chef 16.4.35 → 16.6.14

data/lib/chef/resource/plist.rb

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 require_relative "../resource"
-require "plist"
+autoload :Plist, "plist"
 
 class Chef
   class Resource

data/lib/chef/resource/powershell_package_source.rb

@@ -33,7 +33,7 @@ class Chef
         name_property: true
 
       property :url, String,
-        description: "The url to the package source.",
+        description: "The URL to the package source.",
         required: [:register]
 
       property :trusted, [TrueClass, FalseClass],
@@ -43,17 +43,17 @@ class Chef
       property :provider_name, String,
         equal_to: %w{ Programs msi NuGet msu PowerShellGet psl chocolatey },
         validation_message: "The following providers are supported: 'Programs', 'msi', 'NuGet', 'msu', 'PowerShellGet', 'psl' or 'chocolatey'",
-        description: "The package management provider for the source. It supports the following providers: 'Programs', 'msi', 'NuGet', 'msu', 'PowerShellGet', 'psl' and 'chocolatey'.",
+        description: "The package management provider for the source.",
         default: "NuGet"
 
       property :publish_location, String,
-        description: "The url where modules will be published to for this source. Only valid if the provider is 'PowerShellGet'."
+        description: "The URL where modules will be published to for this source. Only valid if the provider is `PowerShellGet`."
 
       property :script_source_location, String,
-        description: "The url where scripts are located for this source. Only valid if the provider is 'PowerShellGet'."
+        description: "The URL where scripts are located for this source. Only valid if the provider is `PowerShellGet`."
 
       property :script_publish_location, String,
-        description: "The location where scripts will be published to for this source. Only valid if the provider is 'PowerShellGet'."
+        description: "The location where scripts will be published to for this source. Only valid if the provider is `PowerShellGet`."
 
       load_current_value do
         cmd = load_resource_state_script(source_name)

data/lib/chef/resource/powershell_script.rb

@@ -22,11 +22,18 @@ class Chef
     class PowershellScript < Chef::Resource::WindowsScript
       unified_mode true
 
+      set_guard_inherited_attributes(:interpreter)
+
       provides :powershell_script, os: "windows"
 
       property :flags, String,
         description: "A string that is passed to the Windows PowerShell command"
 
+      property :interpreter, String,
+        default: "powershell",
+        equal_to: %w{powershell pwsh},
+        description: "The interpreter type, `powershell` or `pwsh` (PowerShell Core)"
+
       property :convert_boolean_return, [true, false],
         default: false,
         description: <<~DESC
@@ -62,7 +69,6 @@ class Chef
 
       def initialize(*args)
         super
-        @interpreter = "powershell.exe"
         @default_guard_interpreter = resource_name
       end
 

data/lib/chef/resource/reboot.rb

@@ -17,7 +17,7 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -36,7 +36,7 @@ class Chef
 
       property :reason, String,
         description: "A string that describes the reboot action.",
-        default: "Reboot by #{Chef::Dist::PRODUCT}"
+        default: "Reboot by #{ChefUtils::Dist::Infra::PRODUCT}"
 
       property :delay_mins, Integer,
         description: "The amount of time (in minutes) to delay a reboot request.",

data/lib/chef/resource/remote_file.rb

@@ -22,7 +22,7 @@ require_relative "file"
 require_relative "../provider/remote_file"
 require_relative "../mixin/securable"
 require_relative "../mixin/uris"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -74,7 +74,7 @@ class Chef
       end
 
       property :checksum, String,
-        description: "Optional, see `use_conditional_get`. The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{Chef::Dist::PRODUCT} does not download it."
+        description: "Optional, see `use_conditional_get`. The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{ChefUtils::Dist::Infra::PRODUCT} does not download it."
 
       # Disable or enable ETag and Last Modified conditional GET. Equivalent to
       #   use_etag(true_or_false)
@@ -93,7 +93,7 @@ class Chef
         description: "Enable `If-Modified-Since` headers. Set to `false` to disable `If-Modified-Since` headers. To use this setting, `use_conditional_get` must also be set to `true`."
 
       property :ftp_active_mode, [ TrueClass, FalseClass ], default: false,
-        description: "Whether #{Chef::Dist::PRODUCT} uses active or passive FTP. Set to `true` to use active FTP."
+        description: "Whether #{ChefUtils::Dist::Infra::PRODUCT} uses active or passive FTP. Set to `true` to use active FTP."
 
       property :headers, Hash, default: lazy { {} },
         description: "A Hash of custom HTTP headers."

data/lib/chef/resource/rhsm_register.rb

@@ -16,7 +16,7 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 require "shellwords" unless defined?(Shellwords)
 
 class Chef
@@ -47,6 +47,10 @@ class Chef
       property :password, String,
         description: "The password to use when registering. This property is not applicable if using an activation key. If specified, username and environment are also required."
 
+      property :system_name, String,
+        description: "The name of the system to register, defaults to the hostname.",
+        introduced: "16.5"
+
       property :auto_attach,
         [TrueClass, FalseClass],
         description: "If true, RHSM will attempt to automatically attach the host to applicable subscriptions. It is generally better to use an activation key with the subscriptions pre-defined.",
@@ -61,7 +65,7 @@ class Chef
         default: false, desired_state: false
 
       property :https_for_ca_consumer, [TrueClass, FalseClass],
-        description: "If true, #{Chef::Dist::PRODUCT} will fetch the katello-ca-consumer-latest.noarch.rpm from the satellite_host using HTTPS.",
+        description: "If true, #{ChefUtils::Dist::Infra::PRODUCT} will fetch the katello-ca-consumer-latest.noarch.rpm from the satellite_host using HTTPS.",
         default: false, desired_state: false,
         introduced: "15.9"
 
@@ -121,24 +125,30 @@ class Chef
       end
 
       action_class do
+        #
+        # @return [Symbol] dnf_package or yum_package depending on OS release
+        #
         def package_resource
           node["platform_version"].to_i >= 8 ? :dnf_package : :yum_package
         end
 
+        #
+        # @return [Boolean] is the node registered with RHSM
+        #
         def registered_with_rhsm?
-          # FIXME: use shell_out
-          cmd = Mixlib::ShellOut.new("subscription-manager status", env: { LANG: "en_US" })
-          cmd.run_command
-          !cmd.stdout.match(/Overall Status: Unknown/)
+          @registered ||= !shell_out("subscription-manager status").stdout.include?("Overall Status: Unknown")
         end
 
+        #
+        # @return [Boolean] is katello-ca-consumer installed
+        #
         def katello_cert_rpm_installed?
-          # FIXME: use shell_out
-          cmd = Mixlib::ShellOut.new("rpm -qa | grep katello-ca-consumer")
-          cmd.run_command
-          !cmd.stdout.match(/katello-ca-consumer/).nil?
+          shell_out("rpm -qa").stdout.include?("katello-ca-consumer")
         end
 
+        #
+        # @return [String] The URI to fetch katello-ca-consumer-latest.noarch.rpm from
+        #
         def ca_consumer_package_source
           protocol = new_resource.https_for_ca_consumer ? "https" : "http"
           "#{protocol}://#{new_resource.satellite_host}/pub/katello-ca-consumer-latest.noarch.rpm"
@@ -153,6 +163,7 @@ class Chef
 
               command << new_resource.activation_key.map { |key| "--activationkey=#{Shellwords.shellescape(key)}" }
               command << "--org=#{Shellwords.shellescape(new_resource.organization)}"
+              command << "--name=#{Shellwords.shellescape(new_resource.system_name)}" if new_resource.system_name
               command << "--force" if new_resource.force
 
               return command.join(" ")
@@ -165,6 +176,7 @@ class Chef
             command << "--username=#{Shellwords.shellescape(new_resource.username)}"
             command << "--password=#{Shellwords.shellescape(new_resource.password)}"
             command << "--environment=#{Shellwords.shellescape(new_resource.environment)}" if using_satellite_host?
+            command << "--name=#{Shellwords.shellescape(new_resource.system_name)}" if new_resource.system_name
             command << "--auto-attach" if new_resource.auto_attach
             command << "--force" if new_resource.force
 

data/lib/chef/resource/ruby_block.rb

@@ -19,7 +19,7 @@
 
 require_relative "../resource"
 require_relative "../provider/ruby_block"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -28,7 +28,7 @@ class Chef
 
       provides :ruby_block, target_mode: true
 
-      description "Use the **ruby_block** resource to execute Ruby code during a #{Chef::Dist::PRODUCT} run. Ruby code in the ruby_block resource is evaluated with other resources during convergence, whereas Ruby code outside of a ruby_block resource is evaluated before other resources, as the recipe is compiled."
+      description "Use the **ruby_block** resource to execute Ruby code during a #{ChefUtils::Dist::Infra::PRODUCT} run. Ruby code in the ruby_block resource is evaluated with other resources during convergence, whereas Ruby code outside of a ruby_block resource is evaluated before other resources, as the recipe is compiled."
 
       default_action :run
       allowed_actions :create, :run

data/lib/chef/resource/scm/subversion.rb

@@ -17,7 +17,7 @@
 # limitations under the License.
 #
 
-require_relative "../../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -38,7 +38,7 @@ class Chef
         default: "--no-auth-cache"
 
       property :svn_info_args, [String, nil, FalseClass],
-        description: "Use when the `svn info` command is used by #{Chef::Dist::PRODUCT} and arguments need to be passed. The `svn_arguments` command does not work when the `svn info` command is used.",
+        description: "Use when the `svn info` command is used by #{ChefUtils::Dist::Infra::PRODUCT} and arguments need to be passed. The `svn_arguments` command does not work when the `svn info` command is used.",
         coerce: proc { |v| v == false ? nil : v }, # coerce false to nil
         default: "--no-auth-cache"
 

data/lib/chef/resource/service.rb

@@ -20,7 +20,7 @@
 require "chef-utils/dsl/service" unless defined?(ChefUtils::DSL::Service)
 require_relative "../resource"
 require "shellwords" unless defined?(Shellwords)
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -39,7 +39,7 @@ class Chef
 
       # this is a poor API please do not re-use this pattern
       property :supports, Hash, default: { restart: nil, reload: nil, status: nil },
-               description: "A list of properties that controls how #{Chef::Dist::PRODUCT} is to attempt to manage a service: :restart, :reload, :status. For :restart, the init script or other service provider can use a restart command; if :restart is not specified, the #{Chef::Dist::CLIENT} attempts to stop and then start a service. For :reload, the init script or other service provider can use a reload command. For :status, the init script or other service provider can use a status command to determine if the service is running; if :status is not specified, the #{Chef::Dist::CLIENT} attempts to match the service_name against the process table as a regular expression, unless a pattern is specified as a parameter property. Default value: { restart: false, reload: false, status: false } for all platforms (except for the Red Hat platform family, which defaults to { restart: false, reload: false, status: true }.)",
+               description: "A list of properties that controls how #{ChefUtils::Dist::Infra::PRODUCT} is to attempt to manage a service: :restart, :reload, :status. For :restart, the init script or other service provider can use a restart command; if :restart is not specified, the #{ChefUtils::Dist::Infra::CLIENT} attempts to stop and then start a service. For :reload, the init script or other service provider can use a reload command. For :status, the init script or other service provider can use a status command to determine if the service is running; if :status is not specified, the #{ChefUtils::Dist::Infra::CLIENT} attempts to match the service_name against the process table as a regular expression, unless a pattern is specified as a parameter property. Default value: { restart: false, reload: false, status: false } for all platforms (except for the Red Hat platform family, which defaults to { restart: false, reload: false, status: true }.)",
                coerce: proc { |x| x.is_a?(Array) ? x.each_with_object({}) { |i, m| m[i] = true } : x }
 
       property :service_name, String,
@@ -82,7 +82,7 @@ class Chef
       # specify overrides for the start_command, stop_command and
       # restart_command properties.
       property :init_command, String,
-        description: "The path to the init script that is associated with the service. Use init_command to prevent the need to specify overrides for the start_command, stop_command, and restart_command properties. When this property is not specified, the #{Chef::Dist::PRODUCT} will use the default init command for the service provider being used.",
+        description: "The path to the init script that is associated with the service. Use init_command to prevent the need to specify overrides for the start_command, stop_command, and restart_command properties. When this property is not specified, the #{ChefUtils::Dist::Infra::PRODUCT} will use the default init command for the service provider being used.",
         desired_state: false
 
       # if the service is enabled or not

data/lib/chef/resource/ssh_known_hosts_entry.rb

@@ -18,7 +18,7 @@
 # limitations under the License.
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -130,7 +130,7 @@ class Chef
 
       # all this does is send an immediate run_action(:create) to the template resource
       action :flush do
-        description "Immediately flush the entries to the config file. Without this the actual writing of the file is delayed in the #{Chef::Dist::PRODUCT} run so all entries can be accumulated before writing the file out."
+        description "Immediately flush the entries to the config file. Without this the actual writing of the file is delayed in the #{ChefUtils::Dist::Infra::PRODUCT} run so all entries can be accumulated before writing the file out."
 
         with_run_context :root do
           # if you haven't ever called ssh_known_hosts_entry before you're definitely doing it wrong so we blow up hard.

data/lib/chef/resource/support/client.erb

@@ -0,0 +1,65 @@
+<% %w(@node_name
+      @chef_license
+      @chef_server_url
+      @event_loggers
+      @file_backup_path
+      @file_cache_path
+      @file_staging_uses_destdir
+      @formatters
+      @http_proxy
+      @https_proxy
+      @ftp_proxy
+      @log_level
+      @log_location
+      @minimal_ohai
+      @named_run_list
+      @no_proxy
+      @ohai_disabled_plugins
+      @ohai_optional_plugins
+      @pid_file
+      @policy_group
+      @policy_name
+      @ssl_verify_mode).each do |prop| -%>
+<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
+<%=prop.delete_prefix("@") %> = <%= instance_variable_get(prop).inspect %>
+<% end -%>
+<%# log_location is special due to STDOUT/STDERR from String -> IO Object -%>
+<% unless @log_location.nil? %>
+  <% if @log_location.is_a? String && %w(STDOUT STDERR).include?(@log_location) -%>
+log_location = <%= @log_location %>
+  <% else -%>
+log_location = <%= @log_location.inspect %>
+  <% end -%>
+<% end -%>
+<%# The code below is not DRY on purpose to improve readability -%>
+<% unless @start_handlers.empty? -%>
+  # Do not crash if a start handler is missing / not installed yet
+  begin
+  <% @start_handlers.each do |handler| -%>
+    start_handlers << <%= @handler %>
+  <% end -%>
+  rescue NameError => e
+    Chef::Log.error e
+  end
+<% end -%>
+<% unless @report_handlers.empty? -%>
+  # Do not crash if a report handler is missing / not installed yet
+  begin
+  <% @report_handlers.each do |handler| -%>
+    report_handlers << <%= @handler %>
+  <% end -%>
+  rescue NameError => e
+    Chef::Log.error e
+  end
+<% end -%>
+<% unless @exception_handlers.empty? -%>
+  # Do not crash if an exception handler is missing / not installed yet
+  begin
+  <% @exception_handlers.each do |handler| -%>
+    exception_handlers << <%= @handler %>
+  <% end -%>
+  rescue NameError => e
+    Chef::Log.error e
+  end
+<% end -%>
+<%= @additional_config -%>

data/lib/chef/resource/support/cron.d.erb

@@ -1,4 +1,4 @@
-# Generated by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten.
+# Generated by <%= ChefUtils::Dist::Infra::PRODUCT %>. Changes will be overwritten.
 <% if @mailto -%>
 MAILTO=<%= @mailto %>
 <% end -%>

data/lib/chef/resource/support/cron_access.erb

@@ -1,4 +1,4 @@
-# Generated by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten.
+# Generated by <%= ChefUtils::Dist::Infra::PRODUCT %>. Changes will be overwritten.
 <% @users.sort.uniq.each do |user| -%>
 <%= user %>
 <% end -%>

data/lib/chef/resource/support/sudoer.erb

@@ -1,4 +1,4 @@
-# This file is managed by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten.
+# This file is managed by <%= ChefUtils::Dist::Infra::PRODUCT %>. Changes will be overwritten.
 
 <% @command_aliases.each do |a| -%>
 Cmnd_Alias <%= a[:name].upcase %> = <%= a[:command_list].join(', ') %>

data/lib/chef/resource/support/ulimit.erb

@@ -1,4 +1,4 @@
-# Generated by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten.
+# Generated by <%= ChefUtils::Dist::Infra::PRODUCT %>. Changes will be overwritten.
 
 # Limits settings for <%= @ulimit_user %>
 

data/lib/chef/resource/sysctl.rb

@@ -25,11 +25,7 @@ class Chef
       provides(:sysctl) { true }
       provides(:sysctl_param) { true }
 
-      description "Use the **sysctl** resource to set or remove kernel parameters using the sysctl"\
-                  " command line tool and configuration files in the system's sysctl.d directory. "\
-                  "Configuration files managed by this resource are named 99-chef-KEYNAME.conf. If"\
-                  " an existing value was already set for the value it will be backed up to the node"\
-                  " and restored if the :remove action is used later."
+      description "Use the **sysctl** resource to set or remove kernel parameters using the `sysctl` command line tool and configuration files in the system's `sysctl.d` directory. Configuration files managed by this resource are named `99-chef-KEYNAME.conf`."
       examples <<~DOC
       **Set vm.swappiness**:
 

data/lib/chef/resource/systemd_unit.rb

@@ -17,7 +17,7 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 require "iniparse"
 
 class Chef
@@ -52,7 +52,7 @@ class Chef
                description: "The user account that the systemd unit process is run under. The path to the unit for that user would be something like '/etc/systemd/user/sshd.service'. If no user account is specified, the systemd unit will run under a 'system' account, with the path to the unit being something like '/etc/systemd/system/sshd.service'."
 
       property :content, [String, Hash],
-        description: "A string or hash that contains a systemd [unit file](https://www.freedesktop.org/software/systemd/man/systemd.unit.html) definition that describes the properties of systemd-managed entities, such as services, sockets, devices, and so on. In #{Chef::Dist::PRODUCT} 14.4 or later, repeatable options can be implemented with an array."
+        description: "A string or hash that contains a systemd [unit file](https://www.freedesktop.org/software/systemd/man/systemd.unit.html) definition that describes the properties of systemd-managed entities, such as services, sockets, devices, and so on. In #{ChefUtils::Dist::Infra::PRODUCT} 14.4 or later, repeatable options can be implemented with an array."
 
       property :triggers_reload, [TrueClass, FalseClass],
         description: "Specifies whether to trigger a daemon reload when creating or deleting a unit.",

data/lib/chef/resource/template.rb

@@ -20,7 +20,7 @@
 
 require_relative "file"
 require_relative "../mixin/securable"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -69,7 +69,7 @@ class Chef
 
       property :local, [ TrueClass, FalseClass ],
         default: false, desired_state: false,
-        description: "Load a template from a local path. By default, the #{Chef::Dist::CLIENT} loads templates from a cookbook's /templates directory. When this property is set to true, use the source property to specify the path to a template on the local node."
+        description: "Load a template from a local path. By default, the #{ChefUtils::Dist::Infra::CLIENT} loads templates from a cookbook's /templates directory. When this property is set to true, use the source property to specify the path to a template on the local node."
 
       # Declares a helper method to be defined in the template context when
       # rendering.

data/lib/chef/resource/timezone.rb

@@ -26,7 +26,7 @@ class Chef
 
       provides :timezone
 
-      description "Use the **timezone** resource to change the system timezone on Windows, Linux, and macOS hosts. Timezones are specified in tz database format, with a complete list of available TZ values for Linux and macOS here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones and for Windows here: https://ss64.com/nt/timezones.html."
+      description "Use the **timezone** resource to change the system timezone on Windows, Linux, and macOS hosts. Timezones are specified in tz database format, with a complete list of available TZ values for Linux and macOS here: <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>. On Windows systems run `tzutil /l` for a complete list of valid timezones."
       introduced "14.6"
       examples <<~DOC
       **Set the timezone to UTC**
@@ -35,11 +35,19 @@ class Chef
       timezone 'UTC'
       ```
 
-      **Set the timezone to UTC with a friendly resource name**
+      **Set the timezone to America/Los_Angeles with a friendly resource name on Linux/macOS**
 
       ```ruby
-      timezone 'Set the host's timezone to UTC' do
-        timezone 'UTC'
+      timezone 'Set the host's timezone to America/Los_Angeles' do
+        timezone 'America/Los_Angeles'
+      end
+      ```
+
+      **Set the timezone to PST with a friendly resource name on Windows**
+
+      ```ruby
+      timezone 'Set the host's timezone to PST' do
+        timezone 'Pacific Standard time'
       end
       ```
       DOC
@@ -48,90 +56,121 @@ class Chef
         description: "An optional property to set the timezone value if it differs from the resource block's name.",
         name_property: true
 
-      action :set do
-        description "Set the timezone."
-
-        # some linux systems may be missing the timezone data
-        if linux?
-          package "tzdata" do
-            package_name suse? ? "timezone" : "tzdata"
-          end
+      # detect the current TZ on darwin hosts
+      #
+      # @since 14.7
+      # @return [String] TZ database value
+      def current_macos_tz
+        tz_shellout = shell_out!(["systemsetup", "-gettimezone"])
+        if /You need administrator access/.match?(tz_shellout.stdout)
+          raise "The timezone resource requires administrative privileges to run on macOS hosts!"
+        else
+          /Time Zone: (.*)/.match(tz_shellout.stdout)[1]
         end
+      end
 
-        # Modern SUSE, Amazon, Fedora, RHEL, Ubuntu & Debian
-        if systemd?
-          cmd_set_tz = "/usr/bin/timedatectl --no-ask-password set-timezone #{new_resource.timezone}"
+      # detect the current timezone on windows hosts
+      #
+      # @since 14.7
+      # @return [String] timezone id
+      def current_windows_tz
+        tz_shellout = shell_out("tzutil /g")
+        raise "There was an error running the tzutil command" if tz_shellout.error?
 
-          cmd_check_if_set = "/usr/bin/timedatectl status"
-          cmd_check_if_set += " | /usr/bin/awk '/Time.*zone/{print}'"
-          cmd_check_if_set += " | grep -q #{new_resource.timezone}"
+        tz_shellout.stdout.strip
+      end
 
-          execute cmd_set_tz do
-            action :run
-            not_if cmd_check_if_set
-          end
+      # detect the current timezone on systemd hosts
+      #
+      # @since 16.5
+      # @return [String] timezone id
+      def current_systemd_tz
+        tz_shellout = shell_out(["/usr/bin/timedatectl", "status"])
+        raise "There was an error running the timedatectl command" if tz_shellout.error?
+
+        # https://rubular.com/r/eV68MX9XXbyG4k
+        /Time zone: (.*) \(.*/.match(tz_shellout.stdout)[1]
+      end
+
+      # detect the current timezone on non-systemd RHEL-ish hosts
+      #
+      # @since 16.5
+      # @return [String] timezone id
+      def current_rhel_tz
+        return nil unless ::File.exist?("/etc/sysconfig/clock")
+
+        # https://rubular.com/r/aoj01L3bKBM7wh
+        /ZONE="(.*)"/.match(::File.read("/etc/sysconfig/clock"))[1]
+      end
+
+      load_current_value do
+        if systemd?
+          timezone current_systemd_tz
         else
           case node["platform_family"]
           # Old version of RHEL < 7 and Amazon 201X
           when "rhel", "amazon"
-            file "/etc/sysconfig/clock" do
-              owner "root"
-              group "root"
-              mode "0644"
-              action :create
-              content %{ZONE="#{new_resource.timezone}"\nUTC="true"\n}
-            end
-
-            execute "tzdata-update" do
-              command "/usr/sbin/tzdata-update"
-              action :nothing
-              only_if { ::File.executable?("/usr/sbin/tzdata-update") }
-              subscribes :run, "file[/etc/sysconfig/clock]", :immediately
-            end
-
-            link "/etc/localtime" do
-              to "/usr/share/zoneinfo/#{new_resource.timezone}"
-              not_if { ::File.executable?("/usr/sbin/tzdata-update") }
-            end
+            timezone current_rhel_tz
           when "mac_os_x"
-            unless current_darwin_tz == new_resource.timezone
-              converge_by("set timezone to #{new_resource.timezone}") do
-                shell_out!("sudo systemsetup -settimezone #{new_resource.timezone}")
-              end
-            end
+            timezone current_macos_tz
           when "windows"
-            unless current_windows_tz.casecmp?(new_resource.timezone)
-              converge_by("setting timezone to \"#{new_resource.timezone}\"") do
-                shell_out!("tzutil /s \"#{new_resource.timezone}\"")
-              end
-            end
+            timezone current_windows_tz
           end
         end
       end
 
-      action_class do
-        # detect the current TZ on darwin hosts
-        #
-        # @since 14.7
-        # @return [String] TZ database value
-        def current_darwin_tz
-          tz_shellout = shell_out!("systemsetup -gettimezone")
-          if /You need administrator access/.match?(tz_shellout.stdout)
-            raise "The timezone resource requires administrative privileges to run on macOS hosts!"
-          else
-            /Time Zone: (.*)/.match(tz_shellout.stdout)[1]
-          end
-        end
-
-        # detect the current timezone on windows hosts
-        #
-        # @since 14.7
-        # @return [String] timezone id
-        def current_windows_tz
-          tz_shellout = shell_out("tzutil /g")
-          raise "There was an error running the tzutil command" if tz_shellout.exitstatus == 1
+      action :set do
+        description "Set the timezone."
 
-          tz_shellout.stdout.strip
+        # we have to check windows first since the value isn't case sensitive here
+        if windows?
+          unless current_windows_tz.casecmp?(new_resource.timezone)
+            converge_by("setting timezone to '#{new_resource.timezone}'") do
+              shell_out!(["tzutil", "/s", new_resource.timezone])
+            end
+          end
+        else # linux / macos
+          converge_if_changed(:timezone) do
+            # Modern SUSE, Amazon, Fedora, RHEL, Ubuntu & Debian
+            if systemd?
+              # make sure we have the tzdata files
+              package suse? ? "timezone" : "tzdata"
+
+              shell_out!(["/usr/bin/timedatectl", "--no-ask-password", "set-timezone", new_resource.timezone])
+            else
+              case node["platform_family"]
+              # Old version of RHEL < 7 and Amazon 201X
+              when "rhel", "amazon"
+                # make sure we have the tzdata files
+                package "tzdata"
+
+                file "/etc/sysconfig/clock" do
+                  owner "root"
+                  group "root"
+                  mode "0644"
+                  action :create
+                  content <<~CONTENT
+                    ZONE="#{new_resource.timezone}"
+                    UTC="true"
+                  CONTENT
+                end
+
+                execute "tzdata-update" do
+                  command "/usr/sbin/tzdata-update"
+                  action :nothing
+                  only_if { ::File.executable?("/usr/sbin/tzdata-update") }
+                  subscribes :run, "file[/etc/sysconfig/clock]", :immediately
+                end
+
+                link "/etc/localtime" do
+                  to "/usr/share/zoneinfo/#{new_resource.timezone}"
+                  not_if { ::File.executable?("/usr/sbin/tzdata-update") }
+                end
+              when "mac_os_x"
+                shell_out!(["sudo", "systemsetup", "-settimezone", new_resource.timezone])
+              end
+            end
+          end
         end
       end
     end