chef 16.4.41 → 16.5.64

data/lib/chef/resource/homebrew_package.rb

@@ -19,7 +19,7 @@
 
 require_relative "../provider/package"
 require_relative "package"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -29,7 +29,7 @@ class Chef
       provides :homebrew_package
       provides :package, os: "darwin"
 
-      description "Use the **homebrew_package** resource to manage packages for the macOS platform. Note: Starting with #{Chef::Dist::PRODUCT} 16 the homebrew resource now accepts an array of packages for installing multiple packages at once."
+      description "Use the **homebrew_package** resource to manage packages for the macOS platform. Note: Starting with #{ChefUtils::Dist::Infra::PRODUCT} 16 the homebrew resource now accepts an array of packages for installing multiple packages at once."
       introduced "12.0"
       examples <<~DOC
       **Install a package**:
@@ -62,7 +62,7 @@ class Chef
       DOC
 
       property :homebrew_user, [ String, Integer ],
-        description: "The name or uid of the Homebrew owner to be used by #{Chef::Dist::PRODUCT} when executing a command."
+        description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command."
 
     end
   end

data/lib/chef/resource/homebrew_update.rb

@@ -19,7 +19,7 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -38,7 +38,7 @@ class Chef
           action :periodic
         end
         ```
-        **Update the Homebrew repository at the start of a #{Chef::Dist::PRODUCT} run**:
+        **Update the Homebrew repository at the start of a #{ChefUtils::Dist::Infra::PRODUCT} run**:
         ```ruby
         homebrew_update 'update'
         ```
@@ -62,8 +62,8 @@ class Chef
         #
         # @return [Boolean]
         def brew_up_to_date?
-          ::File.exist?("#{BREW_STAMP}") &&
-            ::File.mtime("#{BREW_STAMP}") > Time.now - new_resource.frequency
+          ::File.exist?(BREW_STAMP) &&
+            ::File.mtime(BREW_STAMP) > Time.now - new_resource.frequency
         end
 
         def do_update
@@ -71,7 +71,7 @@ class Chef
             recursive true
           end
 
-          file "#{BREW_STAMP}" do
+          file BREW_STAMP do
             content "BREW::Update::Post-Invoke-Success\n"
             action :create_if_missing
           end

data/lib/chef/resource/hostname.rb

@@ -16,7 +16,7 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -248,7 +248,7 @@ class Chef
 
             # reboot because $windows
             reboot "setting hostname" do
-              reason "#{Chef::Dist::PRODUCT} updated system hostname"
+              reason "#{ChefUtils::Dist::Infra::PRODUCT} updated system hostname"
               only_if { new_resource.windows_reboot }
               action :request_reboot
             end

data/lib/chef/resource/launchd.rb

@@ -187,7 +187,8 @@ class Chef
         description: "Specify services to be registered with the bootstrap subsystem."
 
       property :nice, Integer,
-        description: "The program scheduling priority value in the range -20 to 20."
+        description: "The program scheduling priority value in the range -20 to 19.",
+        callbacks: { "should be a Integer between -20 and 19" => proc { |v| v >= -20 && v <= 19 } }
 
       property :on_demand, [ TrueClass, FalseClass ],
         description: "Keep a job alive. Only applies to macOS version 10.4 (and earlier); use keep_alive instead for newer versions."

data/lib/chef/resource/locale.rb

@@ -16,7 +16,7 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -71,7 +71,7 @@ class Chef
       #
       def lc_all(arg = nil)
         unless arg.nil?
-          Chef.deprecated(:locale_lc_all, "Changing LC_ALL can break #{Chef::Dist::PRODUCT}'s parsing of command output in unexpected ways.\n Use one of the more specific LC_ properties as needed.")
+          Chef.deprecated(:locale_lc_all, "Changing LC_ALL can break #{ChefUtils::Dist::Infra::PRODUCT}'s parsing of command output in unexpected ways.\n Use one of the more specific LC_ properties as needed.")
         end
       end
 

data/lib/chef/resource/macos_userdefaults.rb

@@ -16,8 +16,8 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
-require "plist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
+autoload :Plist, "plist"
 
 class Chef
   class Resource
@@ -97,7 +97,7 @@ class Chef
         desired_state: false
 
       property :sudo, [TrueClass, FalseClass],
-        description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the '/usr/bin/defaults' command to be setup for the user running #{Chef::Dist::PRODUCT}.",
+        description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the '/usr/bin/defaults' command to be setup for the user running #{ChefUtils::Dist::Infra::PRODUCT}.",
         default: false,
         desired_state: false
 

data/lib/chef/resource/notify_group.rb

@@ -15,7 +15,6 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
 
 class Chef
   class Resource

data/lib/chef/resource/ohai.rb

@@ -19,7 +19,7 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 require "ohai" unless defined?(Ohai::System)
 
 class Chef
@@ -29,10 +29,53 @@ class Chef
 
       provides :ohai
 
-      description "Use the **ohai** resource to reload the Ohai configuration on a node. This allows recipes that change system attributes (like a recipe that adds a user) to refer to those attributes later on during the #{Chef::Dist::CLIENT} run."
+      description "Use the **ohai** resource to reload the Ohai configuration on a node. This allows recipes that change system attributes (like a recipe that adds a user) to refer to those attributes later on during the #{ChefUtils::Dist::Infra::PRODUCT} run."
+
+      examples <<~DOC
+      Reload All Ohai Plugins
+
+      ```ruby
+      ohai 'reload' do
+        action :reload
+      end
+      ```
+
+      Reload A Single Ohai Plugin
+
+      ```ruby
+      ohai 'reload' do
+        plugin 'ipaddress'
+        action :reload
+      end
+      ```
+
+      Reload Ohai after a new user is created
+
+      ```ruby
+      ohai 'reload_passwd' do
+        action :nothing
+        plugin 'etc'
+      end
+
+      user 'daemon_user' do
+        home '/dev/null'
+        shell '/sbin/nologin'
+        system true
+        notifies :reload, 'ohai[reload_passwd]', :immediately
+      end
+
+      ruby_block 'just an example' do
+        block do
+          # These variables will now have the new values
+          puts node['etc']['passwd']['daemon_user']['uid']
+          puts node['etc']['passwd']['daemon_user']['gid']
+        end
+      end
+      ```
+      DOC
 
       property :plugin, String,
-        description: "The name of an Ohai plugin to be reloaded. If this property is not specified, #{Chef::Dist::PRODUCT} will reload all plugins."
+        description: "Specific Ohai attribute data to reload. This property behaves similar to specifying attributes when running Ohai on the command line and takes the attribute that you wish to reload instead of the actual plugin name. For instance, you can pass `ipaddress` to reload `node['ipaddress']` even though that data comes from the `Network` plugin. If this property is not specified, #{ChefUtils::Dist::Infra::PRODUCT} will reload all plugins."
 
       def load_current_resource
         true

data/lib/chef/resource/ohai_hint.rb

@@ -26,6 +26,39 @@ class Chef
 
       description "Use the **ohai_hint** resource to aid in configuration detection by passing hint data to Ohai."
       introduced "14.0"
+      examples <<~DOC
+      **Create a hint file**
+
+      ```ruby
+      ohai_hint 'example' do
+        content a: 'test_content'
+      end
+      ```
+
+      **Create a hint file with a name that does not match the resource name**
+
+      ```ruby
+      ohai_hint 'example' do
+        hint_name 'custom'
+      end
+      ```
+
+      **Create a hint file that is not loaded at compile time**
+
+      ```ruby
+      ohai_hint 'example' do
+        compile_time false
+      end
+      ```
+
+      **Delete a hint file**
+
+      ```ruby
+      ohai_hint 'example' do
+        action :delete
+      end
+      ```
+      DOC
 
       property :hint_name, String,
         description: "An optional property to set the hint name if it differs from the resource block's name.",

data/lib/chef/resource/openssl_dhparam.rb

@@ -27,15 +27,37 @@ class Chef
 
       provides(:openssl_dhparam) { true }
 
-      description "Use the **openssl_dhparam** resource to generate dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten."
+      description "Use the **openssl_dhparam** resource to generate `dhparam.pem` files. If a valid `dhparam.pem` file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid `dhparam.pem` file, it will be overwritten."
       introduced "14.0"
       examples <<~DOC
-        Create a 1024bit dhparam file
+        **Create a dhparam file**
 
         ```ruby
-        openssl_dhparam '/etc/ssl_files/dhparam.pem' do
-          key_length 1024
-          action :create
+        openssl_dhparam '/etc/httpd/ssl/dhparam.pem'
+        ```
+
+        **Create a dhparam file with a specific key length**
+
+        ```ruby
+        openssl_dhparam '/etc/httpd/ssl/dhparam.pem' do
+          key_length 4096
+        end
+        ```
+
+        **Create a dhparam file with specific user/group ownership**
+
+        ```ruby
+        openssl_dhparam '/etc/httpd/ssl/dhparam.pem' do
+          owner 'www-data'
+          group 'www-data'
+        end
+        ```
+
+        **Manually specify the dhparam file path**
+
+        ```ruby
+        openssl_dhparam 'httpd_dhparam' do
+          path '/etc/httpd/ssl/dhparam.pem'
         end
         ```
       DOC

data/lib/chef/resource/openssl_ec_private_key.rb

@@ -66,10 +66,13 @@ class Chef
         description: "The desired passphrase for the key."
 
       property :key_cipher, String,
-        equal_to: OpenSSL::Cipher.ciphers,
-        validation_message: "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options.",
         description: "The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options.",
-        default: "des3"
+        default: lazy { "des3" },
+        default_description: "des3",
+        callbacks: {
+          "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options." =>
+            proc { |v| OpenSSL::Cipher.ciphers.include?(v) },
+        }
 
       property :owner, [String, Integer],
         description: "The owner applied to all files created by the resource."

data/lib/chef/resource/openssl_ec_public_key.rb

@@ -31,7 +31,7 @@ class Chef
       description "Use the **openssl_ec_public_key** resource to generate elliptic curve (EC) public key files from a given EC private key."
       introduced "14.4"
       examples <<~DOC
-        Generate new ec public key from a private key on disk
+        **Generate new EC public key from a private key on disk**
 
         ```ruby
         openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3.pub' do
@@ -41,7 +41,7 @@ class Chef
         end
         ```
 
-        Generate new ec public key by passing in a private key
+        **Generate new EC public key by passing in a private key**
 
         ```ruby
         openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3_2.pub' do

data/lib/chef/resource/openssl_rsa_private_key.rb

@@ -65,10 +65,13 @@ class Chef
         description: "The desired passphrase for the key."
 
       property :key_cipher, String,
-        equal_to: OpenSSL::Cipher.ciphers,
-        validation_message: "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options.",
         description: "The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options.",
-        default: "des3"
+        default: lazy { "des3" },
+        default_description: "des3",
+        callbacks: {
+          "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options." =>
+            proc { |v| OpenSSL::Cipher.ciphers.include?(v) },
+        }
 
       property :owner, [String, Integer],
         description: "The owner applied to all files created by the resource."

data/lib/chef/resource/openssl_x509_certificate.rb

@@ -86,32 +86,32 @@ class Chef
         description: "The permission mode applied to all files created by the resource."
 
       property :country, String,
-        description: "Value for the C certificate field."
+        description: "Value for the `C` certificate field."
 
       property :state, String,
-        description: "Value for the ST certificate field."
+        description: "Value for the `ST` certificate field."
 
       property :city, String,
-        description: "Value for the L certificate field."
+        description: "Value for the `L` certificate field."
 
       property :org, String,
-        description: "Value for the O certificate field."
+        description: "Value for the `O` certificate field."
 
       property :org_unit, String,
-        description: "Value for the OU certificate field."
+        description: "Value for the `OU` certificate field."
 
       property :common_name, String,
-        description: "Value for the CN certificate field."
+        description: "Value for the `CN` certificate field."
 
       property :email, String,
-        description: "Value for the email certificate field."
+        description: "Value for the `email` certificate field."
 
       property :extensions, Hash,
-        description: "Hash of X509 Extensions entries, in format { 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }.",
+        description: "Hash of X509 Extensions entries, in format `{ 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }`.",
         default: lazy { {} }
 
       property :subject_alt_name, Array,
-        description: "Array of Subject Alternative Name entries, in format DNS:example.com or IP:1.2.3.4.",
+        description: "Array of Subject Alternative Name entries, in format `DNS:example.com` or `IP:1.2.3.4`.",
         default: lazy { [] }
 
       property :key_file, String,
@@ -122,7 +122,7 @@ class Chef
 
       property :key_type, String,
         equal_to: %w{rsa ec},
-        description: "The desired type of the generated key (rsa or ec).",
+        description: "The desired type of the generated key.",
         default: "rsa"
 
       property :key_length, Integer,
@@ -131,18 +131,18 @@ class Chef
         default: 2048
 
       property :key_curve, String,
-        description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run openssl ecparam -list_curves to see available options.",
+        description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run `openssl ecparam -list_curves` to see available options.",
         equal_to: %w{secp384r1 secp521r1 prime256v1},
         default: "prime256v1"
 
       property :csr_file, String,
-        description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the csr_file property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
+        description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the `csr_file` property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
 
       property :ca_cert_file, String,
-        description: "The path to the CA X509 Certificate on the filesystem. If the ca_cert_file property is specified, the ca_key_file property must also be specified, the certificate will be signed with them."
+        description: "The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the certificate will be signed with them."
 
       property :ca_key_file, String,
-        description: "The path to the CA private key on the filesystem. If the ca_key_file property is specified, the 'ca_cert_file' property must also be specified, the certificate will be signed with them."
+        description: "The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file` property must also be specified, the certificate will be signed with them."
 
       property :ca_key_pass, String,
         description: "The passphrase for CA private key's passphrase."

data/lib/chef/resource/openssl_x509_crl.rb

@@ -31,15 +31,24 @@ class Chef
       description "Use the **openssl_x509_crl** resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
       introduced "14.4"
       examples <<~DOC
-        Generate a CRL file given a cert file and key file
+      **Create a certificate revocation file**
 
-        ```ruby
-        openssl_x509_crl '/etc/ssl_files/my_ca2.crl' do
-          ca_cert_file '/etc/ssl_files/my_ca2.crt'
-          ca_key_file '/etc/ssl_files/my_ca2.key'
-          expire 1
-        end
-        ```
+      ```ruby
+      openssl_x509_crl '/etc/ssl_test/my_ca.crl' do
+        ca_cert_file '/etc/ssl_test/my_ca.crt'
+        ca_key_file '/etc/ssl_test/my_ca.key'
+      end
+      ```
+
+      **Create a certificate revocation file for a particular serial**
+
+      ```ruby
+      openssl_x509_crl '/etc/ssl_test/my_ca.crl' do
+        ca_cert_file '/etc/ssl_test/my_ca.crt'
+        ca_key_file '/etc/ssl_test/my_ca.key'
+        serial_to_revoke C7BCB6602A2E4251EF4E2827A228CB52BC0CEA2F
+      end
+      ```
       DOC
 
       property :path, String,
@@ -62,11 +71,11 @@ class Chef
         default: 1
 
       property :ca_cert_file, String,
-        description: "The path to the CA X509 Certificate on the filesystem. If the ca_cert_file property is specified, the ca_key_file property must also be specified, the CRL will be signed with them.",
+        description: "The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the CRL will be signed with them.",
         required: true
 
       property :ca_key_file, String,
-        description: "The path to the CA private key on the filesystem. If the ca_key_file property is specified, the ca_cert_file property must also be specified, the CRL will be signed with them.",
+        description: "The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file` property must also be specified, the CRL will be signed with them.",
         required: true
 
       property :ca_key_pass, String,