chef 16.4.35 → 16.6.14

Sign up to get free protection for your applications and to get access to all the features.
Files changed (320) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/Rakefile +2 -2
  4. data/bin/knife +1 -1
  5. data/chef.gemspec +2 -1
  6. data/lib/chef/api_client/registration.rb +6 -6
  7. data/lib/chef/application.rb +19 -22
  8. data/lib/chef/application/apply.rb +12 -7
  9. data/lib/chef/application/base.rb +26 -25
  10. data/lib/chef/application/client.rb +16 -8
  11. data/lib/chef/application/exit_code.rb +13 -4
  12. data/lib/chef/application/knife.rb +22 -11
  13. data/lib/chef/application/solo.rb +2 -1
  14. data/lib/chef/application/windows_service.rb +14 -14
  15. data/lib/chef/application/windows_service_manager.rb +6 -6
  16. data/lib/chef/chef_fs/chef_fs_data_store.rb +1 -1
  17. data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
  18. data/lib/chef/chef_fs/knife.rb +2 -2
  19. data/lib/chef/chef_fs/parallelizer.rb +0 -1
  20. data/lib/chef/client.rb +12 -42
  21. data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
  22. data/lib/chef/cookbook/gem_installer.rb +1 -1
  23. data/lib/chef/cookbook/synchronizer.rb +2 -2
  24. data/lib/chef/cookbook_site_streaming_uploader.rb +13 -11
  25. data/lib/chef/cookbook_uploader.rb +1 -1
  26. data/lib/chef/data_collector.rb +7 -6
  27. data/lib/chef/data_collector/config_validation.rb +22 -13
  28. data/lib/chef/data_collector/run_end_message.rb +2 -2
  29. data/lib/chef/data_collector/run_start_message.rb +1 -1
  30. data/lib/chef/deprecated.rb +1 -1
  31. data/lib/chef/deprecation/warnings.rb +2 -2
  32. data/lib/chef/digester.rb +2 -2
  33. data/lib/chef/dsl/chef_vault.rb +1 -1
  34. data/lib/chef/dsl/data_query.rb +2 -2
  35. data/lib/chef/dsl/platform_introspection.rb +1 -1
  36. data/lib/chef/encrypted_data_bag_item.rb +3 -4
  37. data/lib/chef/encrypted_data_bag_item/decryptor.rb +3 -3
  38. data/lib/chef/encrypted_data_bag_item/encryptor.rb +3 -3
  39. data/lib/chef/environment.rb +2 -2
  40. data/lib/chef/event_loggers/windows_eventlog.rb +2 -2
  41. data/lib/chef/exceptions.rb +4 -4
  42. data/lib/chef/file_access_control/windows.rb +5 -1
  43. data/lib/chef/file_content_management/tempfile.rb +1 -1
  44. data/lib/chef/formatters/doc.rb +7 -6
  45. data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +6 -5
  46. data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +3 -3
  47. data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +9 -9
  48. data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +2 -2
  49. data/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +3 -3
  50. data/lib/chef/formatters/indentable_output_stream.rb +2 -2
  51. data/lib/chef/formatters/minimal.rb +5 -4
  52. data/lib/chef/http.rb +6 -4
  53. data/lib/chef/http/auth_credentials.rb +5 -1
  54. data/lib/chef/http/authenticator.rb +1 -1
  55. data/lib/chef/http/basic_client.rb +4 -2
  56. data/lib/chef/http/decompressor.rb +1 -1
  57. data/lib/chef/http/http_request.rb +7 -5
  58. data/lib/chef/http/socketless_chef_zero_client.rb +5 -2
  59. data/lib/chef/http/ssl_policies.rb +1 -1
  60. data/lib/chef/json_compat.rb +1 -1
  61. data/lib/chef/knife.rb +4 -4
  62. data/lib/chef/knife/bootstrap.rb +16 -14
  63. data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
  64. data/lib/chef/knife/bootstrap/templates/chef-full.erb +3 -3
  65. data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +7 -7
  66. data/lib/chef/knife/client_create.rb +3 -3
  67. data/lib/chef/knife/config_get.rb +8 -97
  68. data/lib/chef/knife/config_get_profile.rb +9 -9
  69. data/lib/chef/knife/config_list.rb +139 -0
  70. data/lib/chef/knife/config_list_profiles.rb +8 -98
  71. data/lib/chef/knife/config_show.rb +127 -0
  72. data/lib/chef/knife/config_use.rb +61 -0
  73. data/lib/chef/knife/config_use_profile.rb +9 -24
  74. data/lib/chef/knife/configure.rb +4 -2
  75. data/lib/chef/knife/core/bootstrap_context.rb +2 -2
  76. data/lib/chef/knife/core/object_loader.rb +1 -1
  77. data/lib/chef/knife/core/ui.rb +1 -1
  78. data/lib/chef/knife/core/windows_bootstrap_context.rb +11 -11
  79. data/lib/chef/knife/exec.rb +2 -2
  80. data/lib/chef/knife/node_policy_set.rb +2 -2
  81. data/lib/chef/knife/node_run_list_add.rb +1 -1
  82. data/lib/chef/knife/node_run_list_remove.rb +1 -1
  83. data/lib/chef/knife/node_run_list_set.rb +1 -1
  84. data/lib/chef/knife/node_show.rb +2 -2
  85. data/lib/chef/knife/role_env_run_list_add.rb +1 -1
  86. data/lib/chef/knife/role_env_run_list_set.rb +1 -1
  87. data/lib/chef/knife/role_run_list_add.rb +1 -1
  88. data/lib/chef/knife/role_run_list_set.rb +1 -1
  89. data/lib/chef/knife/search.rb +0 -1
  90. data/lib/chef/knife/serve.rb +3 -3
  91. data/lib/chef/knife/ssh.rb +18 -3
  92. data/lib/chef/knife/ssl_check.rb +3 -3
  93. data/lib/chef/knife/status.rb +2 -2
  94. data/lib/chef/knife/tag_create.rb +1 -1
  95. data/lib/chef/knife/tag_delete.rb +1 -1
  96. data/lib/chef/knife/user_create.rb +2 -2
  97. data/lib/chef/knife/yaml_convert.rb +1 -1
  98. data/lib/chef/local_mode.rb +2 -2
  99. data/lib/chef/log/syslog.rb +2 -2
  100. data/lib/chef/log/winevt.rb +2 -2
  101. data/lib/chef/mixin/deep_merge.rb +0 -12
  102. data/lib/chef/mixin/openssl_helper.rb +1 -4
  103. data/lib/chef/mixin/powershell_exec.rb +22 -10
  104. data/lib/chef/mixin/powershell_out.rb +12 -5
  105. data/lib/chef/mixin/template.rb +3 -3
  106. data/lib/chef/mixin/uris.rb +4 -2
  107. data/lib/chef/mixin/versioned_api.rb +1 -2
  108. data/lib/chef/monkey_patches/net_http.rb +4 -4
  109. data/lib/chef/node/mixin/immutablize_hash.rb +2 -0
  110. data/lib/chef/node_map.rb +4 -4
  111. data/lib/chef/policy_builder/dynamic.rb +2 -0
  112. data/lib/chef/policy_builder/policyfile.rb +2 -2
  113. data/lib/chef/powershell.rb +3 -2
  114. data/lib/chef/provider.rb +1 -5
  115. data/lib/chef/provider/file.rb +2 -2
  116. data/lib/chef/provider/ifconfig.rb +2 -2
  117. data/lib/chef/provider/ifconfig/debian.rb +33 -15
  118. data/lib/chef/provider/ifconfig/redhat.rb +51 -17
  119. data/lib/chef/provider/launchd.rb +2 -2
  120. data/lib/chef/provider/link.rb +0 -9
  121. data/lib/chef/provider/mount/linux.rb +63 -0
  122. data/lib/chef/provider/package/dpkg.rb +3 -12
  123. data/lib/chef/provider/package/homebrew.rb +1 -1
  124. data/lib/chef/provider/package/rubygems.rb +21 -18
  125. data/lib/chef/provider/package/snap.rb +0 -1
  126. data/lib/chef/provider/package/windows.rb +2 -2
  127. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +3 -1
  128. data/lib/chef/provider/package/zypper.rb +1 -1
  129. data/lib/chef/provider/powershell_script.rb +12 -1
  130. data/lib/chef/provider/remote_file/content.rb +3 -0
  131. data/lib/chef/provider/remote_file/ftp.rb +6 -4
  132. data/lib/chef/provider/remote_file/sftp.rb +6 -4
  133. data/lib/chef/provider/route.rb +2 -6
  134. data/lib/chef/provider/service/macosx.rb +2 -2
  135. data/lib/chef/provider/service/redhat.rb +1 -1
  136. data/lib/chef/provider/template_finder.rb +2 -10
  137. data/lib/chef/provider/user/dscl.rb +5 -5
  138. data/lib/chef/provider/user/mac.rb +3 -3
  139. data/lib/chef/provider/windows_task.rb +1 -2
  140. data/lib/chef/provider/zypper_repository.rb +2 -2
  141. data/lib/chef/provider_resolver.rb +1 -1
  142. data/lib/chef/providers.rb +1 -0
  143. data/lib/chef/pwsh.rb +64 -0
  144. data/lib/chef/recipe.rb +2 -2
  145. data/lib/chef/resource.rb +2 -2
  146. data/lib/chef/resource/apt_repository.rb +6 -5
  147. data/lib/chef/resource/bff_package.rb +22 -0
  148. data/lib/chef/resource/breakpoint.rb +57 -2
  149. data/lib/chef/resource/build_essential.rb +1 -1
  150. data/lib/chef/resource/cab_package.rb +29 -0
  151. data/lib/chef/resource/chef_client_config.rb +313 -0
  152. data/lib/chef/resource/chef_client_cron.rb +35 -28
  153. data/lib/chef/resource/chef_client_launchd.rb +194 -0
  154. data/lib/chef/resource/chef_client_scheduled_task.rb +24 -21
  155. data/lib/chef/resource/chef_client_systemd_timer.rb +27 -20
  156. data/lib/chef/resource/chef_client_trusted_certificate.rb +101 -0
  157. data/lib/chef/resource/chef_gem.rb +10 -10
  158. data/lib/chef/resource/chef_handler.rb +149 -4
  159. data/lib/chef/resource/chef_sleep.rb +3 -3
  160. data/lib/chef/resource/chef_vault_secret.rb +1 -1
  161. data/lib/chef/resource/cookbook_file.rb +2 -2
  162. data/lib/chef/resource/cron/_cron_shared.rb +1 -0
  163. data/lib/chef/resource/cron/cron_d.rb +2 -3
  164. data/lib/chef/resource/dnf_package.rb +2 -2
  165. data/lib/chef/resource/dsc_resource.rb +0 -1
  166. data/lib/chef/resource/dsc_script.rb +2 -2
  167. data/lib/chef/resource/execute.rb +6 -6
  168. data/lib/chef/resource/file.rb +4 -4
  169. data/lib/chef/resource/gem_package.rb +5 -5
  170. data/lib/chef/resource/homebrew_package.rb +3 -3
  171. data/lib/chef/resource/homebrew_update.rb +5 -5
  172. data/lib/chef/resource/hostname.rb +2 -2
  173. data/lib/chef/resource/kernel_module.rb +1 -1
  174. data/lib/chef/resource/launchd.rb +17 -16
  175. data/lib/chef/resource/locale.rb +2 -2
  176. data/lib/chef/resource/macos_userdefaults.rb +3 -3
  177. data/lib/chef/resource/mount.rb +1 -1
  178. data/lib/chef/resource/notify_group.rb +0 -1
  179. data/lib/chef/resource/ohai.rb +46 -3
  180. data/lib/chef/resource/ohai_hint.rb +33 -0
  181. data/lib/chef/resource/openssl_dhparam.rb +27 -5
  182. data/lib/chef/resource/openssl_ec_private_key.rb +6 -3
  183. data/lib/chef/resource/openssl_ec_public_key.rb +2 -2
  184. data/lib/chef/resource/openssl_rsa_private_key.rb +6 -3
  185. data/lib/chef/resource/openssl_x509_certificate.rb +14 -14
  186. data/lib/chef/resource/openssl_x509_crl.rb +19 -10
  187. data/lib/chef/resource/openssl_x509_request.rb +14 -16
  188. data/lib/chef/resource/osx_profile.rb +77 -13
  189. data/lib/chef/resource/plist.rb +1 -1
  190. data/lib/chef/resource/powershell_package_source.rb +5 -5
  191. data/lib/chef/resource/powershell_script.rb +7 -1
  192. data/lib/chef/resource/reboot.rb +2 -2
  193. data/lib/chef/resource/remote_file.rb +3 -3
  194. data/lib/chef/resource/rhsm_register.rb +22 -10
  195. data/lib/chef/resource/ruby_block.rb +2 -2
  196. data/lib/chef/resource/scm/subversion.rb +2 -2
  197. data/lib/chef/resource/service.rb +3 -3
  198. data/lib/chef/resource/ssh_known_hosts_entry.rb +2 -2
  199. data/lib/chef/resource/support/client.erb +65 -0
  200. data/lib/chef/resource/support/cron.d.erb +1 -1
  201. data/lib/chef/resource/support/cron_access.erb +1 -1
  202. data/lib/chef/resource/support/sudoer.erb +1 -1
  203. data/lib/chef/resource/support/ulimit.erb +1 -1
  204. data/lib/chef/resource/sysctl.rb +1 -5
  205. data/lib/chef/resource/systemd_unit.rb +2 -2
  206. data/lib/chef/resource/template.rb +2 -2
  207. data/lib/chef/resource/timezone.rb +112 -73
  208. data/lib/chef/resource/windows_ad_join.rb +10 -3
  209. data/lib/chef/resource/windows_audit_policy.rb +26 -24
  210. data/lib/chef/resource/windows_certificate.rb +6 -4
  211. data/lib/chef/resource/windows_firewall_profile.rb +22 -20
  212. data/lib/chef/resource/windows_package.rb +28 -5
  213. data/lib/chef/resource/windows_printer.rb +5 -3
  214. data/lib/chef/resource/windows_printer_port.rb +6 -4
  215. data/lib/chef/resource/windows_user_privilege.rb +53 -54
  216. data/lib/chef/resource/windows_workgroup.rb +3 -3
  217. data/lib/chef/resource/yum_package.rb +2 -2
  218. data/lib/chef/resource_reporter.rb +0 -2
  219. data/lib/chef/resources.rb +4 -1
  220. data/lib/chef/run_context.rb +2 -2
  221. data/lib/chef/run_context/cookbook_compiler.rb +1 -1
  222. data/lib/chef/run_lock.rb +2 -2
  223. data/lib/chef/search/query.rb +6 -5
  224. data/lib/chef/shell.rb +31 -26
  225. data/lib/chef/shell/ext.rb +11 -11
  226. data/lib/chef/shell/shell_session.rb +2 -2
  227. data/lib/chef/train_transport.rb +5 -104
  228. data/lib/chef/util/backup.rb +1 -1
  229. data/lib/chef/util/diff.rb +3 -3
  230. data/lib/chef/util/powershell/cmdlet.rb +3 -1
  231. data/lib/chef/util/powershell/ps_credential.rb +18 -14
  232. data/lib/chef/util/threaded_job_queue.rb +0 -2
  233. data/lib/chef/version.rb +1 -1
  234. data/lib/chef/win32/crypto.rb +1 -1
  235. data/lib/chef/win32/file.rb +1 -1
  236. data/lib/chef/win32/registry.rb +1 -2
  237. data/lib/chef/win32/unicode.rb +1 -1
  238. data/spec/data/shef-config.rb +1 -1
  239. data/spec/functional/event_loggers/windows_eventlog_spec.rb +6 -5
  240. data/spec/functional/mixin/powershell_out_spec.rb +9 -1
  241. data/spec/functional/resource/aix_service_spec.rb +2 -2
  242. data/spec/functional/resource/aixinit_service_spec.rb +1 -1
  243. data/spec/functional/resource/insserv_spec.rb +1 -1
  244. data/spec/functional/resource/powershell_script_spec.rb +57 -14
  245. data/spec/functional/resource/user/dscl_spec.rb +1 -1
  246. data/spec/functional/resource/user/mac_user_spec.rb +1 -1
  247. data/spec/functional/resource/windows_task_spec.rb +13 -13
  248. data/spec/functional/version_spec.rb +3 -3
  249. data/spec/integration/client/client_spec.rb +4 -4
  250. data/spec/integration/client/exit_code_spec.rb +3 -2
  251. data/spec/integration/client/ipv6_spec.rb +1 -1
  252. data/spec/integration/knife/{config_list_profiles_spec.rb → config_list_spec.rb} +30 -29
  253. data/spec/integration/knife/{config_get_spec.rb → config_show_spec.rb} +3 -3
  254. data/spec/integration/knife/{config_use_profile_spec.rb → config_use_spec.rb} +53 -10
  255. data/spec/integration/knife/cookbook_api_ipv6_spec.rb +1 -1
  256. data/spec/integration/ohai/ohai_spec.rb +61 -0
  257. data/spec/integration/recipes/remote_directory.rb +1 -1
  258. data/spec/integration/solo/solo_spec.rb +5 -5
  259. data/spec/spec_helper.rb +8 -6
  260. data/spec/stress/win32/file_spec.rb +1 -1
  261. data/spec/support/chef_helpers.rb +2 -2
  262. data/spec/support/matchers/leak.rb +2 -2
  263. data/spec/support/platform_helpers.rb +22 -35
  264. data/spec/support/shared/functional/securable_resource.rb +108 -27
  265. data/spec/support/shared/functional/win32_service.rb +1 -1
  266. data/spec/support/shared/unit/application_dot_d.rb +5 -3
  267. data/spec/tiny_server.rb +0 -1
  268. data/spec/unit/application/client_spec.rb +2 -2
  269. data/spec/unit/application/exit_code_spec.rb +10 -0
  270. data/spec/unit/application_spec.rb +4 -6
  271. data/spec/unit/chef_fs/config_spec.rb +1 -1
  272. data/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
  273. data/spec/unit/chef_fs/parallelizer_spec.rb +5 -1
  274. data/spec/unit/chef_fs/path_util_spec.rb +1 -1
  275. data/spec/unit/cookbook/synchronizer_spec.rb +2 -2
  276. data/spec/unit/cookbook_spec.rb +2 -2
  277. data/spec/unit/data_collector/config_validation_spec.rb +208 -0
  278. data/spec/unit/data_collector_spec.rb +6 -117
  279. data/spec/unit/dsl/declare_resource_spec.rb +1 -1
  280. data/spec/unit/file_access_control_spec.rb +1 -1
  281. data/spec/unit/knife/bootstrap_spec.rb +6 -6
  282. data/spec/unit/knife/core/ui_spec.rb +1 -0
  283. data/spec/unit/knife/ssh_spec.rb +2 -2
  284. data/spec/unit/lwrp_spec.rb +3 -3
  285. data/spec/unit/mixin/deep_merge_spec.rb +15 -0
  286. data/spec/unit/mixin/openssl_helper_spec.rb +1 -1
  287. data/spec/unit/mixin/powershell_exec_spec.rb +39 -2
  288. data/spec/unit/mixin/powershell_out_spec.rb +14 -0
  289. data/spec/unit/mixin/securable_spec.rb +2 -2
  290. data/spec/unit/node/immutable_collections_spec.rb +2 -2
  291. data/spec/unit/provider/mount/linux_spec.rb +97 -0
  292. data/spec/unit/provider/package/chocolatey_spec.rb +1 -1
  293. data/spec/unit/provider/package/powershell_spec.rb +1 -1
  294. data/spec/unit/provider/package/rubygems_spec.rb +4 -1
  295. data/spec/unit/provider/powershell_script_spec.rb +11 -0
  296. data/spec/unit/provider/route_spec.rb +0 -2
  297. data/spec/unit/recipe_spec.rb +1 -1
  298. data/spec/unit/resource/chef_client_config_spec.rb +137 -0
  299. data/spec/unit/resource/chef_client_cron_spec.rb +35 -14
  300. data/spec/unit/resource/chef_client_launchd_spec.rb +127 -0
  301. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +36 -1
  302. data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +54 -0
  303. data/spec/unit/resource/launchd_spec.rb +8 -0
  304. data/spec/unit/resource/osx_profile_spec.rb +67 -1
  305. data/spec/unit/resource/powershell_script_spec.rb +2 -2
  306. data/spec/unit/resource/rhsm_register_spec.rb +56 -18
  307. data/spec/unit/resource/timezone_spec.rb +63 -0
  308. data/spec/unit/resource/windows_uac_spec.rb +1 -1
  309. data/spec/unit/resource/windows_user_privilege_spec.rb +55 -0
  310. data/spec/unit/run_lock_spec.rb +5 -1
  311. data/spec/unit/runner_spec.rb +1 -2
  312. data/spec/unit/shell/shell_ext_spec.rb +46 -3
  313. data/spec/unit/shell/shell_session_spec.rb +35 -64
  314. data/spec/unit/shell_spec.rb +16 -19
  315. data/spec/unit/train_transport_spec.rb +14 -13
  316. data/spec/unit/util/selinux_spec.rb +2 -0
  317. data/tasks/rspec.rb +0 -2
  318. metadata +46 -18
  319. data/lib/chef/dist.rb +0 -68
  320. data/spec/integration/knife/config_get_profile_spec.rb +0 -114
@@ -16,7 +16,7 @@
16
16
  #
17
17
 
18
18
  require_relative "../resource"
19
- require_relative "../dist"
19
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
20
20
 
21
21
  class Chef
22
22
  class Resource
@@ -76,10 +76,15 @@ class Chef
76
76
 
77
77
  property :reboot, Symbol,
78
78
  equal_to: %i{immediate delayed never request_reboot reboot_now},
79
- validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{Chef::Dist::PRODUCT} run completes), and :never (Don't reboot)",
80
- description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the #{Chef::Dist::PRODUCT} run completes, or never. Note that a reboot is necessary for changes to take effect.",
79
+ validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{ChefUtils::Dist::Infra::PRODUCT} run completes), and :never (Don't reboot)",
80
+ description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the #{ChefUtils::Dist::Infra::PRODUCT} run completes, or never. Note that a reboot is necessary for changes to take effect.",
81
81
  default: :immediate
82
82
 
83
+ property :reboot_delay, Integer,
84
+ description: "The amount of time (in minutes) to delay a reboot request.",
85
+ default: 0,
86
+ introduced: "16.5"
87
+
83
88
  property :new_hostname, String,
84
89
  description: "Specifies a new hostname for the computer in the new domain.",
85
90
  introduced: "14.5"
@@ -116,6 +121,7 @@ class Chef
116
121
  unless new_resource.reboot == :never
117
122
  reboot "Reboot to join domain #{new_resource.domain_name}" do
118
123
  action clarify_reboot(new_resource.reboot)
124
+ delay_mins new_resource.reboot_delay
119
125
  reason "Reboot to join domain #{new_resource.domain_name}"
120
126
  end
121
127
  end
@@ -149,6 +155,7 @@ class Chef
149
155
  unless new_resource.reboot == :never
150
156
  reboot "Reboot to leave domain #{new_resource.domain_name}" do
151
157
  action clarify_reboot(new_resource.reboot)
158
+ delay_mins new_resource.reboot_delay
152
159
  reason "Reboot to leave domain #{new_resource.domain_name}"
153
160
  end
154
161
  end
@@ -152,30 +152,6 @@ class Chef
152
152
  property :audit_base_directories, [true, false],
153
153
  description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of container objects such as directories."
154
154
 
155
- def subcategory_configured?(sub_cat, success_value, failure_value)
156
- setting = if success_value && failure_value
157
- "Success and Failure$"
158
- elsif success_value && !failure_value
159
- "Success$"
160
- elsif !success_value && failure_value
161
- "(Failure$)&!(Success and Failure$)"
162
- else
163
- "No Auditing"
164
- end
165
- powershell_exec(<<-CODE).result
166
- $auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
167
- if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
168
- CODE
169
- end
170
-
171
- def option_configured?(option_name, option_setting)
172
- setting = option_setting ? "Enabled$" : "Disabled$"
173
- powershell_exec(<<-CODE).result
174
- $auditpol_config = auditpol /get /option:#{option_name}
175
- if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
176
- CODE
177
- end
178
-
179
155
  action :set do
180
156
  unless new_resource.subcategory.nil?
181
157
  new_resource.subcategory.each do |subcategory|
@@ -225,6 +201,32 @@ class Chef
225
201
  end
226
202
  end
227
203
  end
204
+
205
+ action_class do
206
+ def subcategory_configured?(sub_cat, success_value, failure_value)
207
+ setting = if success_value && failure_value
208
+ "Success and Failure$"
209
+ elsif success_value && !failure_value
210
+ "Success$"
211
+ elsif !success_value && failure_value
212
+ "#{sub_cat}\\s+Failure$"
213
+ else
214
+ "No Auditing"
215
+ end
216
+ powershell_exec!(<<-CODE).result
217
+ $auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
218
+ if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
219
+ CODE
220
+ end
221
+
222
+ def option_configured?(option_name, option_setting)
223
+ setting = option_setting ? "Enabled$" : "Disabled$"
224
+ powershell_exec!(<<-CODE).result
225
+ $auditpol_config = auditpol /get /option:#{option_name}
226
+ if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
227
+ CODE
228
+ end
229
+ end
228
230
  end
229
231
  end
230
232
  end
@@ -19,9 +19,11 @@
19
19
 
20
20
  require_relative "../util/path_helper"
21
21
  require_relative "../resource"
22
- require "win32-certstore" if Chef::Platform.windows?
23
- require "openssl" unless defined?(OpenSSL)
24
- require_relative "../dist"
22
+ module Win32
23
+ autoload :Certstore, "win32-certstore" if Chef::Platform.windows?
24
+ end
25
+ autoload :OpenSSL, "openssl"
26
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
25
27
 
26
28
  class Chef
27
29
  class Resource
@@ -82,7 +84,7 @@ class Chef
82
84
 
83
85
  # lazy used to set default value of sensitive to true if password is set
84
86
  property :sensitive, [TrueClass, FalseClass],
85
- description: "Ensure that sensitive resource data is not logged by the #{Chef::Dist::CLIENT}.",
87
+ description: "Ensure that sensitive resource data is not logged by the #{ChefUtils::Dist::Infra::CLIENT}.",
86
88
  default: lazy { pfx_password ? true : false }, skip_docs: true
87
89
 
88
90
  action :create do
@@ -19,8 +19,6 @@
19
19
  class Chef
20
20
  class Resource
21
21
  class WindowsFirewallProfile < Chef::Resource
22
- unified_mode true
23
-
24
22
  provides :windows_firewall_profile
25
23
  description "Use the **windows_firewall_profile** resource to enable, disable, and configure the Windows firewall."
26
24
  introduced "16.3"
@@ -161,24 +159,6 @@ class Chef
161
159
  cmd
162
160
  end
163
161
 
164
- def load_firewall_state(profile_name)
165
- <<-EOH
166
- Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
167
- $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
168
- ([PSCustomObject]@{
169
- default_inbound_action = $#{profile_name}.DefaultInboundAction.ToString()
170
- default_outbound_action = $#{profile_name}.DefaultOutboundAction.ToString()
171
- allow_inbound_rules = $#{profile_name}.AllowInboundRules.ToString()
172
- allow_local_firewall_rules = $#{profile_name}.AllowLocalFirewallRules.ToString()
173
- allow_local_ipsec_rules = $#{profile_name}.AllowLocalIPsecRules.ToString()
174
- allow_user_apps = $#{profile_name}.AllowUserApps.ToString()
175
- allow_user_ports = $#{profile_name}.AllowUserPorts.ToString()
176
- allow_unicast_response = $#{profile_name}.AllowUnicastResponseToMulticast.ToString()
177
- display_notification = $#{profile_name}.NotifyOnListen.ToString()
178
- }) | ConvertTo-Json
179
- EOH
180
- end
181
-
182
162
  def firewall_enabled?(profile_name)
183
163
  cmd = <<~CODE
184
164
  $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
@@ -194,6 +174,28 @@ class Chef
194
174
  end
195
175
  end
196
176
  end
177
+
178
+ private
179
+
180
+ # build the command to load the current resource
181
+ # @return [String] current firewall state
182
+ def load_firewall_state(profile_name)
183
+ <<-EOH
184
+ Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
185
+ $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
186
+ ([PSCustomObject]@{
187
+ default_inbound_action = $#{profile_name}.DefaultInboundAction.ToString()
188
+ default_outbound_action = $#{profile_name}.DefaultOutboundAction.ToString()
189
+ allow_inbound_rules = $#{profile_name}.AllowInboundRules.ToString()
190
+ allow_local_firewall_rules = $#{profile_name}.AllowLocalFirewallRules.ToString()
191
+ allow_local_ipsec_rules = $#{profile_name}.AllowLocalIPsecRules.ToString()
192
+ allow_user_apps = $#{profile_name}.AllowUserApps.ToString()
193
+ allow_user_ports = $#{profile_name}.AllowUserPorts.ToString()
194
+ allow_unicast_response = $#{profile_name}.AllowUnicastResponseToMulticast.ToString()
195
+ display_notification = $#{profile_name}.NotifyOnListen.ToString()
196
+ }) | ConvertTo-Json
197
+ EOH
198
+ end
197
199
  end
198
200
  end
199
201
  end
@@ -20,7 +20,7 @@ require_relative "../mixin/uris"
20
20
  require_relative "package"
21
21
  require_relative "../provider/package/windows"
22
22
  require_relative "../win32/error" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
23
- require_relative "../dist"
23
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
24
24
 
25
25
  class Chef
26
26
  class Resource
@@ -30,7 +30,30 @@ class Chef
30
30
  provides(:windows_package) { true }
31
31
  provides :package, os: "windows"
32
32
 
33
- description "Use the **windows_package** resource to manage packages on the Microsoft Windows platform. The windows_package resource supports these installer formats:\n\n Microsoft Installer Package (MSI)\n Nullsoft Scriptable Install System (NSIS)\n Inno Setup (inno)\n Wise\n InstallShield\n Custom installers such as installing a non-.msi file that embeds an .msi-based installer\n"
33
+ description <<~DESC
34
+ Use the **windows_package** resource to manage packages on the Microsoft Windows platform.
35
+ The **windows_package** resource supports these installer formats:
36
+ * Microsoft Installer Package (MSI)
37
+ * Nullsoft Scriptable Install System (NSIS)
38
+ * Inno Setup (inno)
39
+ * Wise
40
+ * InstallShield
41
+ * Custom installers such as installing a non-.msi file that embeds an .msi-based installer
42
+
43
+ To enable idempotence of the `:install` action or to enable the `:remove` action with no source property specified,
44
+ `package_name` MUST be an exact match of the name used by the package installer. The names of installed packages
45
+ Windows knows about can be found in **Add/Remove programs**, in the output of `ohai packages`, or in the
46
+ `DisplayName` property in one of the following in the Windows registry:
47
+
48
+ * `HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`
49
+ * `HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`
50
+ * `HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall`
51
+
52
+ Note: If there are multiple versions of a package installed with the same display name, all of those packages will
53
+ be removed unless a version is provided in the **version** property or unless it can be discovered in the installer
54
+ file specified by the **source** property.
55
+ DESC
56
+
34
57
  introduced "11.12"
35
58
  examples <<~DOC
36
59
  **Install a package**:
@@ -135,15 +158,15 @@ class Chef
135
158
  end
136
159
  end),
137
160
  default_description: "The resource block's name", # this property is basically a name_property but not really so we need to spell it out
138
- description: "The path to a package in the local file system. The location of the package may be at a URL."
161
+ description: "The path to a package in the local file system or the URL of a remote file that will be downloaded."
139
162
 
140
163
  property :checksum, String,
141
164
  desired_state: false, coerce: (proc { |c| c.downcase }),
142
- description: "The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{Chef::Dist::PRODUCT} does not download it. Use when a URL is specified by the `source` property."
165
+ description: "The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{ChefUtils::Dist::Infra::PRODUCT} does not download it. Use when a URL is specified by the `source` property."
143
166
 
144
167
  property :remote_file_attributes, Hash,
145
168
  desired_state: false,
146
- description: "If the source package to install is at a remote location this property allows you to define a hash of properties and their value which will be used by the underlying remote_file resource, which fetches the source."
169
+ description: "If the source package to install is at a remote location, this property allows you to define a hash of properties which will be used by the underlying **remote_file** resource used to fetch the source."
147
170
  end
148
171
  end
149
172
  end
@@ -24,7 +24,7 @@ class Chef
24
24
  class WindowsPrinter < Chef::Resource
25
25
  unified_mode true
26
26
 
27
- require "resolv"
27
+ autoload :Resolv, "resolv"
28
28
 
29
29
  provides(:windows_printer) { true }
30
30
 
@@ -78,8 +78,10 @@ class Chef
78
78
 
79
79
  property :ipv4_address, String,
80
80
  description: "The IPv4 address of the printer, such as `10.4.64.23`",
81
- validation_message: "The ipv4_address property must be in the IPv4 format of `WWW.XXX.YYY.ZZZ`",
82
- regex: Resolv::IPv4::Regex
81
+ callbacks: {
82
+ "The ipv4_address property must be in the IPv4 format of `WWW.XXX.YYY.ZZZ`" =>
83
+ proc { |v| v.match(Resolv::IPv4::Regex) },
84
+ }
83
85
 
84
86
  PRINTERS_REG_KEY = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\'.freeze unless defined?(PRINTERS_REG_KEY)
85
87
 
@@ -24,7 +24,7 @@ class Chef
24
24
  class WindowsPrinterPort < Chef::Resource
25
25
  unified_mode true
26
26
 
27
- require "resolv"
27
+ autoload :Resolv, "resolv"
28
28
 
29
29
  provides(:windows_printer_port) { true }
30
30
 
@@ -61,9 +61,11 @@ class Chef
61
61
 
62
62
  property :ipv4_address, String,
63
63
  name_property: true,
64
- regex: Resolv::IPv4::Regex,
65
- validation_message: "The ipv4_address property must be in the format of WWW.XXX.YYY.ZZZ!",
66
- description: "An optional property for the IPv4 address of the printer if it differs from the resource block's name."
64
+ description: "An optional property for the IPv4 address of the printer if it differs from the resource block's name.",
65
+ callbacks: {
66
+ "The ipv4_address property must be in the format of WWW.XXX.YYY.ZZZ!" =>
67
+ proc { |v| v.match(Resolv::IPv4::Regex) },
68
+ }
67
69
 
68
70
  property :port_name, String,
69
71
  description: "The port name."
@@ -23,52 +23,6 @@ class Chef
23
23
  class WindowsUserPrivilege < Chef::Resource
24
24
  unified_mode true
25
25
 
26
- privilege_opts = %w{SeTrustedCredManAccessPrivilege
27
- SeNetworkLogonRight
28
- SeTcbPrivilege
29
- SeMachineAccountPrivilege
30
- SeIncreaseQuotaPrivilege
31
- SeInteractiveLogonRight
32
- SeRemoteInteractiveLogonRight
33
- SeBackupPrivilege
34
- SeChangeNotifyPrivilege
35
- SeSystemtimePrivilege
36
- SeTimeZonePrivilege
37
- SeCreatePagefilePrivilege
38
- SeCreateTokenPrivilege
39
- SeCreateGlobalPrivilege
40
- SeCreatePermanentPrivilege
41
- SeCreateSymbolicLinkPrivilege
42
- SeDebugPrivilege
43
- SeDenyNetworkLogonRight
44
- SeDenyBatchLogonRight
45
- SeDenyServiceLogonRight
46
- SeDenyInteractiveLogonRight
47
- SeDenyRemoteInteractiveLogonRight
48
- SeEnableDelegationPrivilege
49
- SeRemoteShutdownPrivilege
50
- SeAuditPrivilege
51
- SeImpersonatePrivilege
52
- SeIncreaseWorkingSetPrivilege
53
- SeIncreaseBasePriorityPrivilege
54
- SeLoadDriverPrivilege
55
- SeLockMemoryPrivilege
56
- SeBatchLogonRight
57
- SeServiceLogonRight
58
- SeSecurityPrivilege
59
- SeRelabelPrivilege
60
- SeSystemEnvironmentPrivilege
61
- SeManageVolumePrivilege
62
- SeProfileSingleProcessPrivilege
63
- SeSystemProfilePrivilege
64
- SeUndockPrivilege
65
- SeAssignPrimaryTokenPrivilege
66
- SeRestorePrivilege
67
- SeShutdownPrivilege
68
- SeSyncAgentPrivilege
69
- SeTakeOwnershipPrivilege
70
- }
71
-
72
26
  provides :windows_user_privilege
73
27
  description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment"
74
28
 
@@ -125,22 +79,67 @@ class Chef
125
79
  ```
126
80
  DOC
127
81
 
82
+ PRIVILEGE_OPTS = %w{ SeAssignPrimaryTokenPrivilege
83
+ SeAuditPrivilege
84
+ SeBackupPrivilege
85
+ SeBatchLogonRight
86
+ SeChangeNotifyPrivilege
87
+ SeCreateGlobalPrivilege
88
+ SeCreatePagefilePrivilege
89
+ SeCreatePermanentPrivilege
90
+ SeCreateSymbolicLinkPrivilege
91
+ SeCreateTokenPrivilege
92
+ SeDebugPrivilege
93
+ SeDenyBatchLogonRight
94
+ SeDenyInteractiveLogonRight
95
+ SeDenyNetworkLogonRight
96
+ SeDenyRemoteInteractiveLogonRight
97
+ SeDenyServiceLogonRight
98
+ SeEnableDelegationPrivilege
99
+ SeImpersonatePrivilege
100
+ SeIncreaseBasePriorityPrivilege
101
+ SeIncreaseQuotaPrivilege
102
+ SeIncreaseWorkingSetPrivilege
103
+ SeInteractiveLogonRight
104
+ SeLoadDriverPrivilege
105
+ SeLockMemoryPrivilege
106
+ SeMachineAccountPrivilege
107
+ SeManageVolumePrivilege
108
+ SeNetworkLogonRight
109
+ SeProfileSingleProcessPrivilege
110
+ SeRelabelPrivilege
111
+ SeRemoteInteractiveLogonRight
112
+ SeRemoteShutdownPrivilege
113
+ SeRestorePrivilege
114
+ SeSecurityPrivilege
115
+ SeServiceLogonRight
116
+ SeShutdownPrivilege
117
+ SeSyncAgentPrivilege
118
+ SeSystemEnvironmentPrivilege
119
+ SeSystemProfilePrivilege
120
+ SeSystemtimePrivilege
121
+ SeTakeOwnershipPrivilege
122
+ SeTcbPrivilege
123
+ SeTimeZonePrivilege
124
+ SeTrustedCredManAccessPrivilege
125
+ SeUndockPrivilege
126
+ }.freeze
127
+
128
128
  property :principal, String,
129
129
  description: "An optional property to add the user to the given privilege. Use only with add and remove action.",
130
130
  name_property: true
131
131
 
132
- property :users, Array,
133
- description: "An optional property to set the privilege for given users. Use only with set action."
132
+ property :users, [Array, String],
133
+ description: "An optional property to set the privilege for given users. Use only with set action.",
134
+ coerce: proc { |v| Array(v) }
134
135
 
135
136
  property :privilege, [Array, String],
136
- description: "Privilege to set for users.",
137
+ description: "One or more privileges to set for users.",
137
138
  required: true,
138
- coerce: proc { |v| v.is_a?(String) ? Array[v] : v },
139
+ coerce: proc { |v| Array(v) },
139
140
  callbacks: {
140
- "Option privilege must include any of the: #{privilege_opts}" => lambda { |v|
141
- (privilege_opts & v).size == v.size
142
- },
143
- }
141
+ "Privilege property restricted to the following values: #{PRIVILEGE_OPTS}" => lambda { |n| (n - PRIVILEGE_OPTS).empty? },
142
+ }
144
143
 
145
144
  load_current_value do |new_resource|
146
145
  if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove))
@@ -16,7 +16,7 @@
16
16
  #
17
17
 
18
18
  require_relative "../resource"
19
- require_relative "../dist"
19
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
20
20
 
21
21
  class Chef
22
22
  class Resource
@@ -59,8 +59,8 @@ class Chef
59
59
 
60
60
  property :reboot, Symbol,
61
61
  equal_to: %i{never request_reboot reboot_now},
62
- validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{Chef::Dist::PRODUCT} run completes), and :never (Don't reboot)",
63
- description: "Controls the system reboot behavior post workgroup joining. Reboot immediately, after the #{Chef::Dist::PRODUCT} run completes, or never. Note that a reboot is necessary for changes to take effect.",
62
+ validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{ChefUtils::Dist::Infra::PRODUCT} run completes), and :never (Don't reboot)",
63
+ description: "Controls the system reboot behavior post workgroup joining. Reboot immediately, after the #{ChefUtils::Dist::Infra::PRODUCT} run completes, or never. Note that a reboot is necessary for changes to take effect.",
64
64
  coerce: proc { |x| clarify_reboot(x) },
65
65
  default: :immediate, desired_state: false
66
66
 
@@ -17,7 +17,7 @@
17
17
  #
18
18
 
19
19
  require_relative "package"
20
- require_relative "../dist"
20
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
21
21
 
22
22
  class Chef
23
23
  class Resource
@@ -135,7 +135,7 @@ class Chef
135
135
  coerce: proc { |x| x.is_a?(Array) ? x.to_a : x }
136
136
 
137
137
  property :flush_cache, Hash,
138
- description: "Flush the in-memory cache before or after a Yum operation that installs, upgrades, or removes a package. Accepts a Hash in the form: { :before => true/false, :after => true/false } or an Array in the form [ :before, :after ].\nYum automatically synchronizes remote metadata to a local cache. The #{Chef::Dist::CLIENT} creates a copy of the local cache, and then stores it in-memory during the #{Chef::Dist::CLIENT} run. The in-memory cache allows packages to be installed during the #{Chef::Dist::CLIENT} run without the need to continue synchronizing the remote metadata to the local cache while the #{Chef::Dist::CLIENT} run is in-progress.",
138
+ description: "Flush the in-memory cache before or after a Yum operation that installs, upgrades, or removes a package. Accepts a Hash in the form: { :before => true/false, :after => true/false } or an Array in the form [ :before, :after ].\nYum automatically synchronizes remote metadata to a local cache. The #{ChefUtils::Dist::Infra::CLIENT} creates a copy of the local cache, and then stores it in-memory during the #{ChefUtils::Dist::Infra::CLIENT} run. The in-memory cache allows packages to be installed during the #{ChefUtils::Dist::Infra::CLIENT} run without the need to continue synchronizing the remote metadata to the local cache while the #{ChefUtils::Dist::Infra::CLIENT} run is in-progress.",
139
139
  default: { before: false, after: false },
140
140
  coerce: proc { |v|
141
141
  if v.is_a?(Hash)