chef 16.4.35 → 16.6.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/Rakefile +2 -2
- data/bin/knife +1 -1
- data/chef.gemspec +2 -1
- data/lib/chef/api_client/registration.rb +6 -6
- data/lib/chef/application.rb +19 -22
- data/lib/chef/application/apply.rb +12 -7
- data/lib/chef/application/base.rb +26 -25
- data/lib/chef/application/client.rb +16 -8
- data/lib/chef/application/exit_code.rb +13 -4
- data/lib/chef/application/knife.rb +22 -11
- data/lib/chef/application/solo.rb +2 -1
- data/lib/chef/application/windows_service.rb +14 -14
- data/lib/chef/application/windows_service_manager.rb +6 -6
- data/lib/chef/chef_fs/chef_fs_data_store.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/knife.rb +2 -2
- data/lib/chef/chef_fs/parallelizer.rb +0 -1
- data/lib/chef/client.rb +12 -42
- data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
- data/lib/chef/cookbook/gem_installer.rb +1 -1
- data/lib/chef/cookbook/synchronizer.rb +2 -2
- data/lib/chef/cookbook_site_streaming_uploader.rb +13 -11
- data/lib/chef/cookbook_uploader.rb +1 -1
- data/lib/chef/data_collector.rb +7 -6
- data/lib/chef/data_collector/config_validation.rb +22 -13
- data/lib/chef/data_collector/run_end_message.rb +2 -2
- data/lib/chef/data_collector/run_start_message.rb +1 -1
- data/lib/chef/deprecated.rb +1 -1
- data/lib/chef/deprecation/warnings.rb +2 -2
- data/lib/chef/digester.rb +2 -2
- data/lib/chef/dsl/chef_vault.rb +1 -1
- data/lib/chef/dsl/data_query.rb +2 -2
- data/lib/chef/dsl/platform_introspection.rb +1 -1
- data/lib/chef/encrypted_data_bag_item.rb +3 -4
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +3 -3
- data/lib/chef/encrypted_data_bag_item/encryptor.rb +3 -3
- data/lib/chef/environment.rb +2 -2
- data/lib/chef/event_loggers/windows_eventlog.rb +2 -2
- data/lib/chef/exceptions.rb +4 -4
- data/lib/chef/file_access_control/windows.rb +5 -1
- data/lib/chef/file_content_management/tempfile.rb +1 -1
- data/lib/chef/formatters/doc.rb +7 -6
- data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +6 -5
- data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +3 -3
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +9 -9
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +2 -2
- data/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +3 -3
- data/lib/chef/formatters/indentable_output_stream.rb +2 -2
- data/lib/chef/formatters/minimal.rb +5 -4
- data/lib/chef/http.rb +6 -4
- data/lib/chef/http/auth_credentials.rb +5 -1
- data/lib/chef/http/authenticator.rb +1 -1
- data/lib/chef/http/basic_client.rb +4 -2
- data/lib/chef/http/decompressor.rb +1 -1
- data/lib/chef/http/http_request.rb +7 -5
- data/lib/chef/http/socketless_chef_zero_client.rb +5 -2
- data/lib/chef/http/ssl_policies.rb +1 -1
- data/lib/chef/json_compat.rb +1 -1
- data/lib/chef/knife.rb +4 -4
- data/lib/chef/knife/bootstrap.rb +16 -14
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +3 -3
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +7 -7
- data/lib/chef/knife/client_create.rb +3 -3
- data/lib/chef/knife/config_get.rb +8 -97
- data/lib/chef/knife/config_get_profile.rb +9 -9
- data/lib/chef/knife/config_list.rb +139 -0
- data/lib/chef/knife/config_list_profiles.rb +8 -98
- data/lib/chef/knife/config_show.rb +127 -0
- data/lib/chef/knife/config_use.rb +61 -0
- data/lib/chef/knife/config_use_profile.rb +9 -24
- data/lib/chef/knife/configure.rb +4 -2
- data/lib/chef/knife/core/bootstrap_context.rb +2 -2
- data/lib/chef/knife/core/object_loader.rb +1 -1
- data/lib/chef/knife/core/ui.rb +1 -1
- data/lib/chef/knife/core/windows_bootstrap_context.rb +11 -11
- data/lib/chef/knife/exec.rb +2 -2
- data/lib/chef/knife/node_policy_set.rb +2 -2
- data/lib/chef/knife/node_run_list_add.rb +1 -1
- data/lib/chef/knife/node_run_list_remove.rb +1 -1
- data/lib/chef/knife/node_run_list_set.rb +1 -1
- data/lib/chef/knife/node_show.rb +2 -2
- data/lib/chef/knife/role_env_run_list_add.rb +1 -1
- data/lib/chef/knife/role_env_run_list_set.rb +1 -1
- data/lib/chef/knife/role_run_list_add.rb +1 -1
- data/lib/chef/knife/role_run_list_set.rb +1 -1
- data/lib/chef/knife/search.rb +0 -1
- data/lib/chef/knife/serve.rb +3 -3
- data/lib/chef/knife/ssh.rb +18 -3
- data/lib/chef/knife/ssl_check.rb +3 -3
- data/lib/chef/knife/status.rb +2 -2
- data/lib/chef/knife/tag_create.rb +1 -1
- data/lib/chef/knife/tag_delete.rb +1 -1
- data/lib/chef/knife/user_create.rb +2 -2
- data/lib/chef/knife/yaml_convert.rb +1 -1
- data/lib/chef/local_mode.rb +2 -2
- data/lib/chef/log/syslog.rb +2 -2
- data/lib/chef/log/winevt.rb +2 -2
- data/lib/chef/mixin/deep_merge.rb +0 -12
- data/lib/chef/mixin/openssl_helper.rb +1 -4
- data/lib/chef/mixin/powershell_exec.rb +22 -10
- data/lib/chef/mixin/powershell_out.rb +12 -5
- data/lib/chef/mixin/template.rb +3 -3
- data/lib/chef/mixin/uris.rb +4 -2
- data/lib/chef/mixin/versioned_api.rb +1 -2
- data/lib/chef/monkey_patches/net_http.rb +4 -4
- data/lib/chef/node/mixin/immutablize_hash.rb +2 -0
- data/lib/chef/node_map.rb +4 -4
- data/lib/chef/policy_builder/dynamic.rb +2 -0
- data/lib/chef/policy_builder/policyfile.rb +2 -2
- data/lib/chef/powershell.rb +3 -2
- data/lib/chef/provider.rb +1 -5
- data/lib/chef/provider/file.rb +2 -2
- data/lib/chef/provider/ifconfig.rb +2 -2
- data/lib/chef/provider/ifconfig/debian.rb +33 -15
- data/lib/chef/provider/ifconfig/redhat.rb +51 -17
- data/lib/chef/provider/launchd.rb +2 -2
- data/lib/chef/provider/link.rb +0 -9
- data/lib/chef/provider/mount/linux.rb +63 -0
- data/lib/chef/provider/package/dpkg.rb +3 -12
- data/lib/chef/provider/package/homebrew.rb +1 -1
- data/lib/chef/provider/package/rubygems.rb +21 -18
- data/lib/chef/provider/package/snap.rb +0 -1
- data/lib/chef/provider/package/windows.rb +2 -2
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +3 -1
- data/lib/chef/provider/package/zypper.rb +1 -1
- data/lib/chef/provider/powershell_script.rb +12 -1
- data/lib/chef/provider/remote_file/content.rb +3 -0
- data/lib/chef/provider/remote_file/ftp.rb +6 -4
- data/lib/chef/provider/remote_file/sftp.rb +6 -4
- data/lib/chef/provider/route.rb +2 -6
- data/lib/chef/provider/service/macosx.rb +2 -2
- data/lib/chef/provider/service/redhat.rb +1 -1
- data/lib/chef/provider/template_finder.rb +2 -10
- data/lib/chef/provider/user/dscl.rb +5 -5
- data/lib/chef/provider/user/mac.rb +3 -3
- data/lib/chef/provider/windows_task.rb +1 -2
- data/lib/chef/provider/zypper_repository.rb +2 -2
- data/lib/chef/provider_resolver.rb +1 -1
- data/lib/chef/providers.rb +1 -0
- data/lib/chef/pwsh.rb +64 -0
- data/lib/chef/recipe.rb +2 -2
- data/lib/chef/resource.rb +2 -2
- data/lib/chef/resource/apt_repository.rb +6 -5
- data/lib/chef/resource/bff_package.rb +22 -0
- data/lib/chef/resource/breakpoint.rb +57 -2
- data/lib/chef/resource/build_essential.rb +1 -1
- data/lib/chef/resource/cab_package.rb +29 -0
- data/lib/chef/resource/chef_client_config.rb +313 -0
- data/lib/chef/resource/chef_client_cron.rb +35 -28
- data/lib/chef/resource/chef_client_launchd.rb +194 -0
- data/lib/chef/resource/chef_client_scheduled_task.rb +24 -21
- data/lib/chef/resource/chef_client_systemd_timer.rb +27 -20
- data/lib/chef/resource/chef_client_trusted_certificate.rb +101 -0
- data/lib/chef/resource/chef_gem.rb +10 -10
- data/lib/chef/resource/chef_handler.rb +149 -4
- data/lib/chef/resource/chef_sleep.rb +3 -3
- data/lib/chef/resource/chef_vault_secret.rb +1 -1
- data/lib/chef/resource/cookbook_file.rb +2 -2
- data/lib/chef/resource/cron/_cron_shared.rb +1 -0
- data/lib/chef/resource/cron/cron_d.rb +2 -3
- data/lib/chef/resource/dnf_package.rb +2 -2
- data/lib/chef/resource/dsc_resource.rb +0 -1
- data/lib/chef/resource/dsc_script.rb +2 -2
- data/lib/chef/resource/execute.rb +6 -6
- data/lib/chef/resource/file.rb +4 -4
- data/lib/chef/resource/gem_package.rb +5 -5
- data/lib/chef/resource/homebrew_package.rb +3 -3
- data/lib/chef/resource/homebrew_update.rb +5 -5
- data/lib/chef/resource/hostname.rb +2 -2
- data/lib/chef/resource/kernel_module.rb +1 -1
- data/lib/chef/resource/launchd.rb +17 -16
- data/lib/chef/resource/locale.rb +2 -2
- data/lib/chef/resource/macos_userdefaults.rb +3 -3
- data/lib/chef/resource/mount.rb +1 -1
- data/lib/chef/resource/notify_group.rb +0 -1
- data/lib/chef/resource/ohai.rb +46 -3
- data/lib/chef/resource/ohai_hint.rb +33 -0
- data/lib/chef/resource/openssl_dhparam.rb +27 -5
- data/lib/chef/resource/openssl_ec_private_key.rb +6 -3
- data/lib/chef/resource/openssl_ec_public_key.rb +2 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +6 -3
- data/lib/chef/resource/openssl_x509_certificate.rb +14 -14
- data/lib/chef/resource/openssl_x509_crl.rb +19 -10
- data/lib/chef/resource/openssl_x509_request.rb +14 -16
- data/lib/chef/resource/osx_profile.rb +77 -13
- data/lib/chef/resource/plist.rb +1 -1
- data/lib/chef/resource/powershell_package_source.rb +5 -5
- data/lib/chef/resource/powershell_script.rb +7 -1
- data/lib/chef/resource/reboot.rb +2 -2
- data/lib/chef/resource/remote_file.rb +3 -3
- data/lib/chef/resource/rhsm_register.rb +22 -10
- data/lib/chef/resource/ruby_block.rb +2 -2
- data/lib/chef/resource/scm/subversion.rb +2 -2
- data/lib/chef/resource/service.rb +3 -3
- data/lib/chef/resource/ssh_known_hosts_entry.rb +2 -2
- data/lib/chef/resource/support/client.erb +65 -0
- data/lib/chef/resource/support/cron.d.erb +1 -1
- data/lib/chef/resource/support/cron_access.erb +1 -1
- data/lib/chef/resource/support/sudoer.erb +1 -1
- data/lib/chef/resource/support/ulimit.erb +1 -1
- data/lib/chef/resource/sysctl.rb +1 -5
- data/lib/chef/resource/systemd_unit.rb +2 -2
- data/lib/chef/resource/template.rb +2 -2
- data/lib/chef/resource/timezone.rb +112 -73
- data/lib/chef/resource/windows_ad_join.rb +10 -3
- data/lib/chef/resource/windows_audit_policy.rb +26 -24
- data/lib/chef/resource/windows_certificate.rb +6 -4
- data/lib/chef/resource/windows_firewall_profile.rb +22 -20
- data/lib/chef/resource/windows_package.rb +28 -5
- data/lib/chef/resource/windows_printer.rb +5 -3
- data/lib/chef/resource/windows_printer_port.rb +6 -4
- data/lib/chef/resource/windows_user_privilege.rb +53 -54
- data/lib/chef/resource/windows_workgroup.rb +3 -3
- data/lib/chef/resource/yum_package.rb +2 -2
- data/lib/chef/resource_reporter.rb +0 -2
- data/lib/chef/resources.rb +4 -1
- data/lib/chef/run_context.rb +2 -2
- data/lib/chef/run_context/cookbook_compiler.rb +1 -1
- data/lib/chef/run_lock.rb +2 -2
- data/lib/chef/search/query.rb +6 -5
- data/lib/chef/shell.rb +31 -26
- data/lib/chef/shell/ext.rb +11 -11
- data/lib/chef/shell/shell_session.rb +2 -2
- data/lib/chef/train_transport.rb +5 -104
- data/lib/chef/util/backup.rb +1 -1
- data/lib/chef/util/diff.rb +3 -3
- data/lib/chef/util/powershell/cmdlet.rb +3 -1
- data/lib/chef/util/powershell/ps_credential.rb +18 -14
- data/lib/chef/util/threaded_job_queue.rb +0 -2
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/crypto.rb +1 -1
- data/lib/chef/win32/file.rb +1 -1
- data/lib/chef/win32/registry.rb +1 -2
- data/lib/chef/win32/unicode.rb +1 -1
- data/spec/data/shef-config.rb +1 -1
- data/spec/functional/event_loggers/windows_eventlog_spec.rb +6 -5
- data/spec/functional/mixin/powershell_out_spec.rb +9 -1
- data/spec/functional/resource/aix_service_spec.rb +2 -2
- data/spec/functional/resource/aixinit_service_spec.rb +1 -1
- data/spec/functional/resource/insserv_spec.rb +1 -1
- data/spec/functional/resource/powershell_script_spec.rb +57 -14
- data/spec/functional/resource/user/dscl_spec.rb +1 -1
- data/spec/functional/resource/user/mac_user_spec.rb +1 -1
- data/spec/functional/resource/windows_task_spec.rb +13 -13
- data/spec/functional/version_spec.rb +3 -3
- data/spec/integration/client/client_spec.rb +4 -4
- data/spec/integration/client/exit_code_spec.rb +3 -2
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/knife/{config_list_profiles_spec.rb → config_list_spec.rb} +30 -29
- data/spec/integration/knife/{config_get_spec.rb → config_show_spec.rb} +3 -3
- data/spec/integration/knife/{config_use_profile_spec.rb → config_use_spec.rb} +53 -10
- data/spec/integration/knife/cookbook_api_ipv6_spec.rb +1 -1
- data/spec/integration/ohai/ohai_spec.rb +61 -0
- data/spec/integration/recipes/remote_directory.rb +1 -1
- data/spec/integration/solo/solo_spec.rb +5 -5
- data/spec/spec_helper.rb +8 -6
- data/spec/stress/win32/file_spec.rb +1 -1
- data/spec/support/chef_helpers.rb +2 -2
- data/spec/support/matchers/leak.rb +2 -2
- data/spec/support/platform_helpers.rb +22 -35
- data/spec/support/shared/functional/securable_resource.rb +108 -27
- data/spec/support/shared/functional/win32_service.rb +1 -1
- data/spec/support/shared/unit/application_dot_d.rb +5 -3
- data/spec/tiny_server.rb +0 -1
- data/spec/unit/application/client_spec.rb +2 -2
- data/spec/unit/application/exit_code_spec.rb +10 -0
- data/spec/unit/application_spec.rb +4 -6
- data/spec/unit/chef_fs/config_spec.rb +1 -1
- data/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/spec/unit/chef_fs/parallelizer_spec.rb +5 -1
- data/spec/unit/chef_fs/path_util_spec.rb +1 -1
- data/spec/unit/cookbook/synchronizer_spec.rb +2 -2
- data/spec/unit/cookbook_spec.rb +2 -2
- data/spec/unit/data_collector/config_validation_spec.rb +208 -0
- data/spec/unit/data_collector_spec.rb +6 -117
- data/spec/unit/dsl/declare_resource_spec.rb +1 -1
- data/spec/unit/file_access_control_spec.rb +1 -1
- data/spec/unit/knife/bootstrap_spec.rb +6 -6
- data/spec/unit/knife/core/ui_spec.rb +1 -0
- data/spec/unit/knife/ssh_spec.rb +2 -2
- data/spec/unit/lwrp_spec.rb +3 -3
- data/spec/unit/mixin/deep_merge_spec.rb +15 -0
- data/spec/unit/mixin/openssl_helper_spec.rb +1 -1
- data/spec/unit/mixin/powershell_exec_spec.rb +39 -2
- data/spec/unit/mixin/powershell_out_spec.rb +14 -0
- data/spec/unit/mixin/securable_spec.rb +2 -2
- data/spec/unit/node/immutable_collections_spec.rb +2 -2
- data/spec/unit/provider/mount/linux_spec.rb +97 -0
- data/spec/unit/provider/package/chocolatey_spec.rb +1 -1
- data/spec/unit/provider/package/powershell_spec.rb +1 -1
- data/spec/unit/provider/package/rubygems_spec.rb +4 -1
- data/spec/unit/provider/powershell_script_spec.rb +11 -0
- data/spec/unit/provider/route_spec.rb +0 -2
- data/spec/unit/recipe_spec.rb +1 -1
- data/spec/unit/resource/chef_client_config_spec.rb +137 -0
- data/spec/unit/resource/chef_client_cron_spec.rb +35 -14
- data/spec/unit/resource/chef_client_launchd_spec.rb +127 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +36 -1
- data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +54 -0
- data/spec/unit/resource/launchd_spec.rb +8 -0
- data/spec/unit/resource/osx_profile_spec.rb +67 -1
- data/spec/unit/resource/powershell_script_spec.rb +2 -2
- data/spec/unit/resource/rhsm_register_spec.rb +56 -18
- data/spec/unit/resource/timezone_spec.rb +63 -0
- data/spec/unit/resource/windows_uac_spec.rb +1 -1
- data/spec/unit/resource/windows_user_privilege_spec.rb +55 -0
- data/spec/unit/run_lock_spec.rb +5 -1
- data/spec/unit/runner_spec.rb +1 -2
- data/spec/unit/shell/shell_ext_spec.rb +46 -3
- data/spec/unit/shell/shell_session_spec.rb +35 -64
- data/spec/unit/shell_spec.rb +16 -19
- data/spec/unit/train_transport_spec.rb +14 -13
- data/spec/unit/util/selinux_spec.rb +2 -0
- data/tasks/rspec.rb +0 -2
- metadata +46 -18
- data/lib/chef/dist.rb +0 -68
- data/spec/integration/knife/config_get_profile_spec.rb +0 -114
@@ -16,7 +16,7 @@
|
|
16
16
|
#
|
17
17
|
|
18
18
|
require_relative "../resource"
|
19
|
-
|
19
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
20
20
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
@@ -76,10 +76,15 @@ class Chef
|
|
76
76
|
|
77
77
|
property :reboot, Symbol,
|
78
78
|
equal_to: %i{immediate delayed never request_reboot reboot_now},
|
79
|
-
validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{
|
80
|
-
description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the #{
|
79
|
+
validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{ChefUtils::Dist::Infra::PRODUCT} run completes), and :never (Don't reboot)",
|
80
|
+
description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the #{ChefUtils::Dist::Infra::PRODUCT} run completes, or never. Note that a reboot is necessary for changes to take effect.",
|
81
81
|
default: :immediate
|
82
82
|
|
83
|
+
property :reboot_delay, Integer,
|
84
|
+
description: "The amount of time (in minutes) to delay a reboot request.",
|
85
|
+
default: 0,
|
86
|
+
introduced: "16.5"
|
87
|
+
|
83
88
|
property :new_hostname, String,
|
84
89
|
description: "Specifies a new hostname for the computer in the new domain.",
|
85
90
|
introduced: "14.5"
|
@@ -116,6 +121,7 @@ class Chef
|
|
116
121
|
unless new_resource.reboot == :never
|
117
122
|
reboot "Reboot to join domain #{new_resource.domain_name}" do
|
118
123
|
action clarify_reboot(new_resource.reboot)
|
124
|
+
delay_mins new_resource.reboot_delay
|
119
125
|
reason "Reboot to join domain #{new_resource.domain_name}"
|
120
126
|
end
|
121
127
|
end
|
@@ -149,6 +155,7 @@ class Chef
|
|
149
155
|
unless new_resource.reboot == :never
|
150
156
|
reboot "Reboot to leave domain #{new_resource.domain_name}" do
|
151
157
|
action clarify_reboot(new_resource.reboot)
|
158
|
+
delay_mins new_resource.reboot_delay
|
152
159
|
reason "Reboot to leave domain #{new_resource.domain_name}"
|
153
160
|
end
|
154
161
|
end
|
@@ -152,30 +152,6 @@ class Chef
|
|
152
152
|
property :audit_base_directories, [true, false],
|
153
153
|
description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of container objects such as directories."
|
154
154
|
|
155
|
-
def subcategory_configured?(sub_cat, success_value, failure_value)
|
156
|
-
setting = if success_value && failure_value
|
157
|
-
"Success and Failure$"
|
158
|
-
elsif success_value && !failure_value
|
159
|
-
"Success$"
|
160
|
-
elsif !success_value && failure_value
|
161
|
-
"(Failure$)&!(Success and Failure$)"
|
162
|
-
else
|
163
|
-
"No Auditing"
|
164
|
-
end
|
165
|
-
powershell_exec(<<-CODE).result
|
166
|
-
$auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
|
167
|
-
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
168
|
-
CODE
|
169
|
-
end
|
170
|
-
|
171
|
-
def option_configured?(option_name, option_setting)
|
172
|
-
setting = option_setting ? "Enabled$" : "Disabled$"
|
173
|
-
powershell_exec(<<-CODE).result
|
174
|
-
$auditpol_config = auditpol /get /option:#{option_name}
|
175
|
-
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
176
|
-
CODE
|
177
|
-
end
|
178
|
-
|
179
155
|
action :set do
|
180
156
|
unless new_resource.subcategory.nil?
|
181
157
|
new_resource.subcategory.each do |subcategory|
|
@@ -225,6 +201,32 @@ class Chef
|
|
225
201
|
end
|
226
202
|
end
|
227
203
|
end
|
204
|
+
|
205
|
+
action_class do
|
206
|
+
def subcategory_configured?(sub_cat, success_value, failure_value)
|
207
|
+
setting = if success_value && failure_value
|
208
|
+
"Success and Failure$"
|
209
|
+
elsif success_value && !failure_value
|
210
|
+
"Success$"
|
211
|
+
elsif !success_value && failure_value
|
212
|
+
"#{sub_cat}\\s+Failure$"
|
213
|
+
else
|
214
|
+
"No Auditing"
|
215
|
+
end
|
216
|
+
powershell_exec!(<<-CODE).result
|
217
|
+
$auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
|
218
|
+
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
219
|
+
CODE
|
220
|
+
end
|
221
|
+
|
222
|
+
def option_configured?(option_name, option_setting)
|
223
|
+
setting = option_setting ? "Enabled$" : "Disabled$"
|
224
|
+
powershell_exec!(<<-CODE).result
|
225
|
+
$auditpol_config = auditpol /get /option:#{option_name}
|
226
|
+
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
227
|
+
CODE
|
228
|
+
end
|
229
|
+
end
|
228
230
|
end
|
229
231
|
end
|
230
232
|
end
|
@@ -19,9 +19,11 @@
|
|
19
19
|
|
20
20
|
require_relative "../util/path_helper"
|
21
21
|
require_relative "../resource"
|
22
|
-
|
23
|
-
|
24
|
-
|
22
|
+
module Win32
|
23
|
+
autoload :Certstore, "win32-certstore" if Chef::Platform.windows?
|
24
|
+
end
|
25
|
+
autoload :OpenSSL, "openssl"
|
26
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
25
27
|
|
26
28
|
class Chef
|
27
29
|
class Resource
|
@@ -82,7 +84,7 @@ class Chef
|
|
82
84
|
|
83
85
|
# lazy used to set default value of sensitive to true if password is set
|
84
86
|
property :sensitive, [TrueClass, FalseClass],
|
85
|
-
description: "Ensure that sensitive resource data is not logged by the #{
|
87
|
+
description: "Ensure that sensitive resource data is not logged by the #{ChefUtils::Dist::Infra::CLIENT}.",
|
86
88
|
default: lazy { pfx_password ? true : false }, skip_docs: true
|
87
89
|
|
88
90
|
action :create do
|
@@ -19,8 +19,6 @@
|
|
19
19
|
class Chef
|
20
20
|
class Resource
|
21
21
|
class WindowsFirewallProfile < Chef::Resource
|
22
|
-
unified_mode true
|
23
|
-
|
24
22
|
provides :windows_firewall_profile
|
25
23
|
description "Use the **windows_firewall_profile** resource to enable, disable, and configure the Windows firewall."
|
26
24
|
introduced "16.3"
|
@@ -161,24 +159,6 @@ class Chef
|
|
161
159
|
cmd
|
162
160
|
end
|
163
161
|
|
164
|
-
def load_firewall_state(profile_name)
|
165
|
-
<<-EOH
|
166
|
-
Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
|
167
|
-
$#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
|
168
|
-
([PSCustomObject]@{
|
169
|
-
default_inbound_action = $#{profile_name}.DefaultInboundAction.ToString()
|
170
|
-
default_outbound_action = $#{profile_name}.DefaultOutboundAction.ToString()
|
171
|
-
allow_inbound_rules = $#{profile_name}.AllowInboundRules.ToString()
|
172
|
-
allow_local_firewall_rules = $#{profile_name}.AllowLocalFirewallRules.ToString()
|
173
|
-
allow_local_ipsec_rules = $#{profile_name}.AllowLocalIPsecRules.ToString()
|
174
|
-
allow_user_apps = $#{profile_name}.AllowUserApps.ToString()
|
175
|
-
allow_user_ports = $#{profile_name}.AllowUserPorts.ToString()
|
176
|
-
allow_unicast_response = $#{profile_name}.AllowUnicastResponseToMulticast.ToString()
|
177
|
-
display_notification = $#{profile_name}.NotifyOnListen.ToString()
|
178
|
-
}) | ConvertTo-Json
|
179
|
-
EOH
|
180
|
-
end
|
181
|
-
|
182
162
|
def firewall_enabled?(profile_name)
|
183
163
|
cmd = <<~CODE
|
184
164
|
$#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
|
@@ -194,6 +174,28 @@ class Chef
|
|
194
174
|
end
|
195
175
|
end
|
196
176
|
end
|
177
|
+
|
178
|
+
private
|
179
|
+
|
180
|
+
# build the command to load the current resource
|
181
|
+
# @return [String] current firewall state
|
182
|
+
def load_firewall_state(profile_name)
|
183
|
+
<<-EOH
|
184
|
+
Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
|
185
|
+
$#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
|
186
|
+
([PSCustomObject]@{
|
187
|
+
default_inbound_action = $#{profile_name}.DefaultInboundAction.ToString()
|
188
|
+
default_outbound_action = $#{profile_name}.DefaultOutboundAction.ToString()
|
189
|
+
allow_inbound_rules = $#{profile_name}.AllowInboundRules.ToString()
|
190
|
+
allow_local_firewall_rules = $#{profile_name}.AllowLocalFirewallRules.ToString()
|
191
|
+
allow_local_ipsec_rules = $#{profile_name}.AllowLocalIPsecRules.ToString()
|
192
|
+
allow_user_apps = $#{profile_name}.AllowUserApps.ToString()
|
193
|
+
allow_user_ports = $#{profile_name}.AllowUserPorts.ToString()
|
194
|
+
allow_unicast_response = $#{profile_name}.AllowUnicastResponseToMulticast.ToString()
|
195
|
+
display_notification = $#{profile_name}.NotifyOnListen.ToString()
|
196
|
+
}) | ConvertTo-Json
|
197
|
+
EOH
|
198
|
+
end
|
197
199
|
end
|
198
200
|
end
|
199
201
|
end
|
@@ -20,7 +20,7 @@ require_relative "../mixin/uris"
|
|
20
20
|
require_relative "package"
|
21
21
|
require_relative "../provider/package/windows"
|
22
22
|
require_relative "../win32/error" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
23
|
-
|
23
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
24
24
|
|
25
25
|
class Chef
|
26
26
|
class Resource
|
@@ -30,7 +30,30 @@ class Chef
|
|
30
30
|
provides(:windows_package) { true }
|
31
31
|
provides :package, os: "windows"
|
32
32
|
|
33
|
-
description
|
33
|
+
description <<~DESC
|
34
|
+
Use the **windows_package** resource to manage packages on the Microsoft Windows platform.
|
35
|
+
The **windows_package** resource supports these installer formats:
|
36
|
+
* Microsoft Installer Package (MSI)
|
37
|
+
* Nullsoft Scriptable Install System (NSIS)
|
38
|
+
* Inno Setup (inno)
|
39
|
+
* Wise
|
40
|
+
* InstallShield
|
41
|
+
* Custom installers such as installing a non-.msi file that embeds an .msi-based installer
|
42
|
+
|
43
|
+
To enable idempotence of the `:install` action or to enable the `:remove` action with no source property specified,
|
44
|
+
`package_name` MUST be an exact match of the name used by the package installer. The names of installed packages
|
45
|
+
Windows knows about can be found in **Add/Remove programs**, in the output of `ohai packages`, or in the
|
46
|
+
`DisplayName` property in one of the following in the Windows registry:
|
47
|
+
|
48
|
+
* `HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`
|
49
|
+
* `HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`
|
50
|
+
* `HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall`
|
51
|
+
|
52
|
+
Note: If there are multiple versions of a package installed with the same display name, all of those packages will
|
53
|
+
be removed unless a version is provided in the **version** property or unless it can be discovered in the installer
|
54
|
+
file specified by the **source** property.
|
55
|
+
DESC
|
56
|
+
|
34
57
|
introduced "11.12"
|
35
58
|
examples <<~DOC
|
36
59
|
**Install a package**:
|
@@ -135,15 +158,15 @@ class Chef
|
|
135
158
|
end
|
136
159
|
end),
|
137
160
|
default_description: "The resource block's name", # this property is basically a name_property but not really so we need to spell it out
|
138
|
-
description: "The path to a package in the local file system
|
161
|
+
description: "The path to a package in the local file system or the URL of a remote file that will be downloaded."
|
139
162
|
|
140
163
|
property :checksum, String,
|
141
164
|
desired_state: false, coerce: (proc { |c| c.downcase }),
|
142
|
-
description: "The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{
|
165
|
+
description: "The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{ChefUtils::Dist::Infra::PRODUCT} does not download it. Use when a URL is specified by the `source` property."
|
143
166
|
|
144
167
|
property :remote_file_attributes, Hash,
|
145
168
|
desired_state: false,
|
146
|
-
description: "If the source package to install is at a remote location this property allows you to define a hash of properties
|
169
|
+
description: "If the source package to install is at a remote location, this property allows you to define a hash of properties which will be used by the underlying **remote_file** resource used to fetch the source."
|
147
170
|
end
|
148
171
|
end
|
149
172
|
end
|
@@ -24,7 +24,7 @@ class Chef
|
|
24
24
|
class WindowsPrinter < Chef::Resource
|
25
25
|
unified_mode true
|
26
26
|
|
27
|
-
|
27
|
+
autoload :Resolv, "resolv"
|
28
28
|
|
29
29
|
provides(:windows_printer) { true }
|
30
30
|
|
@@ -78,8 +78,10 @@ class Chef
|
|
78
78
|
|
79
79
|
property :ipv4_address, String,
|
80
80
|
description: "The IPv4 address of the printer, such as `10.4.64.23`",
|
81
|
-
|
82
|
-
|
81
|
+
callbacks: {
|
82
|
+
"The ipv4_address property must be in the IPv4 format of `WWW.XXX.YYY.ZZZ`" =>
|
83
|
+
proc { |v| v.match(Resolv::IPv4::Regex) },
|
84
|
+
}
|
83
85
|
|
84
86
|
PRINTERS_REG_KEY = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\'.freeze unless defined?(PRINTERS_REG_KEY)
|
85
87
|
|
@@ -24,7 +24,7 @@ class Chef
|
|
24
24
|
class WindowsPrinterPort < Chef::Resource
|
25
25
|
unified_mode true
|
26
26
|
|
27
|
-
|
27
|
+
autoload :Resolv, "resolv"
|
28
28
|
|
29
29
|
provides(:windows_printer_port) { true }
|
30
30
|
|
@@ -61,9 +61,11 @@ class Chef
|
|
61
61
|
|
62
62
|
property :ipv4_address, String,
|
63
63
|
name_property: true,
|
64
|
-
|
65
|
-
|
66
|
-
|
64
|
+
description: "An optional property for the IPv4 address of the printer if it differs from the resource block's name.",
|
65
|
+
callbacks: {
|
66
|
+
"The ipv4_address property must be in the format of WWW.XXX.YYY.ZZZ!" =>
|
67
|
+
proc { |v| v.match(Resolv::IPv4::Regex) },
|
68
|
+
}
|
67
69
|
|
68
70
|
property :port_name, String,
|
69
71
|
description: "The port name."
|
@@ -23,52 +23,6 @@ class Chef
|
|
23
23
|
class WindowsUserPrivilege < Chef::Resource
|
24
24
|
unified_mode true
|
25
25
|
|
26
|
-
privilege_opts = %w{SeTrustedCredManAccessPrivilege
|
27
|
-
SeNetworkLogonRight
|
28
|
-
SeTcbPrivilege
|
29
|
-
SeMachineAccountPrivilege
|
30
|
-
SeIncreaseQuotaPrivilege
|
31
|
-
SeInteractiveLogonRight
|
32
|
-
SeRemoteInteractiveLogonRight
|
33
|
-
SeBackupPrivilege
|
34
|
-
SeChangeNotifyPrivilege
|
35
|
-
SeSystemtimePrivilege
|
36
|
-
SeTimeZonePrivilege
|
37
|
-
SeCreatePagefilePrivilege
|
38
|
-
SeCreateTokenPrivilege
|
39
|
-
SeCreateGlobalPrivilege
|
40
|
-
SeCreatePermanentPrivilege
|
41
|
-
SeCreateSymbolicLinkPrivilege
|
42
|
-
SeDebugPrivilege
|
43
|
-
SeDenyNetworkLogonRight
|
44
|
-
SeDenyBatchLogonRight
|
45
|
-
SeDenyServiceLogonRight
|
46
|
-
SeDenyInteractiveLogonRight
|
47
|
-
SeDenyRemoteInteractiveLogonRight
|
48
|
-
SeEnableDelegationPrivilege
|
49
|
-
SeRemoteShutdownPrivilege
|
50
|
-
SeAuditPrivilege
|
51
|
-
SeImpersonatePrivilege
|
52
|
-
SeIncreaseWorkingSetPrivilege
|
53
|
-
SeIncreaseBasePriorityPrivilege
|
54
|
-
SeLoadDriverPrivilege
|
55
|
-
SeLockMemoryPrivilege
|
56
|
-
SeBatchLogonRight
|
57
|
-
SeServiceLogonRight
|
58
|
-
SeSecurityPrivilege
|
59
|
-
SeRelabelPrivilege
|
60
|
-
SeSystemEnvironmentPrivilege
|
61
|
-
SeManageVolumePrivilege
|
62
|
-
SeProfileSingleProcessPrivilege
|
63
|
-
SeSystemProfilePrivilege
|
64
|
-
SeUndockPrivilege
|
65
|
-
SeAssignPrimaryTokenPrivilege
|
66
|
-
SeRestorePrivilege
|
67
|
-
SeShutdownPrivilege
|
68
|
-
SeSyncAgentPrivilege
|
69
|
-
SeTakeOwnershipPrivilege
|
70
|
-
}
|
71
|
-
|
72
26
|
provides :windows_user_privilege
|
73
27
|
description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment"
|
74
28
|
|
@@ -125,22 +79,67 @@ class Chef
|
|
125
79
|
```
|
126
80
|
DOC
|
127
81
|
|
82
|
+
PRIVILEGE_OPTS = %w{ SeAssignPrimaryTokenPrivilege
|
83
|
+
SeAuditPrivilege
|
84
|
+
SeBackupPrivilege
|
85
|
+
SeBatchLogonRight
|
86
|
+
SeChangeNotifyPrivilege
|
87
|
+
SeCreateGlobalPrivilege
|
88
|
+
SeCreatePagefilePrivilege
|
89
|
+
SeCreatePermanentPrivilege
|
90
|
+
SeCreateSymbolicLinkPrivilege
|
91
|
+
SeCreateTokenPrivilege
|
92
|
+
SeDebugPrivilege
|
93
|
+
SeDenyBatchLogonRight
|
94
|
+
SeDenyInteractiveLogonRight
|
95
|
+
SeDenyNetworkLogonRight
|
96
|
+
SeDenyRemoteInteractiveLogonRight
|
97
|
+
SeDenyServiceLogonRight
|
98
|
+
SeEnableDelegationPrivilege
|
99
|
+
SeImpersonatePrivilege
|
100
|
+
SeIncreaseBasePriorityPrivilege
|
101
|
+
SeIncreaseQuotaPrivilege
|
102
|
+
SeIncreaseWorkingSetPrivilege
|
103
|
+
SeInteractiveLogonRight
|
104
|
+
SeLoadDriverPrivilege
|
105
|
+
SeLockMemoryPrivilege
|
106
|
+
SeMachineAccountPrivilege
|
107
|
+
SeManageVolumePrivilege
|
108
|
+
SeNetworkLogonRight
|
109
|
+
SeProfileSingleProcessPrivilege
|
110
|
+
SeRelabelPrivilege
|
111
|
+
SeRemoteInteractiveLogonRight
|
112
|
+
SeRemoteShutdownPrivilege
|
113
|
+
SeRestorePrivilege
|
114
|
+
SeSecurityPrivilege
|
115
|
+
SeServiceLogonRight
|
116
|
+
SeShutdownPrivilege
|
117
|
+
SeSyncAgentPrivilege
|
118
|
+
SeSystemEnvironmentPrivilege
|
119
|
+
SeSystemProfilePrivilege
|
120
|
+
SeSystemtimePrivilege
|
121
|
+
SeTakeOwnershipPrivilege
|
122
|
+
SeTcbPrivilege
|
123
|
+
SeTimeZonePrivilege
|
124
|
+
SeTrustedCredManAccessPrivilege
|
125
|
+
SeUndockPrivilege
|
126
|
+
}.freeze
|
127
|
+
|
128
128
|
property :principal, String,
|
129
129
|
description: "An optional property to add the user to the given privilege. Use only with add and remove action.",
|
130
130
|
name_property: true
|
131
131
|
|
132
|
-
property :users, Array,
|
133
|
-
description: "An optional property to set the privilege for given users. Use only with set action."
|
132
|
+
property :users, [Array, String],
|
133
|
+
description: "An optional property to set the privilege for given users. Use only with set action.",
|
134
|
+
coerce: proc { |v| Array(v) }
|
134
135
|
|
135
136
|
property :privilege, [Array, String],
|
136
|
-
description: "
|
137
|
+
description: "One or more privileges to set for users.",
|
137
138
|
required: true,
|
138
|
-
coerce: proc { |v| v
|
139
|
+
coerce: proc { |v| Array(v) },
|
139
140
|
callbacks: {
|
140
|
-
|
141
|
-
|
142
|
-
},
|
143
|
-
}
|
141
|
+
"Privilege property restricted to the following values: #{PRIVILEGE_OPTS}" => lambda { |n| (n - PRIVILEGE_OPTS).empty? },
|
142
|
+
}
|
144
143
|
|
145
144
|
load_current_value do |new_resource|
|
146
145
|
if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove))
|
@@ -16,7 +16,7 @@
|
|
16
16
|
#
|
17
17
|
|
18
18
|
require_relative "../resource"
|
19
|
-
|
19
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
20
20
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
@@ -59,8 +59,8 @@ class Chef
|
|
59
59
|
|
60
60
|
property :reboot, Symbol,
|
61
61
|
equal_to: %i{never request_reboot reboot_now},
|
62
|
-
validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{
|
63
|
-
description: "Controls the system reboot behavior post workgroup joining. Reboot immediately, after the #{
|
62
|
+
validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{ChefUtils::Dist::Infra::PRODUCT} run completes), and :never (Don't reboot)",
|
63
|
+
description: "Controls the system reboot behavior post workgroup joining. Reboot immediately, after the #{ChefUtils::Dist::Infra::PRODUCT} run completes, or never. Note that a reboot is necessary for changes to take effect.",
|
64
64
|
coerce: proc { |x| clarify_reboot(x) },
|
65
65
|
default: :immediate, desired_state: false
|
66
66
|
|
@@ -17,7 +17,7 @@
|
|
17
17
|
#
|
18
18
|
|
19
19
|
require_relative "package"
|
20
|
-
|
20
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
21
21
|
|
22
22
|
class Chef
|
23
23
|
class Resource
|
@@ -135,7 +135,7 @@ class Chef
|
|
135
135
|
coerce: proc { |x| x.is_a?(Array) ? x.to_a : x }
|
136
136
|
|
137
137
|
property :flush_cache, Hash,
|
138
|
-
description: "Flush the in-memory cache before or after a Yum operation that installs, upgrades, or removes a package. Accepts a Hash in the form: { :before => true/false, :after => true/false } or an Array in the form [ :before, :after ].\nYum automatically synchronizes remote metadata to a local cache. The #{
|
138
|
+
description: "Flush the in-memory cache before or after a Yum operation that installs, upgrades, or removes a package. Accepts a Hash in the form: { :before => true/false, :after => true/false } or an Array in the form [ :before, :after ].\nYum automatically synchronizes remote metadata to a local cache. The #{ChefUtils::Dist::Infra::CLIENT} creates a copy of the local cache, and then stores it in-memory during the #{ChefUtils::Dist::Infra::CLIENT} run. The in-memory cache allows packages to be installed during the #{ChefUtils::Dist::Infra::CLIENT} run without the need to continue synchronizing the remote metadata to the local cache while the #{ChefUtils::Dist::Infra::CLIENT} run is in-progress.",
|
139
139
|
default: { before: false, after: false },
|
140
140
|
coerce: proc { |v|
|
141
141
|
if v.is_a?(Hash)
|