chef 16.3.38-universal-mingw32 → 16.5.64-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/Rakefile +2 -2
- data/bin/knife +1 -1
- data/chef-universal-mingw32.gemspec +0 -1
- data/chef.gemspec +2 -1
- data/distro/templates/powershell/chef/chef.psm1.erb +18 -18
- data/ext/win32-eventlog/Rakefile +2 -2
- data/ext/win32-eventlog/chef-log.man.erb +4 -4
- data/lib/chef/action_collection.rb +4 -0
- data/lib/chef/api_client/registration.rb +2 -2
- data/lib/chef/application.rb +19 -17
- data/lib/chef/application/apply.rb +17 -12
- data/lib/chef/application/base.rb +26 -23
- data/lib/chef/application/client.rb +10 -4
- data/lib/chef/application/exit_code.rb +13 -4
- data/lib/chef/application/knife.rb +22 -11
- data/lib/chef/application/solo.rb +2 -1
- data/lib/chef/application/windows_service.rb +39 -39
- data/lib/chef/application/windows_service_manager.rb +6 -6
- data/lib/chef/chef_class.rb +0 -1
- data/lib/chef/chef_fs/chef_fs_data_store.rb +54 -54
- data/lib/chef/chef_fs/file_system/chef_server/acl_entry.rb +10 -10
- data/lib/chef/chef_fs/file_system/chef_server/organization_invites_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/chef_server/organization_members_entry.rb +8 -8
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_dir.rb +2 -2
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb +18 -18
- data/lib/chef/chef_fs/file_system/repository/directory.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/file_system_entry.rb +1 -1
- data/lib/chef/chef_fs/knife.rb +2 -2
- data/lib/chef/chef_fs/parallelizer.rb +0 -1
- data/lib/chef/client.rb +21 -22
- data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
- data/lib/chef/cookbook/synchronizer.rb +2 -2
- data/lib/chef/cookbook_site_streaming_uploader.rb +13 -11
- data/lib/chef/cookbook_uploader.rb +1 -1
- data/lib/chef/data_collector.rb +6 -5
- data/lib/chef/data_collector/config_validation.rb +22 -13
- data/lib/chef/data_collector/run_end_message.rb +13 -3
- data/lib/chef/data_collector/run_start_message.rb +1 -1
- data/lib/chef/deprecated.rb +1 -1
- data/lib/chef/deprecation/warnings.rb +2 -2
- data/lib/chef/digester.rb +2 -2
- data/lib/chef/dsl/chef_vault.rb +1 -1
- data/lib/chef/dsl/data_query.rb +2 -2
- data/lib/chef/dsl/platform_introspection.rb +9 -9
- data/lib/chef/encrypted_data_bag_item.rb +3 -4
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +3 -3
- data/lib/chef/encrypted_data_bag_item/encryptor.rb +3 -3
- data/lib/chef/environment.rb +4 -4
- data/lib/chef/event_loggers/windows_eventlog.rb +2 -2
- data/lib/chef/exceptions.rb +5 -5
- data/lib/chef/file_access_control/windows.rb +5 -1
- data/lib/chef/file_content_management/tempfile.rb +9 -9
- data/lib/chef/formatters/doc.rb +7 -6
- data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +6 -5
- data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +3 -3
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +9 -9
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +2 -2
- data/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +3 -3
- data/lib/chef/formatters/minimal.rb +5 -4
- data/lib/chef/handler.rb +2 -0
- data/lib/chef/http.rb +15 -13
- data/lib/chef/http/auth_credentials.rb +5 -1
- data/lib/chef/http/authenticator.rb +3 -1
- data/lib/chef/http/basic_client.rb +4 -2
- data/lib/chef/http/decompressor.rb +1 -1
- data/lib/chef/http/http_request.rb +7 -5
- data/lib/chef/http/socketless_chef_zero_client.rb +5 -2
- data/lib/chef/http/ssl_policies.rb +1 -1
- data/lib/chef/json_compat.rb +2 -2
- data/lib/chef/knife.rb +4 -4
- data/lib/chef/knife/bootstrap.rb +18 -16
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +3 -3
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +7 -7
- data/lib/chef/knife/client_create.rb +3 -3
- data/lib/chef/knife/config_get.rb +8 -97
- data/lib/chef/knife/config_get_profile.rb +9 -9
- data/lib/chef/knife/config_list.rb +139 -0
- data/lib/chef/knife/config_list_profiles.rb +8 -98
- data/lib/chef/knife/config_show.rb +127 -0
- data/lib/chef/knife/config_use.rb +61 -0
- data/lib/chef/knife/config_use_profile.rb +9 -24
- data/lib/chef/knife/configure.rb +4 -2
- data/lib/chef/knife/cookbook_download.rb +1 -1
- data/lib/chef/knife/cookbook_metadata.rb +1 -1
- data/lib/chef/knife/cookbook_upload.rb +23 -23
- data/lib/chef/knife/core/bootstrap_context.rb +2 -2
- data/lib/chef/knife/core/generic_presenter.rb +1 -1
- data/lib/chef/knife/core/hashed_command_loader.rb +2 -2
- data/lib/chef/knife/core/object_loader.rb +1 -1
- data/lib/chef/knife/core/windows_bootstrap_context.rb +42 -34
- data/lib/chef/knife/delete.rb +15 -15
- data/lib/chef/knife/exec.rb +4 -4
- data/lib/chef/knife/node_show.rb +2 -2
- data/lib/chef/knife/serve.rb +3 -3
- data/lib/chef/knife/ssh.rb +22 -7
- data/lib/chef/knife/ssl_check.rb +3 -3
- data/lib/chef/knife/status.rb +2 -2
- data/lib/chef/knife/user_create.rb +2 -2
- data/lib/chef/knife/xargs.rb +19 -19
- data/lib/chef/knife/yaml_convert.rb +1 -1
- data/lib/chef/local_mode.rb +2 -2
- data/lib/chef/log/syslog.rb +2 -2
- data/lib/chef/log/winevt.rb +2 -2
- data/lib/chef/mixin/checksum.rb +0 -1
- data/lib/chef/mixin/deep_merge.rb +35 -18
- data/lib/chef/mixin/openssl_helper.rb +4 -5
- data/lib/chef/mixin/shell_out.rb +1 -1
- data/lib/chef/mixin/template.rb +2 -2
- data/lib/chef/mixin/uris.rb +2 -2
- data/lib/chef/mixin/versioned_api.rb +1 -2
- data/lib/chef/mixin/which.rb +1 -1
- data/lib/chef/monkey_patches/net_http.rb +4 -4
- data/lib/chef/monkey_patches/webrick-utils.rb +10 -10
- data/lib/chef/node/attribute.rb +2 -4
- data/lib/chef/node_map.rb +2 -2
- data/lib/chef/platform/service_helpers.rb +1 -1
- data/lib/chef/policy_builder/policyfile.rb +2 -2
- data/lib/chef/property.rb +1 -1
- data/lib/chef/provider.rb +0 -4
- data/lib/chef/provider/cron/unix.rb +0 -2
- data/lib/chef/provider/file.rb +2 -2
- data/lib/chef/provider/git.rb +5 -5
- data/lib/chef/provider/group.rb +0 -2
- data/lib/chef/provider/group/suse.rb +5 -5
- data/lib/chef/provider/ifconfig.rb +1 -4
- data/lib/chef/provider/launchd.rb +2 -2
- data/lib/chef/provider/mount.rb +0 -2
- data/lib/chef/provider/mount/linux.rb +63 -0
- data/lib/chef/provider/package.rb +0 -2
- data/lib/chef/provider/package/rubygems.rb +22 -19
- data/lib/chef/provider/package/snap.rb +1 -2
- data/lib/chef/provider/package/windows.rb +2 -2
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +12 -10
- data/lib/chef/provider/package/zypper.rb +1 -1
- data/lib/chef/provider/powershell_script.rb +21 -5
- data/lib/chef/provider/remote_file/content.rb +3 -0
- data/lib/chef/provider/remote_file/ftp.rb +6 -4
- data/lib/chef/provider/remote_file/sftp.rb +6 -4
- data/lib/chef/provider/route.rb +2 -6
- data/lib/chef/provider/service/arch.rb +1 -1
- data/lib/chef/provider/service/debian.rb +1 -1
- data/lib/chef/provider/service/gentoo.rb +2 -2
- data/lib/chef/provider/service/macosx.rb +4 -4
- data/lib/chef/provider/service/openbsd.rb +1 -4
- data/lib/chef/provider/service/redhat.rb +2 -2
- data/lib/chef/provider/service/upstart.rb +1 -1
- data/lib/chef/provider/service/windows.rb +10 -10
- data/lib/chef/provider/systemd_unit.rb +0 -2
- data/lib/chef/provider/template/content.rb +1 -0
- data/lib/chef/provider/template_finder.rb +2 -10
- data/lib/chef/provider/user/dscl.rb +5 -5
- data/lib/chef/provider/user/mac.rb +10 -10
- data/lib/chef/provider/windows_task.rb +1 -5
- data/lib/chef/provider/zypper_repository.rb +2 -3
- data/lib/chef/provider_resolver.rb +1 -1
- data/lib/chef/providers.rb +1 -1
- data/lib/chef/recipe.rb +2 -2
- data/lib/chef/resource.rb +7 -11
- data/lib/chef/resource/apt_repository.rb +2 -11
- data/lib/chef/resource/bff_package.rb +22 -0
- data/lib/chef/resource/breakpoint.rb +57 -2
- data/lib/chef/resource/build_essential.rb +1 -1
- data/lib/chef/resource/cab_package.rb +29 -0
- data/lib/chef/resource/chef_client_cron.rb +32 -25
- data/lib/chef/resource/chef_client_launchd.rb +194 -0
- data/lib/chef/resource/chef_client_scheduled_task.rb +21 -18
- data/lib/chef/resource/chef_client_systemd_timer.rb +26 -19
- data/lib/chef/resource/chef_client_trusted_certificate.rb +101 -0
- data/lib/chef/resource/chef_gem.rb +10 -10
- data/lib/chef/resource/chef_handler.rb +148 -4
- data/lib/chef/resource/chef_sleep.rb +2 -2
- data/lib/chef/resource/chef_vault_secret.rb +14 -14
- data/lib/chef/resource/cookbook_file.rb +2 -2
- data/lib/chef/resource/cron/cron_d.rb +0 -1
- data/lib/chef/resource/dnf_package.rb +2 -2
- data/lib/chef/resource/dsc_resource.rb +0 -1
- data/lib/chef/resource/dsc_script.rb +2 -2
- data/lib/chef/resource/execute.rb +8 -9
- data/lib/chef/resource/file.rb +4 -4
- data/lib/chef/resource/gem_package.rb +5 -5
- data/lib/chef/resource/homebrew_package.rb +3 -3
- data/lib/chef/resource/homebrew_update.rb +7 -7
- data/lib/chef/resource/hostname.rb +19 -19
- data/lib/chef/resource/launchd.rb +2 -1
- data/lib/chef/resource/locale.rb +2 -2
- data/lib/chef/resource/macos_userdefaults.rb +3 -3
- data/lib/chef/resource/notify_group.rb +0 -1
- data/lib/chef/resource/ohai.rb +46 -3
- data/lib/chef/resource/ohai_hint.rb +33 -0
- data/lib/chef/resource/openssl_dhparam.rb +29 -5
- data/lib/chef/resource/openssl_ec_private_key.rb +8 -3
- data/lib/chef/resource/openssl_ec_public_key.rb +4 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +8 -3
- data/lib/chef/resource/openssl_rsa_public_key.rb +2 -0
- data/lib/chef/resource/openssl_x509_certificate.rb +38 -35
- data/lib/chef/resource/openssl_x509_crl.rb +21 -10
- data/lib/chef/resource/openssl_x509_request.rb +37 -36
- data/lib/chef/resource/osx_profile.rb +292 -6
- data/lib/chef/resource/plist.rb +1 -1
- data/lib/chef/resource/powershell_package_source.rb +6 -6
- data/lib/chef/resource/powershell_script.rb +24 -30
- data/lib/chef/resource/reboot.rb +2 -2
- data/lib/chef/resource/remote_file.rb +3 -3
- data/lib/chef/resource/rhsm_register.rb +22 -10
- data/lib/chef/resource/ruby_block.rb +2 -2
- data/lib/chef/resource/scm/subversion.rb +2 -2
- data/lib/chef/resource/service.rb +3 -3
- data/lib/chef/resource/ssh_known_hosts_entry.rb +2 -2
- data/lib/chef/resource/sudo.rb +1 -1
- data/lib/chef/resource/support/cron.d.erb +1 -1
- data/lib/chef/resource/support/cron_access.erb +1 -1
- data/lib/chef/resource/support/sudoer.erb +1 -1
- data/lib/chef/resource/support/ulimit.erb +1 -1
- data/lib/chef/resource/sysctl.rb +6 -10
- data/lib/chef/resource/systemd_unit.rb +2 -2
- data/lib/chef/resource/template.rb +2 -2
- data/lib/chef/resource/timezone.rb +112 -73
- data/lib/chef/resource/windows_ad_join.rb +12 -3
- data/lib/chef/resource/windows_audit_policy.rb +3 -0
- data/lib/chef/resource/windows_auto_run.rb +2 -0
- data/lib/chef/resource/windows_certificate.rb +8 -4
- data/lib/chef/resource/windows_dfs_folder.rb +2 -0
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -0
- data/lib/chef/resource/windows_dfs_server.rb +2 -0
- data/lib/chef/resource/windows_dns_record.rb +10 -7
- data/lib/chef/resource/windows_dns_zone.rb +12 -7
- data/lib/chef/resource/windows_feature.rb +2 -0
- data/lib/chef/resource/windows_feature_dism.rb +10 -0
- data/lib/chef/resource/windows_feature_powershell.rb +14 -2
- data/lib/chef/resource/windows_firewall_profile.rb +24 -20
- data/lib/chef/resource/windows_firewall_rule.rb +5 -3
- data/lib/chef/resource/windows_font.rb +3 -1
- data/lib/chef/resource/windows_package.rb +28 -5
- data/lib/chef/resource/windows_pagefile.rb +4 -0
- data/lib/chef/resource/windows_printer.rb +22 -21
- data/lib/chef/resource/windows_printer_port.rb +20 -17
- data/lib/chef/resource/windows_security_policy.rb +2 -0
- data/lib/chef/resource/windows_share.rb +5 -3
- data/lib/chef/resource/windows_shortcut.rb +2 -0
- data/lib/chef/resource/windows_uac.rb +2 -0
- data/lib/chef/resource/windows_user_privilege.rb +54 -53
- data/lib/chef/resource/windows_workgroup.rb +5 -6
- data/lib/chef/resource/yum_package.rb +2 -2
- data/lib/chef/resource_collection/stepable_iterator.rb +1 -2
- data/lib/chef/resources.rb +3 -1
- data/lib/chef/role.rb +2 -2
- data/lib/chef/run_context.rb +2 -2
- data/lib/chef/run_context/cookbook_compiler.rb +21 -21
- data/lib/chef/run_lock.rb +2 -2
- data/lib/chef/run_status.rb +2 -6
- data/lib/chef/search/query.rb +4 -5
- data/lib/chef/server_api_versions.rb +4 -0
- data/lib/chef/shell.rb +32 -27
- data/lib/chef/shell/ext.rb +11 -11
- data/lib/chef/shell/shell_session.rb +2 -2
- data/lib/chef/train_transport.rb +5 -104
- data/lib/chef/util/backup.rb +1 -1
- data/lib/chef/util/diff.rb +14 -14
- data/lib/chef/util/powershell/cmdlet.rb +4 -2
- data/lib/chef/util/powershell/ps_credential.rb +18 -14
- data/lib/chef/util/threaded_job_queue.rb +0 -2
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/crypto.rb +1 -1
- data/lib/chef/win32/file.rb +2 -2
- data/lib/chef/win32/file/version_info.rb +5 -5
- data/lib/chef/win32/registry.rb +1 -2
- data/spec/data/shef-config.rb +1 -1
- data/spec/data/ssl/chef-rspec.cert +15 -15
- data/spec/functional/event_loggers/windows_eventlog_spec.rb +6 -5
- data/spec/functional/resource/aix_service_spec.rb +2 -2
- data/spec/functional/resource/aixinit_service_spec.rb +8 -8
- data/spec/functional/resource/bff_spec.rb +2 -2
- data/spec/functional/resource/cookbook_file_spec.rb +1 -1
- data/spec/functional/resource/dsc_resource_spec.rb +1 -1
- data/spec/functional/resource/dsc_script_spec.rb +0 -1
- data/spec/functional/resource/group_spec.rb +6 -6
- data/spec/functional/resource/insserv_spec.rb +5 -5
- data/spec/functional/resource/link_spec.rb +20 -20
- data/spec/functional/resource/powershell_script_spec.rb +4 -4
- data/spec/functional/resource/rpm_spec.rb +2 -2
- data/spec/functional/resource/user/dscl_spec.rb +1 -1
- data/spec/functional/resource/user/mac_user_spec.rb +1 -1
- data/spec/functional/resource/windows_certificate_spec.rb +3 -3
- data/spec/functional/resource/windows_font_spec.rb +49 -0
- data/spec/functional/resource/windows_security_policy_spec.rb +0 -3
- data/spec/functional/resource/windows_task_spec.rb +13 -13
- data/spec/functional/run_lock_spec.rb +24 -24
- data/spec/functional/version_spec.rb +3 -3
- data/spec/functional/win32/registry_spec.rb +8 -8
- data/spec/functional/win32/service_manager_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +4 -4
- data/spec/integration/client/exit_code_spec.rb +3 -2
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/knife/common_options_spec.rb +12 -12
- data/spec/integration/knife/config_list_spec.rb +220 -0
- data/spec/integration/knife/config_show_spec.rb +192 -0
- data/spec/integration/knife/config_use_spec.rb +198 -0
- data/spec/integration/knife/cookbook_api_ipv6_spec.rb +1 -1
- data/spec/integration/knife/diff_spec.rb +3 -1
- data/spec/integration/knife/download_spec.rb +3 -1
- data/spec/integration/knife/serve_spec.rb +5 -5
- data/spec/integration/knife/upload_spec.rb +3 -1
- data/spec/integration/ohai/ohai_spec.rb +61 -0
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
- data/spec/integration/recipes/remote_directory.rb +1 -1
- data/spec/integration/solo/solo_spec.rb +5 -5
- data/spec/spec_helper.rb +12 -9
- data/spec/stress/win32/file_spec.rb +1 -1
- data/spec/support/chef_helpers.rb +2 -2
- data/spec/support/matchers/leak.rb +2 -2
- data/spec/support/platform_helpers.rb +17 -35
- data/spec/support/platforms/win32/spec_service.rb +1 -1
- data/spec/support/shared/functional/directory_resource.rb +1 -1
- data/spec/support/shared/functional/execute_resource.rb +1 -1
- data/spec/support/shared/functional/file_resource.rb +20 -20
- data/spec/support/shared/functional/securable_resource.rb +108 -27
- data/spec/support/shared/functional/win32_service.rb +2 -2
- data/spec/support/shared/functional/windows_script.rb +3 -3
- data/spec/support/shared/integration/integration_helper.rb +22 -52
- data/spec/support/shared/unit/application_dot_d.rb +5 -3
- data/spec/support/shared/unit/script_resource.rb +6 -20
- data/spec/support/shared/unit/windows_script_resource.rb +15 -28
- data/spec/tiny_server.rb +0 -1
- data/spec/unit/application/client_spec.rb +2 -2
- data/spec/unit/application/exit_code_spec.rb +10 -0
- data/spec/unit/application_spec.rb +4 -6
- data/spec/unit/chef_fs/parallelizer_spec.rb +5 -1
- data/spec/unit/chef_fs/path_util_spec.rb +1 -1
- data/spec/unit/cookbook/synchronizer_spec.rb +2 -2
- data/spec/unit/cookbook_spec.rb +2 -2
- data/spec/unit/data_collector/config_validation_spec.rb +208 -0
- data/spec/unit/data_collector_spec.rb +28 -113
- data/spec/unit/dsl/declare_resource_spec.rb +1 -1
- data/spec/unit/environment_spec.rb +7 -7
- data/spec/unit/file_access_control_spec.rb +1 -1
- data/spec/unit/http/api_versions_spec.rb +19 -1
- data/spec/unit/knife/bootstrap_spec.rb +20 -20
- data/spec/unit/knife/cookbook_download_spec.rb +4 -4
- data/spec/unit/knife/cookbook_metadata_from_file_spec.rb +1 -1
- data/spec/unit/knife/core/hashed_command_loader_spec.rb +3 -3
- data/spec/unit/knife/core/ui_spec.rb +1 -0
- data/spec/unit/knife/core/windows_bootstrap_context_spec.rb +21 -12
- data/spec/unit/knife/ssh_spec.rb +2 -2
- data/spec/unit/knife/supermarket_share_spec.rb +1 -1
- data/spec/unit/lwrp_spec.rb +3 -3
- data/spec/unit/mixin/deep_merge_spec.rb +15 -0
- data/spec/unit/mixin/openssl_helper_spec.rb +1 -1
- data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
- data/spec/unit/mixin/securable_spec.rb +2 -2
- data/spec/unit/mixin/template_spec.rb +30 -30
- data/spec/unit/mixin/windows_architecture_helper_spec.rb +4 -4
- data/spec/unit/node/immutable_collections_spec.rb +8 -4
- data/spec/unit/node_spec.rb +5 -5
- data/spec/unit/provider/mount/linux_spec.rb +97 -0
- data/spec/unit/provider/package/chocolatey_spec.rb +1 -1
- data/spec/unit/provider/package/powershell_spec.rb +1 -1
- data/spec/unit/provider/package/rubygems_spec.rb +4 -1
- data/spec/unit/provider/powershell_script_spec.rb +11 -4
- data/spec/unit/provider/remote_directory_spec.rb +9 -9
- data/spec/unit/provider/route_spec.rb +0 -2
- data/spec/unit/provider/service/arch_service_spec.rb +3 -2
- data/spec/unit/provider/service/debian_service_spec.rb +1 -1
- data/spec/unit/provider/service/gentoo_service_spec.rb +7 -7
- data/spec/unit/provider/service/macosx_spec.rb +3 -3
- data/spec/unit/provider/service/redhat_spec.rb +2 -2
- data/spec/unit/provider/service/upstart_service_spec.rb +3 -3
- data/spec/unit/provider_resolver_spec.rb +6 -6
- data/spec/unit/recipe_spec.rb +1 -1
- data/spec/unit/resource/batch_spec.rb +6 -6
- data/spec/unit/resource/chef_client_cron_spec.rb +35 -14
- data/spec/unit/resource/chef_client_launchd_spec.rb +127 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +36 -1
- data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +54 -0
- data/spec/unit/resource/execute_spec.rb +113 -118
- data/spec/unit/resource/launchd_spec.rb +8 -0
- data/spec/unit/resource/osx_profile_spec.rb +299 -0
- data/spec/unit/resource/powershell_script_spec.rb +11 -29
- data/spec/unit/resource/rhsm_register_spec.rb +56 -18
- data/spec/unit/resource/script_spec.rb +6 -1
- data/spec/unit/resource/timezone_spec.rb +63 -0
- data/spec/unit/resource/windows_feature_powershell_spec.rb +30 -4
- data/spec/unit/resource/windows_uac_spec.rb +1 -1
- data/spec/unit/resource/windows_user_privilege_spec.rb +55 -0
- data/spec/unit/role_spec.rb +11 -11
- data/spec/unit/run_lock_spec.rb +5 -1
- data/spec/unit/runner_spec.rb +1 -2
- data/spec/unit/server_api_spec.rb +43 -16
- data/spec/unit/shell/shell_ext_spec.rb +46 -3
- data/spec/unit/shell/shell_session_spec.rb +35 -64
- data/spec/unit/shell_spec.rb +16 -19
- data/spec/unit/train_transport_spec.rb +14 -13
- data/spec/unit/util/selinux_spec.rb +2 -0
- data/tasks/rspec.rb +1 -3
- metadata +42 -33
- data/lib/chef/dist.rb +0 -68
- data/lib/chef/provider/osx_profile.rb +0 -255
- data/spec/integration/knife/config_get_profile_spec.rb +0 -113
- data/spec/integration/knife/config_get_spec.rb +0 -191
- data/spec/integration/knife/config_list_profiles_spec.rb +0 -218
- data/spec/integration/knife/config_use_profile_spec.rb +0 -154
- data/spec/unit/provider/osx_profile_spec.rb +0 -255
@@ -24,6 +24,8 @@ class Chef
|
|
24
24
|
require_relative "../mixin/openssl_helper"
|
25
25
|
include Chef::Mixin::OpenSSLHelper
|
26
26
|
|
27
|
+
unified_mode true
|
28
|
+
|
27
29
|
provides :openssl_x509_certificate
|
28
30
|
provides(:openssl_x509) { true } # legacy cookbook name.
|
29
31
|
|
@@ -84,32 +86,32 @@ class Chef
|
|
84
86
|
description: "The permission mode applied to all files created by the resource."
|
85
87
|
|
86
88
|
property :country, String,
|
87
|
-
description: "Value for the C certificate field."
|
89
|
+
description: "Value for the `C` certificate field."
|
88
90
|
|
89
91
|
property :state, String,
|
90
|
-
description: "Value for the ST certificate field."
|
92
|
+
description: "Value for the `ST` certificate field."
|
91
93
|
|
92
94
|
property :city, String,
|
93
|
-
description: "Value for the L certificate field."
|
95
|
+
description: "Value for the `L` certificate field."
|
94
96
|
|
95
97
|
property :org, String,
|
96
|
-
description: "Value for the O certificate field."
|
98
|
+
description: "Value for the `O` certificate field."
|
97
99
|
|
98
100
|
property :org_unit, String,
|
99
|
-
description: "Value for the OU certificate field."
|
101
|
+
description: "Value for the `OU` certificate field."
|
100
102
|
|
101
103
|
property :common_name, String,
|
102
|
-
description: "Value for the CN certificate field."
|
104
|
+
description: "Value for the `CN` certificate field."
|
103
105
|
|
104
106
|
property :email, String,
|
105
|
-
description: "Value for the email certificate field."
|
107
|
+
description: "Value for the `email` certificate field."
|
106
108
|
|
107
109
|
property :extensions, Hash,
|
108
|
-
description: "Hash of X509 Extensions entries, in format { 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }
|
110
|
+
description: "Hash of X509 Extensions entries, in format `{ 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }`.",
|
109
111
|
default: lazy { {} }
|
110
112
|
|
111
113
|
property :subject_alt_name, Array,
|
112
|
-
description: "Array of Subject Alternative Name entries, in format DNS:example.com or IP:1.2.3.4
|
114
|
+
description: "Array of Subject Alternative Name entries, in format `DNS:example.com` or `IP:1.2.3.4`.",
|
113
115
|
default: lazy { [] }
|
114
116
|
|
115
117
|
property :key_file, String,
|
@@ -120,7 +122,7 @@ class Chef
|
|
120
122
|
|
121
123
|
property :key_type, String,
|
122
124
|
equal_to: %w{rsa ec},
|
123
|
-
description: "The desired type of the generated key
|
125
|
+
description: "The desired type of the generated key.",
|
124
126
|
default: "rsa"
|
125
127
|
|
126
128
|
property :key_length, Integer,
|
@@ -129,18 +131,18 @@ class Chef
|
|
129
131
|
default: 2048
|
130
132
|
|
131
133
|
property :key_curve, String,
|
132
|
-
description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run openssl ecparam -list_curves to see available options.",
|
134
|
+
description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run `openssl ecparam -list_curves` to see available options.",
|
133
135
|
equal_to: %w{secp384r1 secp521r1 prime256v1},
|
134
136
|
default: "prime256v1"
|
135
137
|
|
136
138
|
property :csr_file, String,
|
137
|
-
description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the csr_file property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
|
139
|
+
description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the `csr_file` property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
|
138
140
|
|
139
141
|
property :ca_cert_file, String,
|
140
|
-
description: "The path to the CA X509 Certificate on the filesystem. If the ca_cert_file property is specified, the ca_key_file property must also be specified, the certificate will be signed with them."
|
142
|
+
description: "The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the certificate will be signed with them."
|
141
143
|
|
142
144
|
property :ca_key_file, String,
|
143
|
-
description: "The path to the CA private key on the filesystem. If the ca_key_file property is specified, the
|
145
|
+
description: "The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file` property must also be specified, the certificate will be signed with them."
|
144
146
|
|
145
147
|
property :ca_key_pass, String,
|
146
148
|
description: "The passphrase for CA private key's passphrase."
|
@@ -161,7 +163,7 @@ class Chef
|
|
161
163
|
content cert.to_pem
|
162
164
|
end
|
163
165
|
|
164
|
-
if !new_resource.renew_before_expiry.nil? &&
|
166
|
+
if !new_resource.renew_before_expiry.nil? && cert_need_renewal?(new_resource.path, new_resource.renew_before_expiry)
|
165
167
|
file new_resource.path do
|
166
168
|
action :create
|
167
169
|
owner new_resource.owner unless new_resource.owner.nil?
|
@@ -173,7 +175,7 @@ class Chef
|
|
173
175
|
end
|
174
176
|
|
175
177
|
if new_resource.csr_file.nil?
|
176
|
-
file
|
178
|
+
file key_file do
|
177
179
|
action :create_if_missing
|
178
180
|
owner new_resource.owner unless new_resource.owner.nil?
|
179
181
|
group new_resource.group unless new_resource.group.nil?
|
@@ -185,24 +187,25 @@ class Chef
|
|
185
187
|
end
|
186
188
|
|
187
189
|
action_class do
|
188
|
-
def
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
|
193
|
-
|
194
|
-
|
190
|
+
def key_file
|
191
|
+
@key_file ||=
|
192
|
+
if new_resource.key_file
|
193
|
+
new_resource.key_file
|
194
|
+
else
|
195
|
+
path, file = ::File.split(new_resource.path)
|
196
|
+
filename = ::File.basename(file, ::File.extname(file))
|
197
|
+
path + "/" + filename + ".key"
|
198
|
+
end
|
195
199
|
end
|
196
200
|
|
197
201
|
def key
|
198
|
-
@key ||= if priv_key_file_valid?(
|
199
|
-
OpenSSL::PKey.read ::File.read(
|
202
|
+
@key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
|
203
|
+
OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
|
200
204
|
elsif new_resource.key_type == "rsa"
|
201
205
|
gen_rsa_priv_key(new_resource.key_length)
|
202
206
|
else
|
203
207
|
gen_ec_priv_key(new_resource.key_curve)
|
204
208
|
end
|
205
|
-
@key
|
206
209
|
end
|
207
210
|
|
208
211
|
def request
|
@@ -214,15 +217,15 @@ class Chef
|
|
214
217
|
end
|
215
218
|
|
216
219
|
def subject
|
217
|
-
|
218
|
-
|
219
|
-
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
|
225
|
-
|
220
|
+
OpenSSL::X509::Name.new.tap do |csr_subject|
|
221
|
+
csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
|
222
|
+
csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
|
223
|
+
csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
|
224
|
+
csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
|
225
|
+
csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
|
226
|
+
csr_subject.add_entry("CN", new_resource.common_name)
|
227
|
+
csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
|
228
|
+
end
|
226
229
|
end
|
227
230
|
|
228
231
|
def ca_private_key
|
@@ -24,20 +24,31 @@ class Chef
|
|
24
24
|
require_relative "../mixin/openssl_helper"
|
25
25
|
include Chef::Mixin::OpenSSLHelper
|
26
26
|
|
27
|
+
unified_mode true
|
28
|
+
|
27
29
|
provides :openssl_x509_crl
|
28
30
|
|
29
31
|
description "Use the **openssl_x509_crl** resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
|
30
32
|
introduced "14.4"
|
31
33
|
examples <<~DOC
|
32
|
-
|
34
|
+
**Create a certificate revocation file**
|
33
35
|
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
36
|
+
```ruby
|
37
|
+
openssl_x509_crl '/etc/ssl_test/my_ca.crl' do
|
38
|
+
ca_cert_file '/etc/ssl_test/my_ca.crt'
|
39
|
+
ca_key_file '/etc/ssl_test/my_ca.key'
|
40
|
+
end
|
41
|
+
```
|
42
|
+
|
43
|
+
**Create a certificate revocation file for a particular serial**
|
44
|
+
|
45
|
+
```ruby
|
46
|
+
openssl_x509_crl '/etc/ssl_test/my_ca.crl' do
|
47
|
+
ca_cert_file '/etc/ssl_test/my_ca.crt'
|
48
|
+
ca_key_file '/etc/ssl_test/my_ca.key'
|
49
|
+
serial_to_revoke C7BCB6602A2E4251EF4E2827A228CB52BC0CEA2F
|
50
|
+
end
|
51
|
+
```
|
41
52
|
DOC
|
42
53
|
|
43
54
|
property :path, String,
|
@@ -60,11 +71,11 @@ class Chef
|
|
60
71
|
default: 1
|
61
72
|
|
62
73
|
property :ca_cert_file, String,
|
63
|
-
description: "The path to the CA X509 Certificate on the filesystem. If the ca_cert_file property is specified, the ca_key_file property must also be specified, the CRL will be signed with them.",
|
74
|
+
description: "The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the CRL will be signed with them.",
|
64
75
|
required: true
|
65
76
|
|
66
77
|
property :ca_key_file, String,
|
67
|
-
description: "The path to the CA private key on the filesystem. If the ca_key_file property is specified, the ca_cert_file property must also be specified, the CRL will be signed with them.",
|
78
|
+
description: "The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file` property must also be specified, the CRL will be signed with them.",
|
68
79
|
required: true
|
69
80
|
|
70
81
|
property :ca_key_pass, String,
|
@@ -24,12 +24,14 @@ class Chef
|
|
24
24
|
require_relative "../mixin/openssl_helper"
|
25
25
|
include Chef::Mixin::OpenSSLHelper
|
26
26
|
|
27
|
+
unified_mode true
|
28
|
+
|
27
29
|
provides :openssl_x509_request
|
28
30
|
|
29
31
|
description "Use the **openssl_x509_request** resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate."
|
30
32
|
introduced "14.4"
|
31
33
|
examples <<~DOC
|
32
|
-
Generate new
|
34
|
+
**Generate new EC key and CSR file**
|
33
35
|
|
34
36
|
```ruby
|
35
37
|
openssl_x509_request '/etc/ssl_files/my_ec_request.csr' do
|
@@ -40,7 +42,7 @@ class Chef
|
|
40
42
|
end
|
41
43
|
```
|
42
44
|
|
43
|
-
Generate a new
|
45
|
+
**Generate a new CSR file from an existing EC key**
|
44
46
|
|
45
47
|
```ruby
|
46
48
|
openssl_x509_request '/etc/ssl_files/my_ec_request2.csr' do
|
@@ -52,7 +54,7 @@ class Chef
|
|
52
54
|
end
|
53
55
|
```
|
54
56
|
|
55
|
-
Generate new
|
57
|
+
**Generate new RSA key and CSR file**
|
56
58
|
|
57
59
|
```ruby
|
58
60
|
openssl_x509_request '/etc/ssl_files/my_rsa_request.csr' do
|
@@ -78,46 +80,44 @@ class Chef
|
|
78
80
|
description: "The permission mode applied to all files created by the resource."
|
79
81
|
|
80
82
|
property :country, String,
|
81
|
-
description: "Value for the C certificate field."
|
83
|
+
description: "Value for the `C` certificate field."
|
82
84
|
|
83
85
|
property :state, String,
|
84
|
-
description: "Value for the ST certificate field."
|
86
|
+
description: "Value for the `ST` certificate field."
|
85
87
|
|
86
88
|
property :city, String,
|
87
|
-
description: "Value for the L certificate field."
|
89
|
+
description: "Value for the `L` certificate field."
|
88
90
|
|
89
91
|
property :org, String,
|
90
|
-
description: "Value for the O certificate field."
|
92
|
+
description: "Value for the `O` certificate field."
|
91
93
|
|
92
94
|
property :org_unit, String,
|
93
|
-
description: "Value for the OU certificate field."
|
95
|
+
description: "Value for the `OU` certificate field."
|
94
96
|
|
95
97
|
property :common_name, String,
|
96
98
|
required: true,
|
97
|
-
description: "Value for the CN certificate field."
|
99
|
+
description: "Value for the `CN` certificate field."
|
98
100
|
|
99
101
|
property :email, String,
|
100
|
-
description: "Value for the email certificate field."
|
102
|
+
description: "Value for the `email` certificate field."
|
101
103
|
|
102
104
|
property :key_file, String,
|
103
|
-
description: "The path to a certificate key file on the filesystem. If the key_file property is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the key_file property is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate."
|
105
|
+
description: "The path to a certificate key file on the filesystem. If the `key_file` property is specified, the resource will attempt to source a key from this location. If no key file is found, the resource will generate a new key file at this location. If the `key_file` property is not specified, the resource will generate a key file in the same directory as the generated certificate, with the same name as the generated certificate."
|
104
106
|
|
105
107
|
property :key_pass, String,
|
106
108
|
description: "The passphrase for an existing key's passphrase."
|
107
109
|
|
108
110
|
property :key_type, String,
|
109
111
|
equal_to: %w{rsa ec}, default: "ec",
|
110
|
-
description: "The desired type of the generated key
|
112
|
+
description: "The desired type of the generated key."
|
111
113
|
|
112
114
|
property :key_length, Integer,
|
113
115
|
equal_to: [1024, 2048, 4096, 8192], default: 2048,
|
114
|
-
description: "The desired bit length of the generated key (if key_type is equal to
|
116
|
+
description: "The desired bit length of the generated key (if key_type is equal to `rsa`)."
|
115
117
|
|
116
118
|
property :key_curve, String,
|
117
119
|
equal_to: %w{secp384r1 secp521r1 prime256v1}, default: "prime256v1",
|
118
|
-
description: "The desired curve of the generated key (if key_type is equal to
|
119
|
-
|
120
|
-
default_action :create
|
120
|
+
description: "The desired curve of the generated key (if key_type is equal to `ec`). Run `openssl ecparam -list_curves` to see available options."
|
121
121
|
|
122
122
|
action :create do
|
123
123
|
description "Generate a certificate request."
|
@@ -132,7 +132,7 @@ class Chef
|
|
132
132
|
action :create
|
133
133
|
end
|
134
134
|
|
135
|
-
file
|
135
|
+
file key_file do
|
136
136
|
owner new_resource.owner unless new_resource.owner.nil?
|
137
137
|
group new_resource.group unless new_resource.group.nil?
|
138
138
|
mode new_resource.mode unless new_resource.mode.nil?
|
@@ -145,36 +145,37 @@ class Chef
|
|
145
145
|
end
|
146
146
|
|
147
147
|
action_class do
|
148
|
-
def
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
|
148
|
+
def key_file
|
149
|
+
@key_file ||=
|
150
|
+
if new_resource.key_file
|
151
|
+
new_resource.key_file
|
152
|
+
else
|
153
|
+
path, file = ::File.split(new_resource.path)
|
154
|
+
filename = ::File.basename(file, ::File.extname(file))
|
155
|
+
path + "/" + filename + ".key"
|
156
|
+
end
|
155
157
|
end
|
156
158
|
|
157
159
|
def key
|
158
|
-
@key ||= if priv_key_file_valid?(
|
159
|
-
OpenSSL::PKey.read ::File.read(
|
160
|
+
@key ||= if priv_key_file_valid?(key_file, new_resource.key_pass)
|
161
|
+
OpenSSL::PKey.read ::File.read(key_file), new_resource.key_pass
|
160
162
|
elsif new_resource.key_type == "rsa"
|
161
163
|
gen_rsa_priv_key(new_resource.key_length)
|
162
164
|
else
|
163
165
|
gen_ec_priv_key(new_resource.key_curve)
|
164
166
|
end
|
165
|
-
@key
|
166
167
|
end
|
167
168
|
|
168
169
|
def subject
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
|
170
|
+
OpenSSL::X509::Name.new.tap do |csr_subject|
|
171
|
+
csr_subject.add_entry("C", new_resource.country) unless new_resource.country.nil?
|
172
|
+
csr_subject.add_entry("ST", new_resource.state) unless new_resource.state.nil?
|
173
|
+
csr_subject.add_entry("L", new_resource.city) unless new_resource.city.nil?
|
174
|
+
csr_subject.add_entry("O", new_resource.org) unless new_resource.org.nil?
|
175
|
+
csr_subject.add_entry("OU", new_resource.org_unit) unless new_resource.org_unit.nil?
|
176
|
+
csr_subject.add_entry("CN", new_resource.common_name)
|
177
|
+
csr_subject.add_entry("emailAddress", new_resource.email) unless new_resource.email.nil?
|
178
|
+
end
|
178
179
|
end
|
179
180
|
|
180
181
|
def csr
|
@@ -17,6 +17,10 @@
|
|
17
17
|
#
|
18
18
|
|
19
19
|
require_relative "../resource"
|
20
|
+
require_relative "../log"
|
21
|
+
require_relative "../resource/file"
|
22
|
+
autoload :UUIDTools, "uuidtools"
|
23
|
+
autoload :Plist, "plist"
|
20
24
|
|
21
25
|
class Chef
|
22
26
|
class Resource
|
@@ -26,11 +30,72 @@ class Chef
|
|
26
30
|
provides :osx_profile
|
27
31
|
provides :osx_config_profile
|
28
32
|
|
29
|
-
description "Use the **osx_profile** resource to manage configuration profiles (
|
33
|
+
description "Use the **osx_profile** resource to manage configuration profiles (`.mobileconfig` files) on the macOS platform. The **osx_profile** resource installs profiles by using the uuidgen library to generate a unique `ProfileUUID`, and then using the `profiles` command to install the profile on the system."
|
30
34
|
introduced "12.7"
|
35
|
+
examples <<~DOC
|
36
|
+
**Install a profile from a cookbook file**
|
31
37
|
|
32
|
-
|
33
|
-
|
38
|
+
```ruby
|
39
|
+
osx_profile 'com.company.screensaver.mobileconfig'
|
40
|
+
```
|
41
|
+
|
42
|
+
**Install profile from a hash**
|
43
|
+
|
44
|
+
```ruby
|
45
|
+
profile_hash = {
|
46
|
+
'PayloadIdentifier' => 'com.company.screensaver',
|
47
|
+
'PayloadRemovalDisallowed' => false,
|
48
|
+
'PayloadScope' => 'System',
|
49
|
+
'PayloadType' => 'Configuration',
|
50
|
+
'PayloadUUID' => '1781fbec-3325-565f-9022-8aa28135c3cc',
|
51
|
+
'PayloadOrganization' => 'Chef',
|
52
|
+
'PayloadVersion' => 1,
|
53
|
+
'PayloadDisplayName' => 'Screensaver Settings',
|
54
|
+
'PayloadContent'=> [
|
55
|
+
{
|
56
|
+
'PayloadType' => 'com.apple.ManagedClient.preferences',
|
57
|
+
'PayloadVersion' => 1,
|
58
|
+
'PayloadIdentifier' => 'com.company.screensaver',
|
59
|
+
'PayloadUUID' => '73fc30e0-1e57-0131-c32d-000c2944c108',
|
60
|
+
'PayloadEnabled' => true,
|
61
|
+
'PayloadDisplayName' => 'com.apple.screensaver',
|
62
|
+
'PayloadContent' => {
|
63
|
+
'com.apple.screensaver' => {
|
64
|
+
'Forced' => [
|
65
|
+
{
|
66
|
+
'mcx_preference_settings' => {
|
67
|
+
'idleTime' => 0,
|
68
|
+
}
|
69
|
+
}
|
70
|
+
]
|
71
|
+
}
|
72
|
+
}
|
73
|
+
}
|
74
|
+
]
|
75
|
+
}
|
76
|
+
|
77
|
+
osx_profile 'Install screensaver profile' do
|
78
|
+
profile profile_hash
|
79
|
+
end
|
80
|
+
```
|
81
|
+
|
82
|
+
**Remove profile using identifier in resource name**
|
83
|
+
|
84
|
+
```ruby
|
85
|
+
osx_profile 'com.company.screensaver' do
|
86
|
+
action :remove
|
87
|
+
end
|
88
|
+
```
|
89
|
+
|
90
|
+
**Remove profile by identifier and user friendly resource name**
|
91
|
+
|
92
|
+
```ruby
|
93
|
+
osx_profile 'Remove screensaver profile' do
|
94
|
+
identifier 'com.company.screensaver'
|
95
|
+
action :remove
|
96
|
+
end
|
97
|
+
```
|
98
|
+
DOC
|
34
99
|
|
35
100
|
property :profile_name, String,
|
36
101
|
description: "Use to specify the name of the profile, if different from the name of the resource block.",
|
@@ -40,10 +105,231 @@ class Chef
|
|
40
105
|
description: "Use to specify a profile. This may be the name of a profile contained in a cookbook or a Hash that contains the contents of the profile."
|
41
106
|
|
42
107
|
property :identifier, String,
|
43
|
-
description: "Use to specify the identifier for the profile, such as com.company.screensaver
|
108
|
+
description: "Use to specify the identifier for the profile, such as `com.company.screensaver`."
|
109
|
+
|
110
|
+
# this is not a property it is necessary for the tempfile this resource uses to work (FIXME: this is terrible)
|
111
|
+
#
|
112
|
+
# @api private
|
113
|
+
#
|
114
|
+
def path(path = nil)
|
115
|
+
@path ||= path
|
116
|
+
@path
|
117
|
+
end
|
118
|
+
|
119
|
+
action_class do
|
120
|
+
def load_current_resource
|
121
|
+
@current_resource = Chef::Resource::OsxProfile.new(new_resource.name)
|
122
|
+
current_resource.profile_name(new_resource.profile_name)
|
123
|
+
|
124
|
+
if new_profile_hash
|
125
|
+
new_profile_hash["PayloadUUID"] = config_uuid(new_profile_hash)
|
126
|
+
end
|
127
|
+
|
128
|
+
current_resource.profile(current_profile)
|
129
|
+
end
|
130
|
+
|
131
|
+
def current_profile
|
132
|
+
all_profiles = get_installed_profiles
|
133
|
+
|
134
|
+
if all_profiles && all_profiles.key?("_computerlevel")
|
135
|
+
return all_profiles["_computerlevel"].find do |item|
|
136
|
+
item["ProfileIdentifier"] == new_profile_identifier
|
137
|
+
end
|
138
|
+
end
|
139
|
+
nil
|
140
|
+
end
|
141
|
+
|
142
|
+
def invalid_profile_name?(name_or_identifier)
|
143
|
+
name_or_identifier.end_with?(".mobileconfig") || !/^\w+(?:(\.| )\w+)+$/.match(name_or_identifier)
|
144
|
+
end
|
145
|
+
|
146
|
+
def check_resource_semantics!
|
147
|
+
if action == :remove
|
148
|
+
if new_profile_identifier
|
149
|
+
if invalid_profile_name?(new_profile_identifier)
|
150
|
+
raise "when removing using the identifier property, it must match the profile identifier"
|
151
|
+
end
|
152
|
+
else
|
153
|
+
if invalid_profile_name?(new_resource.profile_name)
|
154
|
+
raise "When removing by resource name, it must match the profile identifier"
|
155
|
+
end
|
156
|
+
end
|
157
|
+
end
|
158
|
+
|
159
|
+
if action == :install
|
160
|
+
# we only do this check for the install action so that profiles can still be removed on macOS 11+
|
161
|
+
if mac? && node["platform_version"] =~ ">= 11.0"
|
162
|
+
raise "The osx_profile resource is not available on macOS Big Sur or above due to Apple's removal of support for CLI profile installation"
|
163
|
+
end
|
164
|
+
|
165
|
+
if new_profile_hash.is_a?(Hash) && !new_profile_hash.include?("PayloadIdentifier")
|
166
|
+
raise "The specified profile does not seem to be valid"
|
167
|
+
end
|
168
|
+
if new_profile_hash.is_a?(String) && !new_profile_hash.end_with?(".mobileconfig")
|
169
|
+
raise "#{new_profile_hash}' is not a valid profile"
|
170
|
+
end
|
171
|
+
end
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
action :install do
|
176
|
+
unless profile_installed?
|
177
|
+
converge_by("install profile #{new_profile_identifier}") do
|
178
|
+
profile_path = write_profile_to_disk
|
179
|
+
install_profile(profile_path)
|
180
|
+
get_installed_profiles(true)
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
action :remove do
|
186
|
+
# Clean up profile after removing it
|
187
|
+
if profile_installed?
|
188
|
+
converge_by("remove profile #{new_profile_identifier}") do
|
189
|
+
remove_profile
|
190
|
+
get_installed_profiles(true)
|
191
|
+
end
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
action_class do
|
196
|
+
private
|
197
|
+
|
198
|
+
def profile
|
199
|
+
@profile ||= new_resource.profile || new_resource.profile_name
|
200
|
+
end
|
201
|
+
|
202
|
+
def new_profile_hash
|
203
|
+
@new_profile_hash ||= get_profile_hash(profile)
|
204
|
+
end
|
205
|
+
|
206
|
+
def new_profile_identifier
|
207
|
+
@new_profile_identifier ||= if new_profile_hash
|
208
|
+
new_profile_hash["PayloadIdentifier"]
|
209
|
+
else
|
210
|
+
new_resource.identifier || new_resource.profile_name
|
211
|
+
end
|
212
|
+
end
|
213
|
+
|
214
|
+
def load_profile_hash(new_profile)
|
215
|
+
# file must exist in cookbook
|
216
|
+
return nil unless new_profile.end_with?(".mobileconfig")
|
217
|
+
|
218
|
+
unless cookbook_file_available?(new_profile)
|
219
|
+
raise Chef::Exceptions::FileNotFound, "#{self}: '#{new_profile}' not found in cookbook"
|
220
|
+
end
|
221
|
+
|
222
|
+
cookbook_profile = cache_cookbook_profile(new_profile)
|
223
|
+
::Plist.parse_xml(cookbook_profile)
|
224
|
+
end
|
225
|
+
|
226
|
+
def cookbook_file_available?(cookbook_file)
|
227
|
+
run_context.has_cookbook_file_in_cookbook?(
|
228
|
+
new_resource.cookbook_name, cookbook_file
|
229
|
+
)
|
230
|
+
end
|
231
|
+
|
232
|
+
def get_cache_dir
|
233
|
+
Chef::FileCache.create_cache_path(
|
234
|
+
"profiles/#{new_resource.cookbook_name}"
|
235
|
+
)
|
236
|
+
end
|
237
|
+
|
238
|
+
def cache_cookbook_profile(cookbook_file)
|
239
|
+
Chef::FileCache.create_cache_path(
|
240
|
+
::File.join(
|
241
|
+
"profiles",
|
242
|
+
new_resource.cookbook_name,
|
243
|
+
::File.dirname(cookbook_file)
|
244
|
+
)
|
245
|
+
)
|
246
|
+
|
247
|
+
path = ::File.join( get_cache_dir, "#{cookbook_file}.remote")
|
248
|
+
|
249
|
+
cookbook_file path do
|
250
|
+
cookbook_name = new_resource.cookbook_name
|
251
|
+
source(cookbook_file)
|
252
|
+
backup(false)
|
253
|
+
run_action(:create)
|
254
|
+
end
|
255
|
+
|
256
|
+
path
|
257
|
+
end
|
258
|
+
|
259
|
+
def get_profile_hash(new_profile)
|
260
|
+
if new_profile.is_a?(Hash)
|
261
|
+
new_profile
|
262
|
+
elsif new_profile.is_a?(String)
|
263
|
+
load_profile_hash(new_profile)
|
264
|
+
end
|
265
|
+
end
|
266
|
+
|
267
|
+
def config_uuid(profile)
|
268
|
+
# Make a UUID of the profile contents and return as string
|
269
|
+
UUIDTools::UUID.sha1_create(
|
270
|
+
UUIDTools::UUID_DNS_NAMESPACE,
|
271
|
+
profile.to_s
|
272
|
+
).to_s
|
273
|
+
end
|
274
|
+
|
275
|
+
def write_profile_to_disk
|
276
|
+
# FIXME: this is kind of terrible, the resource needs a tempfile to use and
|
277
|
+
# wants it created similarly to the file providers (with all the magic necessary
|
278
|
+
# for determining if it should go in the cwd or into a tmpdir), but it abuses
|
279
|
+
# the Chef::FileContentManagement::Tempfile API to do that, which requires setting
|
280
|
+
# a `path` method on the resource because of tight-coupling to the file provider
|
281
|
+
# pattern. We don't just want to use a file here because the point is to get
|
282
|
+
# at the tempfile pattern from the file provider, but to feed that into a shell
|
283
|
+
# command rather than deploying the file to somewhere on disk. There's some
|
284
|
+
# better API that needs extracting here.
|
285
|
+
new_resource.path(Chef::FileCache.create_cache_path("profiles"))
|
286
|
+
tempfile = Chef::FileContentManagement::Tempfile.new(new_resource).tempfile
|
287
|
+
tempfile.write(new_profile_hash.to_plist)
|
288
|
+
tempfile.close
|
289
|
+
tempfile.path
|
290
|
+
end
|
291
|
+
|
292
|
+
def install_profile(profile_path)
|
293
|
+
cmd = [ "/usr/bin/profiles", "-I", "-F", profile_path ]
|
294
|
+
logger.trace("cmd: #{cmd.join(" ")}")
|
295
|
+
shell_out!(*cmd)
|
296
|
+
end
|
297
|
+
|
298
|
+
def remove_profile
|
299
|
+
cmd = [ "/usr/bin/profiles", "-R", "-p", new_profile_identifier ]
|
300
|
+
logger.trace("cmd: #{cmd.join(" ")}")
|
301
|
+
shell_out!(*cmd)
|
302
|
+
end
|
303
|
+
|
304
|
+
#
|
305
|
+
# FIXME FIXME FIXME
|
306
|
+
# The node object should not be used for caching state like this and this is not a public API and may break.
|
307
|
+
# FIXME FIXME FIXME
|
308
|
+
#
|
309
|
+
|
310
|
+
def get_installed_profiles(update = nil)
|
311
|
+
logger.trace("Saving profile data to node.run_state")
|
312
|
+
if update
|
313
|
+
node.run_state[:config_profiles] = query_installed_profiles
|
314
|
+
else
|
315
|
+
node.run_state[:config_profiles] ||= query_installed_profiles
|
316
|
+
end
|
317
|
+
end
|
318
|
+
|
319
|
+
def query_installed_profiles
|
320
|
+
logger.trace("Running /usr/bin/profiles -P -o stdout-xml to determine profile state")
|
321
|
+
so = shell_out( "/usr/bin/profiles", "-P", "-o", "stdout-xml" )
|
322
|
+
::Plist.parse_xml(so.stdout)
|
323
|
+
end
|
324
|
+
|
325
|
+
def profile_installed?
|
326
|
+
# Profile Identifier and UUID must match a currently installed profile
|
327
|
+
return false if current_resource.profile.nil? || current_resource.profile.empty?
|
328
|
+
return true if action == :remove
|
44
329
|
|
45
|
-
|
46
|
-
|
330
|
+
current_resource.profile["ProfileUUID"] == new_profile_hash["PayloadUUID"]
|
331
|
+
end
|
332
|
+
end
|
47
333
|
end
|
48
334
|
end
|
49
335
|
end
|