusted_certificate.rb +101 -0
  173. data/lib/chef/resource/chef_gem.rb +10 -10
  174. data/lib/chef/resource/chef_handler.rb +148 -4
  175. data/lib/chef/resource/chef_sleep.rb +2 -2
  176. data/lib/chef/resource/chef_vault_secret.rb +14 -14
  177. data/lib/chef/resource/cookbook_file.rb +2 -2
  178. data/lib/chef/resource/cron/cron_d.rb +0 -1
  179. data/lib/chef/resource/dnf_package.rb +2 -2
  180. data/lib/chef/resource/dsc_resource.rb +0 -1
  181. data/lib/chef/resource/dsc_script.rb +2 -2
  182. data/lib/chef/resource/execute.rb +8 -9
  183. data/lib/chef/resource/file.rb +4 -4
  184. data/lib/chef/resource/gem_package.rb +5 -5
  185. data/lib/chef/resource/homebrew_package.rb +3 -3
  186. data/lib/chef/resource/homebrew_update.rb +7 -7
  187. data/lib/chef/resource/hostname.rb +19 -19
  188. data/lib/chef/resource/launchd.rb +2 -1
  189. data/lib/chef/resource/locale.rb +2 -2
  190. data/lib/chef/resource/macos_userdefaults.rb +3 -3
  191. data/lib/chef/resource/notify_group.rb +0 -1
  192. data/lib/chef/resource/ohai.rb +46 -3
  193. data/lib/chef/resource/ohai_hint.rb +33 -0
  194. data/lib/chef/resource/openssl_dhparam.rb +29 -5
  195. data/lib/chef/resource/openssl_ec_private_key.rb +8 -3
  196. data/lib/chef/resource/openssl_ec_public_key.rb +4 -2
  197. data/lib/chef/resource/openssl_rsa_private_key.rb +8 -3
  198. data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
  199. data/lib/chef/resource/openssl_x509_certificate.rb +38 -35
  200. data/lib/chef/resource/openssl_x509_crl.rb +21 -10
  201. data/lib/chef/resource/openssl_x509_request.rb +37 -36
  202. data/lib/chef/resource/osx_profile.rb +292 -6
  203. data/lib/chef/resource/plist.rb +1 -1
  204. data/lib/chef/resource/powershell_package_source.rb +6 -6
  205. data/lib/chef/resource/powershell_script.rb +24 -30
  206. data/lib/chef/resource/reboot.rb +2 -2
  207. data/lib/chef/resource/remote_file.rb +3 -3
  208. data/lib/chef/resource/rhsm_register.rb +22 -10
  209. data/lib/chef/resource/ruby_block.rb +2 -2
  210. data/lib/chef/resource/scm/subversion.rb +2 -2
  211. data/lib/chef/resource/service.rb +3 -3
  212. data/lib/chef/resource/ssh_known_hosts_entry.rb +2 -2
  213. data/lib/chef/resource/sudo.rb +1 -1
  214. data/lib/chef/resource/support/cron.d.erb +1 -1
  215. data/lib/chef/resource/support/cron_access.erb +1 -1
  216. data/lib/chef/resource/support/sudoer.erb +1 -1
  217. data/lib/chef/resource/support/ulimit.erb +1 -1
  218. data/lib/chef/resource/sysctl.rb +6 -10
  219. data/lib/chef/resource/systemd_unit.rb +2 -2
  220. data/lib/chef/resource/template.rb +2 -2
  221. data/lib/chef/resource/timezone.rb +112 -73
  222. data/lib/chef/resource/windows_ad_join.rb +12 -3
  223. data/lib/chef/resource/windows_audit_policy.rb +3 -0
  224. data/lib/chef/resource/windows_auto_run.rb +2 -0
  225. data/lib/chef/resource/windows_certificate.rb +8 -4
  226. data/lib/chef/resource/windows_dfs_folder.rb +2 -0
  227. data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
  228. data/lib/chef/resource/windows_dfs_server.rb +2 -0
  229. data/lib/chef/resource/windows_dns_record.rb +10 -7
  230. data/lib/chef/resource/windows_dns_zone.rb +12 -7
  231. data/lib/chef/resource/windows_feature.rb +2 -0
  232. data/lib/chef/resource/windows_feature_dism.rb +10 -0
  233. data/lib/chef/resource/windows_feature_powershell.rb +14 -2
  234. data/lib/chef/resource/windows_firewall_profile.rb +24 -20
  235. data/lib/chef/resource/windows_firewall_rule.rb +5 -3
  236. data/lib/chef/resource/windows_font.rb +3 -1
  237. data/lib/chef/resource/windows_package.rb +28 -5
  238. data/lib/chef/resource/windows_pagefile.rb +4 -0
  239. data/lib/chef/resource/windows_printer.rb +22 -21
  240. data/lib/chef/resource/windows_printer_port.rb +20 -17
  241. data/lib/chef/resource/windows_security_policy.rb +2 -0
  242. data/lib/chef/resource/windows_share.rb +5 -3
  243. data/lib/chef/resource/windows_shortcut.rb +2 -0
  244. data/lib/chef/resource/windows_uac.rb +2 -0
  245. data/lib/chef/resource/windows_user_privilege.rb +54 -53
  246. data/lib/chef/resource/windows_workgroup.rb +5 -6
  247. data/lib/chef/resource/yum_package.rb +2 -2
  248. data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
  249. data/lib/chef/resources.rb +3 -1
  250. data/lib/chef/role.rb +2 -2
  251. data/lib/chef/run_context.rb +2 -2
  252. data/lib/chef/run_context/cookbook_compiler.rb +21 -21
  253. data/lib/chef/run_lock.rb +2 -2
  254. data/lib/chef/run_status.rb +2 -6
  255. data/lib/chef/search/query.rb +4 -5
  256. data/lib/chef/server_api_versions.rb +4 -0
  257. data/lib/chef/shell.rb +32 -27
  258. data/lib/chef/shell/ext.rb +11 -11
  259. data/lib/chef/shell/shell_session.rb +2 -2
  260. data/lib/chef/train_transport.rb +5 -104
  261. data/lib/chef/util/backup.rb +1 -1
  262. data/lib/chef/util/diff.rb +14 -14
  263. data/lib/chef/util/powershell/cmdlet.rb +4 -2
  264. data/lib/chef/util/powershell/ps_credential.rb +18 -14
  265. data/lib/chef/util/threaded_job_queue.rb +0 -2
  266. data/lib/chef/version.rb +1 -1
  267. data/lib/chef/win32/crypto.rb +1 -1
  268. data/lib/chef/win32/file.rb +2 -2
  269. data/lib/chef/win32/file/version_info.rb +5 -5
  270. data/lib/chef/win32/registry.rb +1 -2
  271. data/spec/data/shef-config.rb +1 -1
  272. data/spec/data/ssl/chef-rspec.cert +15 -15
  273. data/spec/functional/event_loggers/windows_eventlog_spec.rb +6 -5
  274. data/spec/functional/resource/aix_service_spec.rb +2 -2
  275. data/spec/functional/resource/aixinit_service_spec.rb +8 -8
  276. data/spec/functional/resource/bff_spec.rb +2 -2
  277. data/spec/functional/resource/cookbook_file_spec.rb +1 -1
  278. data/spec/functional/resource/dsc_resource_spec.rb +1 -1
  279. data/spec/functional/resource/dsc_script_spec.rb +0 -1
  280. data/spec/functional/resource/group_spec.rb +6 -6
  281. data/spec/functional/resource/insserv_spec.rb +5 -5
  282. data/spec/functional/resource/link_spec.rb +20 -20
  283. data/spec/functional/resource/powershell_script_spec.rb +4 -4
  284. data/spec/functional/resource/rpm_spec.rb +2 -2
  285. data/spec/functional/resource/user/dscl_spec.rb +1 -1
  286. data/spec/functional/resource/user/mac_user_spec.rb +1 -1
  287. data/spec/functional/resource/windows_certificate_spec.rb +3 -3
  288. data/spec/functional/resource/windows_font_spec.rb +49 -0
  289. data/spec/functional/resource/windows_security_policy_spec.rb +0 -3
  290. data/spec/functional/resource/windows_task_spec.rb +13 -13
  291. data/spec/functional/run_lock_spec.rb +24 -24
  292. data/spec/functional/version_spec.rb +3 -3
  293. data/spec/functional/win32/registry_spec.rb +8 -8
  294. data/spec/functional/win32/service_manager_spec.rb +1 -1
  295. data/spec/integration/client/client_spec.rb +4 -4
  296. data/spec/integration/client/exit_code_spec.rb +3 -2
  297. data/spec/integration/client/ipv6_spec.rb +1 -1
  298. data/spec/integration/knife/common_options_spec.rb +12 -12
  299. data/spec/integration/knife/config_list_spec.rb +220 -0
  300. data/spec/integration/knife/config_show_spec.rb +192 -0
  301. data/spec/integration/knife/config_use_spec.rb +198 -0
  302. data/spec/integration/knife/cookbook_api_ipv6_spec.rb +1 -1
  303. data/spec/integration/knife/diff_spec.rb +3 -1
  304. data/spec/integration/knife/download_spec.rb +3 -1
  305. data/spec/integration/knife/serve_spec.rb +5 -5
  306. data/spec/integration/knife/upload_spec.rb +3 -1
  307. data/spec/integration/ohai/ohai_spec.rb +61 -0
  308. data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
  309. data/spec/integration/recipes/remote_directory.rb +1 -1
  310. data/spec/integration/solo/solo_spec.rb +5 -5
  311. data/spec/spec_helper.rb +12 -9
  312. data/spec/stress/win32/file_spec.rb +1 -1
  313. data/spec/support/chef_helpers.rb +2 -2
  314. data/spec/support/matchers/leak.rb +2 -2
  315. data/spec/support/platform_helpers.rb +17 -35
  316. data/spec/support/platforms/win32/spec_service.rb +1 -1
  317. data/spec/support/shared/functional/directory_resource.rb +1 -1
  318. data/spec/support/shared/functional/execute_resource.rb +1 -1
  319. data/spec/support/shared/functional/file_resource.rb +20 -20
  320. data/spec/support/shared/functional/securable_resource.rb +108 -27
  321. data/spec/support/shared/functional/win32_service.rb +2 -2
  322. data/spec/support/shared/functional/windows_script.rb +3 -3
  323. data/spec/support/shared/integration/integration_helper.rb +22 -52
  324. data/spec/support/shared/unit/application_dot_d.rb +5 -3
  325. data/spec/support/shared/unit/script_resource.rb +6 -20
  326. data/spec/support/shared/unit/windows_script_resource.rb +15 -28
  327. data/spec/tiny_server.rb +0 -1
  328. data/spec/unit/application/client_spec.rb +2 -2
  329. data/spec/unit/application/exit_code_spec.rb +10 -0
  330. data/spec/unit/application_spec.rb +4 -6
  331. data/spec/unit/chef_fs/parallelizer_spec.rb +5 -1
  332. data/spec/unit/chef_fs/path_util_spec.rb +1 -1
  333. data/spec/unit/cookbook/synchronizer_spec.rb +2 -2
  334. data/spec/unit/cookbook_spec.rb +2 -2
  335. data/spec/unit/data_collector/config_validation_spec.rb +208 -0
  336. data/spec/unit/data_collector_spec.rb +28 -113
  337. data/spec/unit/dsl/declare_resource_spec.rb +1 -1
  338. data/spec/unit/environment_spec.rb +7 -7
  339. data/spec/unit/file_access_control_spec.rb +1 -1
  340. data/spec/unit/http/api_versions_spec.rb +19 -1
  341. data/spec/unit/knife/bootstrap_spec.rb +20 -20
  342. data/spec/unit/knife/cookbook_download_spec.rb +4 -4
  343. data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
  344. data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
  345. data/spec/unit/knife/core/ui_spec.rb +1 -0
  346. data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +21 -12
  347. data/spec/unit/knife/ssh_spec.rb +2 -2
  348. data/spec/unit/knife/supermarket_share_spec.rb +1 -1
  349. data/spec/unit/lwrp_spec.rb +3 -3
  350. data/spec/unit/mixin/deep_merge_spec.rb +15 -0
  351. data/spec/unit/mixin/openssl_helper_spec.rb +1 -1
  352. data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
  353. data/spec/unit/mixin/securable_spec.rb +2 -2
  354. data/spec/unit/mixin/template_spec.rb +30 -30
  355. data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
  356. data/spec/unit/node/immutable_collections_spec.rb +8 -4
  357. data/spec/unit/node_spec.rb +5 -5
  358. data/spec/unit/provider/mount/linux_spec.rb +97 -0
  359. data/spec/unit/provider/package/chocolatey_spec.rb +1 -1
  360. data/spec/unit/provider/package/powershell_spec.rb +1 -1
  361. data/spec/unit/provider/package/rubygems_spec.rb +4 -1
  362. data/spec/unit/provider/powershell_script_spec.rb +11 -4
  363. data/spec/unit/provider/remote_directory_spec.rb +9 -9
  364. data/spec/unit/provider/route_spec.rb +0 -2
  365. data/spec/unit/provider/service/arch_service_spec.rb +3 -2
  366. data/spec/unit/provider/service/debian_service_spec.rb +1 -1
  367. data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
  368. data/spec/unit/provider/service/macosx_spec.rb +3 -3
  369. data/spec/unit/provider/service/redhat_spec.rb +2 -2
  370. data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
  371. data/spec/unit/provider_resolver_spec.rb +6 -6
  372. data/spec/unit/recipe_spec.rb +1 -1
  373. data/spec/unit/resource/batch_spec.rb +6 -6
  374. data/spec/unit/resource/chef_client_cron_spec.rb +35 -14
  375. data/spec/unit/resource/chef_client_launchd_spec.rb +127 -0
  376. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +36 -1
  377. data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +54 -0
  378. data/spec/unit/resource/execute_spec.rb +113 -118
  379. data/spec/unit/resource/launchd_spec.rb +8 -0
  380. data/spec/unit/resource/osx_profile_spec.rb +299 -0
  381. data/spec/unit/resource/powershell_script_spec.rb +11 -29
  382. data/spec/unit/resource/rhsm_register_spec.rb +56 -18
  383. data/spec/unit/resource/script_spec.rb +6 -1
  384. data/spec/unit/resource/timezone_spec.rb +63 -0
  385. data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
  386. data/spec/unit/resource/windows_uac_spec.rb +1 -1
  387. data/spec/unit/resource/windows_user_privilege_spec.rb +55 -0
  388. data/spec/unit/role_spec.rb +11 -11
  389. data/spec/unit/run_lock_spec.rb +5 -1
  390. data/spec/unit/runner_spec.rb +1 -2
  391. data/spec/unit/server_api_spec.rb +43 -16
  392. data/spec/unit/shell/shell_ext_spec.rb +46 -3
  393. data/spec/unit/shell/shell_session_spec.rb +35 -64
  394. data/spec/unit/shell_spec.rb +16 -19
  395. data/spec/unit/train_transport_spec.rb +14 -13
  396. data/spec/unit/util/selinux_spec.rb +2 -0
  397. data/tasks/rspec.rb +1 -3
  398. metadata +42 -33
  399. data/lib/chef/dist.rb +0 -68
  400. data/lib/chef/provider/osx_profile.rb +0 -255
  401. data/spec/integration/knife/config_get_profile_spec.rb +0 -113
  402. data/spec/integration/knife/config_get_spec.rb +0 -191
  403. data/spec/integration/knife/config_list_profiles_spec.rb +0 -218
  404. data/spec/integration/knife/config_use_profile_spec.rb +0 -154
  405. data/spec/unit/provider/osx_profile_spec.rb +0 -255
@@ -23,6 +23,8 @@ class Chef
23
23
  require_relative "../mixin/openssl_helper"
24
24
  include Chef::Mixin::OpenSSLHelper
25
25
 
26
+ unified_mode true
27
+
26
28
  provides(:openssl_rsa_public_key) { true }
27
29
 
28
30
  examples <<~DOC
@@ -24,6 +24,8 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_certificate
28
30
  provides(:openssl_x509) { true } # legacy cookbook name.
29
31
 
@@ -84,32 +86,32 @@ class Chef
84
86
  description: "The permission mode applied to all files created by the resource."
85
87
 
86
88
  property :country, String,
87
- description: "Value for the C certificate field."
89
+ description: "Value for the `C` certificate field."
88
90
 
89
91
  property :state, String,
90
- description: "Value for the ST certificate field."
92
+ description: "Value for the `ST` certificate field."
91
93
 
92
94
  property :city, String,
93
- description: "Value for the L certificate field."
95
+ description: "Value for the `L` certificate field."
94
96
 
95
97
  property :org, String,
96
- description: "Value for the O certificate field."
98
+ description: "Value for the `O` certificate field."
97
99
 
98
100
  property :org_unit, String,
99
- description: "Value for the OU certificate field."
101
+ description: "Value for the `OU` certificate field."
100
102
 
101
103
  property :common_name, String,
102
- description: "Value for the CN certificate field."
104
+ description: "Value for the `CN` certificate field."
103
105
 
104
106
  property :email, String,
105
- description: "Value for the email certificate field."
107
+ description: "Value for the `email` certificate field."
106
108
 
107
109
  property :extensions, Hash,
108
- description: "Hash of X509 Extensions entries, in format { 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }.",
110
+ description: "Hash of X509 Extensions entries, in format `{ 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }`.",
109
111
  default: lazy { {} }
110
112
 
111
113
  property :subject_alt_name, Array,
112
- description: "Array of Subject Alternative Name entries, in format DNS:example.com or IP:1.2.3.4.",
114
+ description: "Array of Subject Alternative Name entries, in format `DNS:example.com` or `IP:1.2.3.4`.",
113
115
  default: lazy { [] }
114
116
 
115
117
  property :key_file, String,
@@ -120,7 +122,7 @@ class Chef
120
122
 
121
123
  property :key_type, String,
122
124
  equal_to: %w{rsa ec},
123
- description: "The desired type of the generated key (rsa or ec).",
125
+ description: "The desired type of the generated key.",
124
126
  default: "rsa"
125
127
 
126
128
  property :key_length, Integer,
@@ -129,18 +131,18 @@ class Chef
129
131
  default: 2048
130
132
 
131
133
  property :key_curve, String,
132
- description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run openssl ecparam -list_curves to see available options.",
134
+ description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run `openssl ecparam -list_curves` to see available options.",
133
135
  equal_to: %w{secp384r1 secp521r1 prime256v1},
134
136
  default: "prime256v1"
135
137
 
136
138
  property :csr_file, String,
137
- description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the csr_file property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
139
+ description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the `csr_file` property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
138
140
 
139
141
  property :ca_cert_file, String,
140
- description: "The path to the CA X509 Certificate on the filesystem. If the ca_cert_file property is specified, the ca_key_file property must also be specified, the certificate will be signed with them."
142
+ description: "The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the certificate will be signed with them."
141
143
 
142
144
  property :ca_key_file, String,
143
- description: "The path to the CA private key on the filesystem. If the ca_key_file property is specified, the 'ca_cert_file' property must also be specified, the certificate will be signed with them."
145
+ description: "The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file` property must also be specified, the certificate will be signed with them."
144
146
 
145
147
  property :ca_key_pass, String,
146
148
  description: "The passphrase for CA private key's passphrase."
@@ -161,7 +163,7 @@ class Chef
161
163
  content cert.to_pem
162
164
  end
163
165
 
164
- if !new_resource.renew_before_expiry.nil? && cert_need_renewall?(new_resource.path, new_resource.renew_before_expiry)
166
+ if !new_resource.renew_before_expiry.nil? && cert_need_renewal?(new_resource.path, new_resource.renew_before_expiry)
165
167
  file new_resource.path do
166
168
  action :create
167
169
  owner new_resource.owner unless new_resource.owner.nil?
@@ -173,7 +175,7 @@ class Chef
173
175
  end
174
176
 
175
177
  if new_resource.csr_file.nil?
176
- file new_resource.key_file do
178
+ file key_file do
177
179
  action :create_if_missing
178
180
  owner new_resource.owner unless new_resource.owner.nil?
179
181
  group new_resource.group unless new_resource.group.nil?
@@ -185,24 +187,25 @@ class Chef
185
187
  end
186
188
 
187
189
  action_class do
188
- def generate_key_file
189
- unless new_resource.key_file
190
- path, file = ::File.split(new_resource.path)
191
- filename = ::File.basename(file, ::File.extname(file))
192
- new_resource.key_file path + "/" + filename + ".key"
193
- end
194
- new_resource.key_file
190
+ def key_file
191
+ @key_file ||=
192
+ if new_resource.key_file
193
+ new_resource.key_file
194
+ else
195
+ path, file = ::File.split(new_resource.path)
196
+ filename = ::File.basename(file, ::File.extname(file))
197
+ path + "/" + filename + ".key"
198
+ end
195
199
  end
196
200
 
197
201
  def key
198
- @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
199
- OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
202
+ @key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
203
+ OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
200
204
  elsif new_resource.key_type == "rsa"
201
205
  gen_rsa_priv_key(new_resource.key_length)
202
206
  else
203
207
  gen_ec_priv_key(new_resource.key_curve)
204
208
  end
205
- @key
206
209
  end
207
210
 
208
211
  def request
@@ -214,15 +217,15 @@ class Chef
214
217
  end
215
218
 
216
219
  def subject
217
- subject = OpenSSL::X509::Name.new
218
- subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
219
- subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
220
- subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
221
- subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
222
- subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
223
- subject.add_entry("CN", new_resource.common_name)
224
- subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
225
- subject
220
+ OpenSSL::X509::Name.new.tap do |csr_subject|
221
+ csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
222
+ csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
223
+ csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
224
+ csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
225
+ csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
226
+ csr_subject.add_entry("CN", new_resource.common_name)
227
+ csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
228
+ end
226
229
  end
227
230
 
228
231
  def ca_private_key
@@ -24,20 +24,31 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_crl
28
30
 
29
31
  description "Use the **openssl_x509_crl** resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
30
32
  introduced "14.4"
31
33
  examples <<~DOC
32
- Generate a CRL file given a cert file and key file
34
+ **Create a certificate revocation file**
33
35
 
34
- ```ruby
35
- openssl_x509_crl '/etc/ssl_files/my_ca2.crl' do
36
- ca_cert_file '/etc/ssl_files/my_ca2.crt'
37
- ca_key_file '/etc/ssl_files/my_ca2.key'
38
- expire 1
39
- end
40
- ```
36
+ ```ruby
37
+ openssl_x509_crl '/etc/ssl_test/my_ca.crl' do
38
+ ca_cert_file '/etc/ssl_test/my_ca.crt'
39
+ ca_key_file '/etc/ssl_test/my_ca.key'
40
+ end
41
+ ```
42
+
43
+ **Create a certificate revocation file for a particular serial**
44
+
45
+ ```ruby
46
+ openssl_x509_crl '/etc/ssl_test/my_ca.crl' do
47
+ ca_cert_file '/etc/ssl_test/my_ca.crt'
48
+ ca_key_file '/etc/ssl_test/my_ca.key'
49
+ serial_to_revoke C7BCB6602A2E4251EF4E2827A228CB52BC0CEA2F
50
+ end
51
+ ```
41
52
  DOC
42
53
 
43
54
  property :path, String,
@@ -60,11 +71,11 @@ class Chef
60
71
  default: 1
61
72
 
62
73
  property :ca_cert_file, String,
63
- description: "The path to the CA X509 Certificate on the filesystem. If the ca_cert_file property is specified, the ca_key_file property must also be specified, the CRL will be signed with them.",
74
+ description: "The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the CRL will be signed with them.",
64
75
  required: true
65
76
 
66
77
  property :ca_key_file, String,
67
- description: "The path to the CA private key on the filesystem. If the ca_key_file property is specified, the ca_cert_file property must also be specified, the CRL will be signed with them.",
78
+ description: "The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file` property must also be specified, the CRL will be signed with them.",
68
79
  required: true
69
80
 
70
81
  property :ca_key_pass, String,
@@ -24,12 +24,14 @@ class Chef
24
24
  require_relative "../mixin/openssl_helper"
25
25
  include Chef::Mixin::OpenSSLHelper
26
26
 
27
+ unified_mode true
28
+
27
29
  provides :openssl_x509_request
28
30
 
29
31
  description "Use the **openssl_x509_request** resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate."
30
32
  introduced "14.4"
31
33
  examples <<~DOC
32
- Generate new ec key and csr file
34
+ **Generate new EC key and CSR file**
33
35
 
34
36
  ```ruby
35
37
  openssl_x509_request '/etc/ssl_files/my_ec_request.csr' do
@@ -40,7 +42,7 @@ class Chef
40
42
  end
41
43
  ```
42
44
 
43
- Generate a new csr file from an existing ec key
45
+ **Generate a new CSR file from an existing EC key**
44
46
 
45
47
  ```ruby
46
48
  openssl_x509_request '/etc/ssl_files/my_ec_request2.csr' do
@@ -52,7 +54,7 @@ class Chef
52
54
  end
53
55
  ```
54
56
 
55
- Generate new rsa key and csr file
57
+ **Generate new RSA key and CSR file**
56
58
 
57
59
  ```ruby
58
60
  openssl_x509_request '/etc/ssl_files/my_rsa_request.csr' do
@@ -78,46 +80,44 @@ class Chef
78
80
  description: "The permission mode applied to all files created by the resource."
79
81
 
80
82
  property :country, String,
81
- description: "Value for the C certificate field."
83
+ description: "Value for the `C` certificate field."
82
84
 
83
85
  property :state, String,
84
- description: "Value for the ST certificate field."
86
+ description: "Value for the `ST` certificate field."
85
87
 
86
88
  property :city, String,
87
- description: "Value for the L certificate field."
89
+ description: "Value for the `L` certificate field."
88
90
 
89
91
  property :org, String,
90
- description: "Value for the O certificate field."
92
+ description: "Value for the `O` certificate field."
91
93
 
92
94
  property :org_unit, String,
93
- description: "Value for the OU certificate field."
95
+ description: "Value for the `OU` certificate field."
94
96
 
95
97
  property :common_name, String,
96
98
  required: true,
97
- description: "Value for the CN certificate field."
99
+ description: "Value for the `CN` certificate field."
98
100
 
99
101
  property :email, String,
100
- description: "Value for the email certificate field."
102
+ description: "Value for the `email` certificate field."
101
103
 
102
104
  property :key_file, String,
103
- description: "The path to a certificate key file on the filesystem. If the key_file property is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the key_file property is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate."
105
+ description: "The path to a certificate key file on the filesystem. If the `key_file` property is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the `key_file` property is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate."
104
106
 
105
107
  property :key_pass, String,
106
108
  description: "The passphrase for an existing key's passphrase."
107
109
 
108
110
  property :key_type, String,
109
111
  equal_to: %w{rsa ec}, default: "ec",
110
- description: "The desired type of the generated key (rsa or ec)."
112
+ description: "The desired type of the generated key."
111
113
 
112
114
  property :key_length, Integer,
113
115
  equal_to: [1024, 2048, 4096, 8192], default: 2048,
114
- description: "The desired bit length of the generated key (if key_type is equal to 'rsa')."
116
+ description: "The desired bit length of the generated key (if key_type is equal to `rsa`)."
115
117
 
116
118
  property :key_curve, String,
117
119
  equal_to: %w{secp384r1 secp521r1 prime256v1}, default: "prime256v1",
118
- description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run openssl ecparam -list_curves to see available options."
119
-
120
- default_action :create
120
+ description: "The desired curve of the generated key (if key_type is equal to `ec`). Run `openssl ecparam -list_curves` to see available options."
121
121
 
122
122
  action :create do
123
123
  description "Generate a certificate request."
@@ -132,7 +132,7 @@ class Chef
132
132
  action :create
133
133
  end
134
134
 
135
- file new_resource.key_file do
135
+ file key_file do
136
136
  owner new_resource.owner unless new_resource.owner.nil?
137
137
  group new_resource.group unless new_resource.group.nil?
138
138
  mode new_resource.mode unless new_resource.mode.nil?
@@ -145,36 +145,37 @@ class Chef
145
145
  end
146
146
 
147
147
  action_class do
148
- def generate_key_file
149
- unless new_resource.key_file
150
- path, file = ::File.split(new_resource.path)
151
- filename = ::File.basename(file, ::File.extname(file))
152
- new_resource.key_file path + "/" + filename + ".key"
153
- end
154
- new_resource.key_file
148
+ def key_file
149
+ @key_file ||=
150
+ if new_resource.key_file
151
+ new_resource.key_file
152
+ else
153
+ path, file = ::File.split(new_resource.path)
154
+ filename = ::File.basename(file, ::File.extname(file))
155
+ path + "/" + filename + ".key"
156
+ end
155
157
  end
156
158
 
157
159
  def key
158
- @key ||= if priv_key_file_valid?(generate_key_file, new_resource.key_pass)
159
- OpenSSL::PKey.read ::File.read(generate_key_file), new_resource.key_pass
160
+ @key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
161
+ OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
160
162
  elsif new_resource.key_type == "rsa"
161
163
  gen_rsa_priv_key(new_resource.key_length)
162
164
  else
163
165
  gen_ec_priv_key(new_resource.key_curve)
164
166
  end
165
- @key
166
167
  end
167
168
 
168
169
  def subject
169
- csr_subject = OpenSSL::X509::Name.new
170
- csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
171
- csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
172
- csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
173
- csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
174
- csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
175
- csr_subject.add_entry("CN", new_resource.common_name)
176
- csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
177
- csr_subject
170
+ OpenSSL::X509::Name.new.tap do |csr_subject|
171
+ csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
172
+ csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
173
+ csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
174
+ csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
175
+ csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
176
+ csr_subject.add_entry("CN", new_resource.common_name)
177
+ csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
178
+ end
178
179
  end
179
180
 
180
181
  def csr
@@ -17,6 +17,10 @@
17
17
  #
18
18
 
19
19
  require_relative "../resource"
20
+ require_relative "../log"
21
+ require_relative "../resource/file"
22
+ autoload :UUIDTools, "uuidtools"
23
+ autoload :Plist, "plist"
20
24
 
21
25
  class Chef
22
26
  class Resource
@@ -26,11 +30,72 @@ class Chef
26
30
  provides :osx_profile
27
31
  provides :osx_config_profile
28
32
 
29
- description "Use the **osx_profile** resource to manage configuration profiles (.mobileconfig files) on the macOS platform. The osx_profile resource installs profiles by using the uuidgen library to generate a unique ProfileUUID, and then using the profiles command to install the profile on the system."
33
+ description "Use the **osx_profile** resource to manage configuration profiles (`.mobileconfig` files) on the macOS platform. The **osx_profile** resource installs profiles by using the uuidgen library to generate a unique `ProfileUUID`, and then using the `profiles` command to install the profile on the system."
30
34
  introduced "12.7"
35
+ examples <<~DOC
36
+ **Install a profile from a cookbook file**
31
37
 
32
- default_action :install
33
- allowed_actions :install, :remove
38
+ ```ruby
39
+ osx_profile 'com.company.screensaver.mobileconfig'
40
+ ```
41
+
42
+ **Install profile from a hash**
43
+
44
+ ```ruby
45
+ profile_hash = {
46
+ 'PayloadIdentifier' => 'com.company.screensaver',
47
+ 'PayloadRemovalDisallowed' => false,
48
+ 'PayloadScope' => 'System',
49
+ 'PayloadType' => 'Configuration',
50
+ 'PayloadUUID' => '1781fbec-3325-565f-9022-8aa28135c3cc',
51
+ 'PayloadOrganization' => 'Chef',
52
+ 'PayloadVersion' => 1,
53
+ 'PayloadDisplayName' => 'Screensaver Settings',
54
+ 'PayloadContent'=> [
55
+ {
56
+ 'PayloadType' => 'com.apple.ManagedClient.preferences',
57
+ 'PayloadVersion' => 1,
58
+ 'PayloadIdentifier' => 'com.company.screensaver',
59
+ 'PayloadUUID' => '73fc30e0-1e57-0131-c32d-000c2944c108',
60
+ 'PayloadEnabled' => true,
61
+ 'PayloadDisplayName' => 'com.apple.screensaver',
62
+ 'PayloadContent' => {
63
+ 'com.apple.screensaver' => {
64
+ 'Forced' => [
65
+ {
66
+ 'mcx_preference_settings' => {
67
+ 'idleTime' => 0,
68
+ }
69
+ }
70
+ ]
71
+ }
72
+ }
73
+ }
74
+ ]
75
+ }
76
+
77
+ osx_profile 'Install screensaver profile' do
78
+ profile profile_hash
79
+ end
80
+ ```
81
+
82
+ **Remove profile using identifier in resource name**
83
+
84
+ ```ruby
85
+ osx_profile 'com.company.screensaver' do
86
+ action :remove
87
+ end
88
+ ```
89
+
90
+ **Remove profile by identifier and user friendly resource name**
91
+
92
+ ```ruby
93
+ osx_profile 'Remove screensaver profile' do
94
+ identifier 'com.company.screensaver'
95
+ action :remove
96
+ end
97
+ ```
98
+ DOC
34
99
 
35
100
  property :profile_name, String,
36
101
  description: "Use to specify the name of the profile, if different from the name of the resource block.",
@@ -40,10 +105,231 @@ class Chef
40
105
  description: "Use to specify a profile. This may be the name of a profile contained in a cookbook or a Hash that contains the contents of the profile."
41
106
 
42
107
  property :identifier, String,
43
- description: "Use to specify the identifier for the profile, such as com.company.screensaver."
108
+ description: "Use to specify the identifier for the profile, such as `com.company.screensaver`."
109
+
110
+ # this is not a property it is necessary for the tempfile this resource uses to work (FIXME: this is terrible)
111
+ #
112
+ # @api private
113
+ #
114
+ def path(path = nil)
115
+ @path ||= path
116
+ @path
117
+ end
118
+
119
+ action_class do
120
+ def load_current_resource
121
+ @current_resource = Chef::Resource::OsxProfile.new(new_resource.name)
122
+ current_resource.profile_name(new_resource.profile_name)
123
+
124
+ if new_profile_hash
125
+ new_profile_hash["PayloadUUID"] = config_uuid(new_profile_hash)
126
+ end
127
+
128
+ current_resource.profile(current_profile)
129
+ end
130
+
131
+ def current_profile
132
+ all_profiles = get_installed_profiles
133
+
134
+ if all_profiles && all_profiles.key?("_computerlevel")
135
+ return all_profiles["_computerlevel"].find do |item|
136
+ item["ProfileIdentifier"] == new_profile_identifier
137
+ end
138
+ end
139
+ nil
140
+ end
141
+
142
+ def invalid_profile_name?(name_or_identifier)
143
+ name_or_identifier.end_with?(".mobileconfig") || !/^\w+(?:(\.| )\w+)+$/.match(name_or_identifier)
144
+ end
145
+
146
+ def check_resource_semantics!
147
+ if action == :remove
148
+ if new_profile_identifier
149
+ if invalid_profile_name?(new_profile_identifier)
150
+ raise "when removing using the identifier property, it must match the profile identifier"
151
+ end
152
+ else
153
+ if invalid_profile_name?(new_resource.profile_name)
154
+ raise "When removing by resource name, it must match the profile identifier"
155
+ end
156
+ end
157
+ end
158
+
159
+ if action == :install
160
+ # we only do this check for the install action so that profiles can still be removed on macOS 11+
161
+ if mac? && node["platform_version"] =~ ">= 11.0"
162
+ raise "The osx_profile resource is not available on macOS Big Sur or above due to Apple's removal of support for CLI profile installation"
163
+ end
164
+
165
+ if new_profile_hash.is_a?(Hash) && !new_profile_hash.include?("PayloadIdentifier")
166
+ raise "The specified profile does not seem to be valid"
167
+ end
168
+ if new_profile_hash.is_a?(String) && !new_profile_hash.end_with?(".mobileconfig")
169
+ raise "#{new_profile_hash}' is not a valid profile"
170
+ end
171
+ end
172
+ end
173
+ end
174
+
175
+ action :install do
176
+ unless profile_installed?
177
+ converge_by("install profile #{new_profile_identifier}") do
178
+ profile_path = write_profile_to_disk
179
+ install_profile(profile_path)
180
+ get_installed_profiles(true)
181
+ end
182
+ end
183
+ end
184
+
185
+ action :remove do
186
+ # Clean up profile after removing it
187
+ if profile_installed?
188
+ converge_by("remove profile #{new_profile_identifier}") do
189
+ remove_profile
190
+ get_installed_profiles(true)
191
+ end
192
+ end
193
+ end
194
+
195
+ action_class do
196
+ private
197
+
198
+ def profile
199
+ @profile ||= new_resource.profile || new_resource.profile_name
200
+ end
201
+
202
+ def new_profile_hash
203
+ @new_profile_hash ||= get_profile_hash(profile)
204
+ end
205
+
206
+ def new_profile_identifier
207
+ @new_profile_identifier ||= if new_profile_hash
208
+ new_profile_hash["PayloadIdentifier"]
209
+ else
210
+ new_resource.identifier || new_resource.profile_name
211
+ end
212
+ end
213
+
214
+ def load_profile_hash(new_profile)
215
+ # file must exist in cookbook
216
+ return nil unless new_profile.end_with?(".mobileconfig")
217
+
218
+ unless cookbook_file_available?(new_profile)
219
+ raise Chef::Exceptions::FileNotFound, "#{self}: '#{new_profile}' not found in cookbook"
220
+ end
221
+
222
+ cookbook_profile = cache_cookbook_profile(new_profile)
223
+ ::Plist.parse_xml(cookbook_profile)
224
+ end
225
+
226
+ def cookbook_file_available?(cookbook_file)
227
+ run_context.has_cookbook_file_in_cookbook?(
228
+ new_resource.cookbook_name, cookbook_file
229
+ )
230
+ end
231
+
232
+ def get_cache_dir
233
+ Chef::FileCache.create_cache_path(
234
+ "profiles/#{new_resource.cookbook_name}"
235
+ )
236
+ end
237
+
238
+ def cache_cookbook_profile(cookbook_file)
239
+ Chef::FileCache.create_cache_path(
240
+ ::File.join(
241
+ "profiles",
242
+ new_resource.cookbook_name,
243
+ ::File.dirname(cookbook_file)
244
+ )
245
+ )
246
+
247
+ path = ::File.join( get_cache_dir, "#{cookbook_file}.remote")
248
+
249
+ cookbook_file path do
250
+ cookbook_name = new_resource.cookbook_name
251
+ source(cookbook_file)
252
+ backup(false)
253
+ run_action(:create)
254
+ end
255
+
256
+ path
257
+ end
258
+
259
+ def get_profile_hash(new_profile)
260
+ if new_profile.is_a?(Hash)
261
+ new_profile
262
+ elsif new_profile.is_a?(String)
263
+ load_profile_hash(new_profile)
264
+ end
265
+ end
266
+
267
+ def config_uuid(profile)
268
+ # Make a UUID of the profile contents and return as string
269
+ UUIDTools::UUID.sha1_create(
270
+ UUIDTools::UUID_DNS_NAMESPACE,
271
+ profile.to_s
272
+ ).to_s
273
+ end
274
+
275
+ def write_profile_to_disk
276
+ # FIXME: this is kind of terrible, the resource needs a tempfile to use and
277
+ # wants it created similarly to the file providers (with all the magic necessary
278
+ # for determining if it should go in the cwd or into a tmpdir), but it abuses
279
+ # the Chef::FileContentManagement::Tempfile API to do that, which requires setting
280
+ # a `path` method on the resource because of tight-coupling to the file provider
281
+ # pattern. We don't just want to use a file here because the point is to get
282
+ # at the tempfile pattern from the file provider, but to feed that into a shell
283
+ # command rather than deploying the file to somewhere on disk. There's some
284
+ # better API that needs extracting here.
285
+ new_resource.path(Chef::FileCache.create_cache_path("profiles"))
286
+ tempfile = Chef::FileContentManagement::Tempfile.new(new_resource).tempfile
287
+ tempfile.write(new_profile_hash.to_plist)
288
+ tempfile.close
289
+ tempfile.path
290
+ end
291
+
292
+ def install_profile(profile_path)
293
+ cmd = [ "/usr/bin/profiles", "-I", "-F", profile_path ]
294
+ logger.trace("cmd: #{cmd.join(" ")}")
295
+ shell_out!(*cmd)
296
+ end
297
+
298
+ def remove_profile
299
+ cmd = [ "/usr/bin/profiles", "-R", "-p", new_profile_identifier ]
300
+ logger.trace("cmd: #{cmd.join(" ")}")
301
+ shell_out!(*cmd)
302
+ end
303
+
304
+ #
305
+ # FIXME FIXME FIXME
306
+ # The node object should not be used for caching state like this and this is not a public API and may break.
307
+ # FIXME FIXME FIXME
308
+ #
309
+
310
+ def get_installed_profiles(update = nil)
311
+ logger.trace("Saving profile data to node.run_state")
312
+ if update
313
+ node.run_state[:config_profiles] = query_installed_profiles
314
+ else
315
+ node.run_state[:config_profiles] ||= query_installed_profiles
316
+ end
317
+ end
318
+
319
+ def query_installed_profiles
320
+ logger.trace("Running /usr/bin/profiles -P -o stdout-xml to determine profile state")
321
+ so = shell_out( "/usr/bin/profiles", "-P", "-o", "stdout-xml" )
322
+ ::Plist.parse_xml(so.stdout)
323
+ end
324
+
325
+ def profile_installed?
326
+ # Profile Identifier and UUID must match a currently installed profile
327
+ return false if current_resource.profile.nil? || current_resource.profile.empty?
328
+ return true if action == :remove
44
329
 
45
- property :path, String,
46
- description: "The path to write the profile to disk before loading it."
330
+ current_resource.profile["ProfileUUID"] == new_profile_hash["PayloadUUID"]
331
+ end
332
+ end
47
333
  end
48
334
  end
49
335
  end