chef 16.4.41 → 16.5.64

Sign up to get free protection for your applications and to get access to all the features.
Files changed (268) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +1 -1
  3. data/Rakefile +2 -2
  4. data/bin/knife +1 -1
  5. data/chef.gemspec +2 -1
  6. data/lib/chef/application.rb +18 -16
  7. data/lib/chef/application/apply.rb +12 -7
  8. data/lib/chef/application/base.rb +26 -23
  9. data/lib/chef/application/client.rb +10 -4
  10. data/lib/chef/application/exit_code.rb +13 -4
  11. data/lib/chef/application/knife.rb +22 -11
  12. data/lib/chef/application/solo.rb +2 -1
  13. data/lib/chef/application/windows_service.rb +14 -14
  14. data/lib/chef/application/windows_service_manager.rb +6 -6
  15. data/lib/chef/chef_fs/knife.rb +2 -2
  16. data/lib/chef/chef_fs/parallelizer.rb +0 -1
  17. data/lib/chef/client.rb +10 -11
  18. data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
  19. data/lib/chef/cookbook/synchronizer.rb +2 -2
  20. data/lib/chef/cookbook_site_streaming_uploader.rb +13 -11
  21. data/lib/chef/cookbook_uploader.rb +1 -1
  22. data/lib/chef/data_collector.rb +6 -5
  23. data/lib/chef/data_collector/config_validation.rb +22 -13
  24. data/lib/chef/data_collector/run_end_message.rb +2 -2
  25. data/lib/chef/data_collector/run_start_message.rb +1 -1
  26. data/lib/chef/deprecated.rb +1 -1
  27. data/lib/chef/deprecation/warnings.rb +2 -2
  28. data/lib/chef/digester.rb +2 -2
  29. data/lib/chef/dsl/chef_vault.rb +1 -1
  30. data/lib/chef/dsl/data_query.rb +2 -2
  31. data/lib/chef/dsl/platform_introspection.rb +1 -1
  32. data/lib/chef/encrypted_data_bag_item.rb +3 -4
  33. data/lib/chef/encrypted_data_bag_item/decryptor.rb +3 -3
  34. data/lib/chef/encrypted_data_bag_item/encryptor.rb +3 -3
  35. data/lib/chef/environment.rb +2 -2
  36. data/lib/chef/event_loggers/windows_eventlog.rb +2 -2
  37. data/lib/chef/exceptions.rb +4 -4
  38. data/lib/chef/file_access_control/windows.rb +5 -1
  39. data/lib/chef/formatters/doc.rb +7 -6
  40. data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +6 -5
  41. data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +3 -3
  42. data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +9 -9
  43. data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +2 -2
  44. data/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +3 -3
  45. data/lib/chef/formatters/minimal.rb +5 -4
  46. data/lib/chef/http.rb +6 -4
  47. data/lib/chef/http/auth_credentials.rb +5 -1
  48. data/lib/chef/http/authenticator.rb +1 -1
  49. data/lib/chef/http/basic_client.rb +4 -2
  50. data/lib/chef/http/decompressor.rb +1 -1
  51. data/lib/chef/http/http_request.rb +7 -5
  52. data/lib/chef/http/socketless_chef_zero_client.rb +5 -2
  53. data/lib/chef/http/ssl_policies.rb +1 -1
  54. data/lib/chef/json_compat.rb +1 -1
  55. data/lib/chef/knife.rb +4 -4
  56. data/lib/chef/knife/bootstrap.rb +16 -14
  57. data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
  58. data/lib/chef/knife/bootstrap/templates/chef-full.erb +3 -3
  59. data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +7 -7
  60. data/lib/chef/knife/client_create.rb +3 -3
  61. data/lib/chef/knife/config_get.rb +8 -97
  62. data/lib/chef/knife/config_get_profile.rb +9 -9
  63. data/lib/chef/knife/config_list.rb +139 -0
  64. data/lib/chef/knife/config_list_profiles.rb +8 -98
  65. data/lib/chef/knife/config_show.rb +127 -0
  66. data/lib/chef/knife/config_use.rb +61 -0
  67. data/lib/chef/knife/config_use_profile.rb +9 -24
  68. data/lib/chef/knife/configure.rb +2 -2
  69. data/lib/chef/knife/core/bootstrap_context.rb +2 -2
  70. data/lib/chef/knife/core/object_loader.rb +1 -1
  71. data/lib/chef/knife/core/windows_bootstrap_context.rb +11 -11
  72. data/lib/chef/knife/exec.rb +2 -2
  73. data/lib/chef/knife/node_show.rb +2 -2
  74. data/lib/chef/knife/serve.rb +3 -3
  75. data/lib/chef/knife/ssh.rb +16 -1
  76. data/lib/chef/knife/ssl_check.rb +3 -3
  77. data/lib/chef/knife/status.rb +2 -2
  78. data/lib/chef/knife/user_create.rb +2 -2
  79. data/lib/chef/knife/yaml_convert.rb +1 -1
  80. data/lib/chef/local_mode.rb +2 -2
  81. data/lib/chef/log/syslog.rb +2 -2
  82. data/lib/chef/log/winevt.rb +2 -2
  83. data/lib/chef/mixin/deep_merge.rb +0 -12
  84. data/lib/chef/mixin/openssl_helper.rb +1 -4
  85. data/lib/chef/mixin/template.rb +2 -2
  86. data/lib/chef/mixin/uris.rb +2 -2
  87. data/lib/chef/mixin/versioned_api.rb +1 -2
  88. data/lib/chef/monkey_patches/net_http.rb +4 -4
  89. data/lib/chef/node_map.rb +2 -2
  90. data/lib/chef/policy_builder/policyfile.rb +2 -2
  91. data/lib/chef/provider.rb +0 -4
  92. data/lib/chef/provider/file.rb +2 -2
  93. data/lib/chef/provider/ifconfig.rb +1 -1
  94. data/lib/chef/provider/launchd.rb +2 -2
  95. data/lib/chef/provider/mount/linux.rb +63 -0
  96. data/lib/chef/provider/package/rubygems.rb +21 -18
  97. data/lib/chef/provider/package/snap.rb +0 -1
  98. data/lib/chef/provider/package/windows.rb +2 -2
  99. data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +3 -1
  100. data/lib/chef/provider/package/zypper.rb +1 -1
  101. data/lib/chef/provider/remote_file/content.rb +3 -0
  102. data/lib/chef/provider/remote_file/ftp.rb +6 -4
  103. data/lib/chef/provider/remote_file/sftp.rb +6 -4
  104. data/lib/chef/provider/route.rb +2 -6
  105. data/lib/chef/provider/service/macosx.rb +2 -2
  106. data/lib/chef/provider/template_finder.rb +2 -10
  107. data/lib/chef/provider/user/dscl.rb +3 -3
  108. data/lib/chef/provider/user/mac.rb +1 -1
  109. data/lib/chef/provider/windows_task.rb +1 -2
  110. data/lib/chef/provider/zypper_repository.rb +2 -2
  111. data/lib/chef/provider_resolver.rb +1 -1
  112. data/lib/chef/providers.rb +1 -0
  113. data/lib/chef/recipe.rb +2 -2
  114. data/lib/chef/resource.rb +1 -1
  115. data/lib/chef/resource/apt_repository.rb +1 -1
  116. data/lib/chef/resource/bff_package.rb +22 -0
  117. data/lib/chef/resource/breakpoint.rb +57 -2
  118. data/lib/chef/resource/build_essential.rb +1 -1
  119. data/lib/chef/resource/cab_package.rb +29 -0
  120. data/lib/chef/resource/chef_client_cron.rb +32 -25
  121. data/lib/chef/resource/chef_client_launchd.rb +194 -0
  122. data/lib/chef/resource/chef_client_scheduled_task.rb +21 -18
  123. data/lib/chef/resource/chef_client_systemd_timer.rb +24 -17
  124. data/lib/chef/resource/chef_client_trusted_certificate.rb +101 -0
  125. data/lib/chef/resource/chef_gem.rb +10 -10
  126. data/lib/chef/resource/chef_handler.rb +148 -4
  127. data/lib/chef/resource/chef_sleep.rb +2 -2
  128. data/lib/chef/resource/chef_vault_secret.rb +1 -1
  129. data/lib/chef/resource/cookbook_file.rb +2 -2
  130. data/lib/chef/resource/cron/cron_d.rb +0 -1
  131. data/lib/chef/resource/dnf_package.rb +2 -2
  132. data/lib/chef/resource/dsc_resource.rb +0 -1
  133. data/lib/chef/resource/dsc_script.rb +2 -2
  134. data/lib/chef/resource/execute.rb +6 -6
  135. data/lib/chef/resource/file.rb +4 -4
  136. data/lib/chef/resource/gem_package.rb +5 -5
  137. data/lib/chef/resource/homebrew_package.rb +3 -3
  138. data/lib/chef/resource/homebrew_update.rb +5 -5
  139. data/lib/chef/resource/hostname.rb +2 -2
  140. data/lib/chef/resource/launchd.rb +2 -1
  141. data/lib/chef/resource/locale.rb +2 -2
  142. data/lib/chef/resource/macos_userdefaults.rb +3 -3
  143. data/lib/chef/resource/notify_group.rb +0 -1
  144. data/lib/chef/resource/ohai.rb +46 -3
  145. data/lib/chef/resource/ohai_hint.rb +33 -0
  146. data/lib/chef/resource/openssl_dhparam.rb +27 -5
  147. data/lib/chef/resource/openssl_ec_private_key.rb +6 -3
  148. data/lib/chef/resource/openssl_ec_public_key.rb +2 -2
  149. data/lib/chef/resource/openssl_rsa_private_key.rb +6 -3
  150. data/lib/chef/resource/openssl_x509_certificate.rb +14 -14
  151. data/lib/chef/resource/openssl_x509_crl.rb +19 -10
  152. data/lib/chef/resource/openssl_x509_request.rb +14 -16
  153. data/lib/chef/resource/osx_profile.rb +77 -13
  154. data/lib/chef/resource/plist.rb +1 -1
  155. data/lib/chef/resource/powershell_package_source.rb +5 -5
  156. data/lib/chef/resource/reboot.rb +2 -2
  157. data/lib/chef/resource/remote_file.rb +3 -3
  158. data/lib/chef/resource/rhsm_register.rb +22 -10
  159. data/lib/chef/resource/ruby_block.rb +2 -2
  160. data/lib/chef/resource/scm/subversion.rb +2 -2
  161. data/lib/chef/resource/service.rb +3 -3
  162. data/lib/chef/resource/ssh_known_hosts_entry.rb +2 -2
  163. data/lib/chef/resource/support/cron.d.erb +1 -1
  164. data/lib/chef/resource/support/cron_access.erb +1 -1
  165. data/lib/chef/resource/support/sudoer.erb +1 -1
  166. data/lib/chef/resource/support/ulimit.erb +1 -1
  167. data/lib/chef/resource/sysctl.rb +1 -5
  168. data/lib/chef/resource/systemd_unit.rb +2 -2
  169. data/lib/chef/resource/template.rb +2 -2
  170. data/lib/chef/resource/windows_ad_join.rb +10 -3
  171. data/lib/chef/resource/windows_certificate.rb +6 -4
  172. data/lib/chef/resource/windows_firewall_profile.rb +22 -20
  173. data/lib/chef/resource/windows_package.rb +28 -5
  174. data/lib/chef/resource/windows_printer.rb +5 -3
  175. data/lib/chef/resource/windows_printer_port.rb +6 -4
  176. data/lib/chef/resource/windows_user_privilege.rb +53 -54
  177. data/lib/chef/resource/windows_workgroup.rb +3 -3
  178. data/lib/chef/resource/yum_package.rb +2 -2
  179. data/lib/chef/resources.rb +3 -1
  180. data/lib/chef/run_context.rb +2 -2
  181. data/lib/chef/run_context/cookbook_compiler.rb +1 -1
  182. data/lib/chef/run_lock.rb +2 -2
  183. data/lib/chef/search/query.rb +4 -5
  184. data/lib/chef/shell.rb +31 -26
  185. data/lib/chef/shell/ext.rb +11 -11
  186. data/lib/chef/shell/shell_session.rb +2 -2
  187. data/lib/chef/train_transport.rb +5 -104
  188. data/lib/chef/util/diff.rb +3 -3
  189. data/lib/chef/util/powershell/cmdlet.rb +3 -1
  190. data/lib/chef/util/powershell/ps_credential.rb +18 -14
  191. data/lib/chef/util/threaded_job_queue.rb +0 -2
  192. data/lib/chef/version.rb +1 -1
  193. data/lib/chef/win32/crypto.rb +1 -1
  194. data/lib/chef/win32/registry.rb +1 -2
  195. data/spec/data/shef-config.rb +1 -1
  196. data/spec/functional/event_loggers/windows_eventlog_spec.rb +6 -5
  197. data/spec/functional/resource/aix_service_spec.rb +2 -2
  198. data/spec/functional/resource/aixinit_service_spec.rb +1 -1
  199. data/spec/functional/resource/insserv_spec.rb +1 -1
  200. data/spec/functional/resource/user/dscl_spec.rb +1 -1
  201. data/spec/functional/resource/user/mac_user_spec.rb +1 -1
  202. data/spec/functional/resource/windows_task_spec.rb +13 -13
  203. data/spec/functional/version_spec.rb +3 -3
  204. data/spec/integration/client/client_spec.rb +4 -4
  205. data/spec/integration/client/exit_code_spec.rb +3 -2
  206. data/spec/integration/client/ipv6_spec.rb +1 -1
  207. data/spec/integration/knife/{config_list_profiles_spec.rb → config_list_spec.rb} +30 -29
  208. data/spec/integration/knife/{config_get_spec.rb → config_show_spec.rb} +3 -3
  209. data/spec/integration/knife/{config_use_profile_spec.rb → config_use_spec.rb} +53 -10
  210. data/spec/integration/knife/cookbook_api_ipv6_spec.rb +1 -1
  211. data/spec/integration/ohai/ohai_spec.rb +61 -0
  212. data/spec/integration/recipes/remote_directory.rb +1 -1
  213. data/spec/integration/solo/solo_spec.rb +5 -5
  214. data/spec/spec_helper.rb +6 -3
  215. data/spec/stress/win32/file_spec.rb +1 -1
  216. data/spec/support/chef_helpers.rb +2 -2
  217. data/spec/support/matchers/leak.rb +2 -2
  218. data/spec/support/platform_helpers.rb +16 -34
  219. data/spec/support/shared/functional/securable_resource.rb +108 -27
  220. data/spec/support/shared/functional/win32_service.rb +1 -1
  221. data/spec/support/shared/unit/application_dot_d.rb +5 -3
  222. data/spec/tiny_server.rb +0 -1
  223. data/spec/unit/application/client_spec.rb +2 -2
  224. data/spec/unit/application/exit_code_spec.rb +10 -0
  225. data/spec/unit/application_spec.rb +4 -6
  226. data/spec/unit/chef_fs/parallelizer_spec.rb +5 -1
  227. data/spec/unit/chef_fs/path_util_spec.rb +1 -1
  228. data/spec/unit/cookbook/synchronizer_spec.rb +2 -2
  229. data/spec/unit/cookbook_spec.rb +2 -2
  230. data/spec/unit/data_collector/config_validation_spec.rb +208 -0
  231. data/spec/unit/data_collector_spec.rb +0 -113
  232. data/spec/unit/dsl/declare_resource_spec.rb +1 -1
  233. data/spec/unit/file_access_control_spec.rb +1 -1
  234. data/spec/unit/knife/bootstrap_spec.rb +6 -6
  235. data/spec/unit/knife/core/ui_spec.rb +1 -0
  236. data/spec/unit/knife/ssh_spec.rb +2 -2
  237. data/spec/unit/lwrp_spec.rb +3 -3
  238. data/spec/unit/mixin/deep_merge_spec.rb +15 -0
  239. data/spec/unit/mixin/openssl_helper_spec.rb +1 -1
  240. data/spec/unit/mixin/powershell_exec_spec.rb +1 -1
  241. data/spec/unit/mixin/securable_spec.rb +2 -2
  242. data/spec/unit/node/immutable_collections_spec.rb +2 -2
  243. data/spec/unit/provider/mount/linux_spec.rb +97 -0
  244. data/spec/unit/provider/package/chocolatey_spec.rb +1 -1
  245. data/spec/unit/provider/package/powershell_spec.rb +1 -1
  246. data/spec/unit/provider/package/rubygems_spec.rb +4 -1
  247. data/spec/unit/provider/route_spec.rb +0 -2
  248. data/spec/unit/recipe_spec.rb +1 -1
  249. data/spec/unit/resource/chef_client_cron_spec.rb +35 -14
  250. data/spec/unit/resource/chef_client_launchd_spec.rb +127 -0
  251. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +36 -1
  252. data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +54 -0
  253. data/spec/unit/resource/launchd_spec.rb +8 -0
  254. data/spec/unit/resource/osx_profile_spec.rb +67 -1
  255. data/spec/unit/resource/rhsm_register_spec.rb +56 -18
  256. data/spec/unit/resource/windows_uac_spec.rb +1 -1
  257. data/spec/unit/resource/windows_user_privilege_spec.rb +55 -0
  258. data/spec/unit/run_lock_spec.rb +5 -1
  259. data/spec/unit/runner_spec.rb +1 -2
  260. data/spec/unit/shell/shell_ext_spec.rb +46 -3
  261. data/spec/unit/shell/shell_session_spec.rb +35 -64
  262. data/spec/unit/shell_spec.rb +16 -19
  263. data/spec/unit/train_transport_spec.rb +14 -13
  264. data/spec/unit/util/selinux_spec.rb +2 -0
  265. data/tasks/rspec.rb +0 -2
  266. metadata +41 -17
  267. data/lib/chef/dist.rb +0 -68
  268. data/spec/integration/knife/config_get_profile_spec.rb +0 -114
@@ -19,7 +19,7 @@
19
19
 
20
20
  require_relative "../provider/package"
21
21
  require_relative "package"
22
- require_relative "../dist"
22
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
23
23
 
24
24
  class Chef
25
25
  class Resource
@@ -29,7 +29,7 @@ class Chef
29
29
  provides :homebrew_package
30
30
  provides :package, os: "darwin"
31
31
 
32
- description "Use the **homebrew_package** resource to manage packages for the macOS platform. Note: Starting with #{Chef::Dist::PRODUCT} 16 the homebrew resource now accepts an array of packages for installing multiple packages at once."
32
+ description "Use the **homebrew_package** resource to manage packages for the macOS platform. Note: Starting with #{ChefUtils::Dist::Infra::PRODUCT} 16 the homebrew resource now accepts an array of packages for installing multiple packages at once."
33
33
  introduced "12.0"
34
34
  examples <<~DOC
35
35
  **Install a package**:
@@ -62,7 +62,7 @@ class Chef
62
62
  DOC
63
63
 
64
64
  property :homebrew_user, [ String, Integer ],
65
- description: "The name or uid of the Homebrew owner to be used by #{Chef::Dist::PRODUCT} when executing a command."
65
+ description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command."
66
66
 
67
67
  end
68
68
  end
@@ -19,7 +19,7 @@
19
19
  #
20
20
 
21
21
  require_relative "../resource"
22
- require_relative "../dist"
22
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
23
23
 
24
24
  class Chef
25
25
  class Resource
@@ -38,7 +38,7 @@ class Chef
38
38
  action :periodic
39
39
  end
40
40
  ```
41
- **Update the Homebrew repository at the start of a #{Chef::Dist::PRODUCT} run**:
41
+ **Update the Homebrew repository at the start of a #{ChefUtils::Dist::Infra::PRODUCT} run**:
42
42
  ```ruby
43
43
  homebrew_update 'update'
44
44
  ```
@@ -62,8 +62,8 @@ class Chef
62
62
  #
63
63
  # @return [Boolean]
64
64
  def brew_up_to_date?
65
- ::File.exist?("#{BREW_STAMP}") &&
66
- ::File.mtime("#{BREW_STAMP}") > Time.now - new_resource.frequency
65
+ ::File.exist?(BREW_STAMP) &&
66
+ ::File.mtime(BREW_STAMP) > Time.now - new_resource.frequency
67
67
  end
68
68
 
69
69
  def do_update
@@ -71,7 +71,7 @@ class Chef
71
71
  recursive true
72
72
  end
73
73
 
74
- file "#{BREW_STAMP}" do
74
+ file BREW_STAMP do
75
75
  content "BREW::Update::Post-Invoke-Success\n"
76
76
  action :create_if_missing
77
77
  end
@@ -16,7 +16,7 @@
16
16
  #
17
17
 
18
18
  require_relative "../resource"
19
- require_relative "../dist"
19
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
20
20
 
21
21
  class Chef
22
22
  class Resource
@@ -248,7 +248,7 @@ class Chef
248
248
 
249
249
  # reboot because $windows
250
250
  reboot "setting hostname" do
251
- reason "#{Chef::Dist::PRODUCT} updated system hostname"
251
+ reason "#{ChefUtils::Dist::Infra::PRODUCT} updated system hostname"
252
252
  only_if { new_resource.windows_reboot }
253
253
  action :request_reboot
254
254
  end
@@ -187,7 +187,8 @@ class Chef
187
187
  description: "Specify services to be registered with the bootstrap subsystem."
188
188
 
189
189
  property :nice, Integer,
190
- description: "The program scheduling priority value in the range -20 to 20."
190
+ description: "The program scheduling priority value in the range -20 to 19.",
191
+ callbacks: { "should be a Integer between -20 and 19" => proc { |v| v >= -20 && v <= 19 } }
191
192
 
192
193
  property :on_demand, [ TrueClass, FalseClass ],
193
194
  description: "Keep a job alive. Only applies to macOS version 10.4 (and earlier); use keep_alive instead for newer versions."
@@ -16,7 +16,7 @@
16
16
  #
17
17
 
18
18
  require_relative "../resource"
19
- require_relative "../dist"
19
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
20
20
 
21
21
  class Chef
22
22
  class Resource
@@ -71,7 +71,7 @@ class Chef
71
71
  #
72
72
  def lc_all(arg = nil)
73
73
  unless arg.nil?
74
- Chef.deprecated(:locale_lc_all, "Changing LC_ALL can break #{Chef::Dist::PRODUCT}'s parsing of command output in unexpected ways.\n Use one of the more specific LC_ properties as needed.")
74
+ Chef.deprecated(:locale_lc_all, "Changing LC_ALL can break #{ChefUtils::Dist::Infra::PRODUCT}'s parsing of command output in unexpected ways.\n Use one of the more specific LC_ properties as needed.")
75
75
  end
76
76
  end
77
77
 
@@ -16,8 +16,8 @@
16
16
  #
17
17
 
18
18
  require_relative "../resource"
19
- require_relative "../dist"
20
- require "plist"
19
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
20
+ autoload :Plist, "plist"
21
21
 
22
22
  class Chef
23
23
  class Resource
@@ -97,7 +97,7 @@ class Chef
97
97
  desired_state: false
98
98
 
99
99
  property :sudo, [TrueClass, FalseClass],
100
- description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the '/usr/bin/defaults' command to be setup for the user running #{Chef::Dist::PRODUCT}.",
100
+ description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the '/usr/bin/defaults' command to be setup for the user running #{ChefUtils::Dist::Infra::PRODUCT}.",
101
101
  default: false,
102
102
  desired_state: false
103
103
 
@@ -15,7 +15,6 @@
15
15
  #
16
16
 
17
17
  require_relative "../resource"
18
- require_relative "../dist"
19
18
 
20
19
  class Chef
21
20
  class Resource
@@ -19,7 +19,7 @@
19
19
  #
20
20
 
21
21
  require_relative "../resource"
22
- require_relative "../dist"
22
+ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
23
23
  require "ohai" unless defined?(Ohai::System)
24
24
 
25
25
  class Chef
@@ -29,10 +29,53 @@ class Chef
29
29
 
30
30
  provides :ohai
31
31
 
32
- description "Use the **ohai** resource to reload the Ohai configuration on a node. This allows recipes that change system attributes (like a recipe that adds a user) to refer to those attributes later on during the #{Chef::Dist::CLIENT} run."
32
+ description "Use the **ohai** resource to reload the Ohai configuration on a node. This allows recipes that change system attributes (like a recipe that adds a user) to refer to those attributes later on during the #{ChefUtils::Dist::Infra::PRODUCT} run."
33
+
34
+ examples <<~DOC
35
+ Reload All Ohai Plugins
36
+
37
+ ```ruby
38
+ ohai 'reload' do
39
+ action :reload
40
+ end
41
+ ```
42
+
43
+ Reload A Single Ohai Plugin
44
+
45
+ ```ruby
46
+ ohai 'reload' do
47
+ plugin 'ipaddress'
48
+ action :reload
49
+ end
50
+ ```
51
+
52
+ Reload Ohai after a new user is created
53
+
54
+ ```ruby
55
+ ohai 'reload_passwd' do
56
+ action :nothing
57
+ plugin 'etc'
58
+ end
59
+
60
+ user 'daemon_user' do
61
+ home '/dev/null'
62
+ shell '/sbin/nologin'
63
+ system true
64
+ notifies :reload, 'ohai[reload_passwd]', :immediately
65
+ end
66
+
67
+ ruby_block 'just an example' do
68
+ block do
69
+ # These variables will now have the new values
70
+ puts node['etc']['passwd']['daemon_user']['uid']
71
+ puts node['etc']['passwd']['daemon_user']['gid']
72
+ end
73
+ end
74
+ ```
75
+ DOC
33
76
 
34
77
  property :plugin, String,
35
- description: "The name of an Ohai plugin to be reloaded. If this property is not specified, #{Chef::Dist::PRODUCT} will reload all plugins."
78
+ description: "Specific Ohai attribute data to reload. This property behaves similar to specifying attributes when running Ohai on the command line and takes the attribute that you wish to reload instead of the actual plugin name. For instance, you can pass `ipaddress` to reload `node['ipaddress']` even though that data comes from the `Network` plugin. If this property is not specified, #{ChefUtils::Dist::Infra::PRODUCT} will reload all plugins."
36
79
 
37
80
  def load_current_resource
38
81
  true
@@ -26,6 +26,39 @@ class Chef
26
26
 
27
27
  description "Use the **ohai_hint** resource to aid in configuration detection by passing hint data to Ohai."
28
28
  introduced "14.0"
29
+ examples <<~DOC
30
+ **Create a hint file**
31
+
32
+ ```ruby
33
+ ohai_hint 'example' do
34
+ content a: 'test_content'
35
+ end
36
+ ```
37
+
38
+ **Create a hint file with a name that does not match the resource name**
39
+
40
+ ```ruby
41
+ ohai_hint 'example' do
42
+ hint_name 'custom'
43
+ end
44
+ ```
45
+
46
+ **Create a hint file that is not loaded at compile time**
47
+
48
+ ```ruby
49
+ ohai_hint 'example' do
50
+ compile_time false
51
+ end
52
+ ```
53
+
54
+ **Delete a hint file**
55
+
56
+ ```ruby
57
+ ohai_hint 'example' do
58
+ action :delete
59
+ end
60
+ ```
61
+ DOC
29
62
 
30
63
  property :hint_name, String,
31
64
  description: "An optional property to set the hint name if it differs from the resource block's name.",
@@ -27,15 +27,37 @@ class Chef
27
27
 
28
28
  provides(:openssl_dhparam) { true }
29
29
 
30
- description "Use the **openssl_dhparam** resource to generate dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten."
30
+ description "Use the **openssl_dhparam** resource to generate `dhparam.pem` files. If a valid `dhparam.pem` file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid `dhparam.pem` file, it will be overwritten."
31
31
  introduced "14.0"
32
32
  examples <<~DOC
33
- Create a 1024bit dhparam file
33
+ **Create a dhparam file**
34
34
 
35
35
  ```ruby
36
- openssl_dhparam '/etc/ssl_files/dhparam.pem' do
37
- key_length 1024
38
- action :create
36
+ openssl_dhparam '/etc/httpd/ssl/dhparam.pem'
37
+ ```
38
+
39
+ **Create a dhparam file with a specific key length**
40
+
41
+ ```ruby
42
+ openssl_dhparam '/etc/httpd/ssl/dhparam.pem' do
43
+ key_length 4096
44
+ end
45
+ ```
46
+
47
+ **Create a dhparam file with specific user/group ownership**
48
+
49
+ ```ruby
50
+ openssl_dhparam '/etc/httpd/ssl/dhparam.pem' do
51
+ owner 'www-data'
52
+ group 'www-data'
53
+ end
54
+ ```
55
+
56
+ **Manually specify the dhparam file path**
57
+
58
+ ```ruby
59
+ openssl_dhparam 'httpd_dhparam' do
60
+ path '/etc/httpd/ssl/dhparam.pem'
39
61
  end
40
62
  ```
41
63
  DOC
@@ -66,10 +66,13 @@ class Chef
66
66
  description: "The desired passphrase for the key."
67
67
 
68
68
  property :key_cipher, String,
69
- equal_to: OpenSSL::Cipher.ciphers,
70
- validation_message: "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options.",
71
69
  description: "The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options.",
72
- default: "des3"
70
+ default: lazy { "des3" },
71
+ default_description: "des3",
72
+ callbacks: {
73
+ "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options." =>
74
+ proc { |v| OpenSSL::Cipher.ciphers.include?(v) },
75
+ }
73
76
 
74
77
  property :owner, [String, Integer],
75
78
  description: "The owner applied to all files created by the resource."
@@ -31,7 +31,7 @@ class Chef
31
31
  description "Use the **openssl_ec_public_key** resource to generate elliptic curve (EC) public key files from a given EC private key."
32
32
  introduced "14.4"
33
33
  examples <<~DOC
34
- Generate new ec public key from a private key on disk
34
+ **Generate new EC public key from a private key on disk**
35
35
 
36
36
  ```ruby
37
37
  openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3.pub' do
@@ -41,7 +41,7 @@ class Chef
41
41
  end
42
42
  ```
43
43
 
44
- Generate new ec public key by passing in a private key
44
+ **Generate new EC public key by passing in a private key**
45
45
 
46
46
  ```ruby
47
47
  openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3_2.pub' do
@@ -65,10 +65,13 @@ class Chef
65
65
  description: "The desired passphrase for the key."
66
66
 
67
67
  property :key_cipher, String,
68
- equal_to: OpenSSL::Cipher.ciphers,
69
- validation_message: "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options.",
70
68
  description: "The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options.",
71
- default: "des3"
69
+ default: lazy { "des3" },
70
+ default_description: "des3",
71
+ callbacks: {
72
+ "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options." =>
73
+ proc { |v| OpenSSL::Cipher.ciphers.include?(v) },
74
+ }
72
75
 
73
76
  property :owner, [String, Integer],
74
77
  description: "The owner applied to all files created by the resource."
@@ -86,32 +86,32 @@ class Chef
86
86
  description: "The permission mode applied to all files created by the resource."
87
87
 
88
88
  property :country, String,
89
- description: "Value for the C certificate field."
89
+ description: "Value for the `C` certificate field."
90
90
 
91
91
  property :state, String,
92
- description: "Value for the ST certificate field."
92
+ description: "Value for the `ST` certificate field."
93
93
 
94
94
  property :city, String,
95
- description: "Value for the L certificate field."
95
+ description: "Value for the `L` certificate field."
96
96
 
97
97
  property :org, String,
98
- description: "Value for the O certificate field."
98
+ description: "Value for the `O` certificate field."
99
99
 
100
100
  property :org_unit, String,
101
- description: "Value for the OU certificate field."
101
+ description: "Value for the `OU` certificate field."
102
102
 
103
103
  property :common_name, String,
104
- description: "Value for the CN certificate field."
104
+ description: "Value for the `CN` certificate field."
105
105
 
106
106
  property :email, String,
107
- description: "Value for the email certificate field."
107
+ description: "Value for the `email` certificate field."
108
108
 
109
109
  property :extensions, Hash,
110
- description: "Hash of X509 Extensions entries, in format { 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }.",
110
+ description: "Hash of X509 Extensions entries, in format `{ 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }`.",
111
111
  default: lazy { {} }
112
112
 
113
113
  property :subject_alt_name, Array,
114
- description: "Array of Subject Alternative Name entries, in format DNS:example.com or IP:1.2.3.4.",
114
+ description: "Array of Subject Alternative Name entries, in format `DNS:example.com` or `IP:1.2.3.4`.",
115
115
  default: lazy { [] }
116
116
 
117
117
  property :key_file, String,
@@ -122,7 +122,7 @@ class Chef
122
122
 
123
123
  property :key_type, String,
124
124
  equal_to: %w{rsa ec},
125
- description: "The desired type of the generated key (rsa or ec).",
125
+ description: "The desired type of the generated key.",
126
126
  default: "rsa"
127
127
 
128
128
  property :key_length, Integer,
@@ -131,18 +131,18 @@ class Chef
131
131
  default: 2048
132
132
 
133
133
  property :key_curve, String,
134
- description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run openssl ecparam -list_curves to see available options.",
134
+ description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run `openssl ecparam -list_curves` to see available options.",
135
135
  equal_to: %w{secp384r1 secp521r1 prime256v1},
136
136
  default: "prime256v1"
137
137
 
138
138
  property :csr_file, String,
139
- description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the csr_file property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
139
+ description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the `csr_file` property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
140
140
 
141
141
  property :ca_cert_file, String,
142
- description: "The path to the CA X509 Certificate on the filesystem. If the ca_cert_file property is specified, the ca_key_file property must also be specified, the certificate will be signed with them."
142
+ description: "The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the certificate will be signed with them."
143
143
 
144
144
  property :ca_key_file, String,
145
- description: "The path to the CA private key on the filesystem. If the ca_key_file property is specified, the 'ca_cert_file' property must also be specified, the certificate will be signed with them."
145
+ description: "The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file` property must also be specified, the certificate will be signed with them."
146
146
 
147
147
  property :ca_key_pass, String,
148
148
  description: "The passphrase for CA private key's passphrase."
@@ -31,15 +31,24 @@ class Chef
31
31
  description "Use the **openssl_x509_crl** resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
32
32
  introduced "14.4"
33
33
  examples <<~DOC
34
- Generate a CRL file given a cert file and key file
34
+ **Create a certificate revocation file**
35
35
 
36
- ```ruby
37
- openssl_x509_crl '/etc/ssl_files/my_ca2.crl' do
38
- ca_cert_file '/etc/ssl_files/my_ca2.crt'
39
- ca_key_file '/etc/ssl_files/my_ca2.key'
40
- expire 1
41
- end
42
- ```
36
+ ```ruby
37
+ openssl_x509_crl '/etc/ssl_test/my_ca.crl' do
38
+ ca_cert_file '/etc/ssl_test/my_ca.crt'
39
+ ca_key_file '/etc/ssl_test/my_ca.key'
40
+ end
41
+ ```
42
+
43
+ **Create a certificate revocation file for a particular serial**
44
+
45
+ ```ruby
46
+ openssl_x509_crl '/etc/ssl_test/my_ca.crl' do
47
+ ca_cert_file '/etc/ssl_test/my_ca.crt'
48
+ ca_key_file '/etc/ssl_test/my_ca.key'
49
+ serial_to_revoke C7BCB6602A2E4251EF4E2827A228CB52BC0CEA2F
50
+ end
51
+ ```
43
52
  DOC
44
53
 
45
54
  property :path, String,
@@ -62,11 +71,11 @@ class Chef
62
71
  default: 1
63
72
 
64
73
  property :ca_cert_file, String,
65
- description: "The path to the CA X509 Certificate on the filesystem. If the ca_cert_file property is specified, the ca_key_file property must also be specified, the CRL will be signed with them.",
74
+ description: "The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the CRL will be signed with them.",
66
75
  required: true
67
76
 
68
77
  property :ca_key_file, String,
69
- description: "The path to the CA private key on the filesystem. If the ca_key_file property is specified, the ca_cert_file property must also be specified, the CRL will be signed with them.",
78
+ description: "The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file` property must also be specified, the CRL will be signed with them.",
70
79
  required: true
71
80
 
72
81
  property :ca_key_pass, String,