chef 16.4.41 → 16.5.64

data/lib/chef/resource/ssh_known_hosts_entry.rb

@@ -18,7 +18,7 @@
 # limitations under the License.
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -130,7 +130,7 @@ class Chef
 
       # all this does is send an immediate run_action(:create) to the template resource
       action :flush do
-        description "Immediately flush the entries to the config file. Without this the actual writing of the file is delayed in the #{Chef::Dist::PRODUCT} run so all entries can be accumulated before writing the file out."
+        description "Immediately flush the entries to the config file. Without this the actual writing of the file is delayed in the #{ChefUtils::Dist::Infra::PRODUCT} run so all entries can be accumulated before writing the file out."
 
         with_run_context :root do
           # if you haven't ever called ssh_known_hosts_entry before you're definitely doing it wrong so we blow up hard.

data/lib/chef/resource/support/cron.d.erb

@@ -1,4 +1,4 @@
-# Generated by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten.
+# Generated by <%= ChefUtils::Dist::Infra::PRODUCT %>. Changes will be overwritten.
 <% if @mailto -%>
 MAILTO=<%= @mailto %>
 <% end -%>

data/lib/chef/resource/support/cron_access.erb

@@ -1,4 +1,4 @@
-# Generated by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten.
+# Generated by <%= ChefUtils::Dist::Infra::PRODUCT %>. Changes will be overwritten.
 <% @users.sort.uniq.each do |user| -%>
 <%= user %>
 <% end -%>

data/lib/chef/resource/support/sudoer.erb

@@ -1,4 +1,4 @@
-# This file is managed by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten.
+# This file is managed by <%= ChefUtils::Dist::Infra::PRODUCT %>. Changes will be overwritten.
 
 <% @command_aliases.each do |a| -%>
 Cmnd_Alias <%= a[:name].upcase %> = <%= a[:command_list].join(', ') %>

data/lib/chef/resource/support/ulimit.erb

@@ -1,4 +1,4 @@
-# Generated by <%= Chef::Dist::PRODUCT %>. Changes will be overwritten.
+# Generated by <%= ChefUtils::Dist::Infra::PRODUCT %>. Changes will be overwritten.
 
 # Limits settings for <%= @ulimit_user %>
 

data/lib/chef/resource/sysctl.rb

@@ -25,11 +25,7 @@ class Chef
       provides(:sysctl) { true }
       provides(:sysctl_param) { true }
 
-      description "Use the **sysctl** resource to set or remove kernel parameters using the sysctl"\
-                  " command line tool and configuration files in the system's sysctl.d directory. "\
-                  "Configuration files managed by this resource are named 99-chef-KEYNAME.conf. If"\
-                  " an existing value was already set for the value it will be backed up to the node"\
-                  " and restored if the :remove action is used later."
+      description "Use the **sysctl** resource to set or remove kernel parameters using the `sysctl` command line tool and configuration files in the system's `sysctl.d` directory. Configuration files managed by this resource are named `99-chef-KEYNAME.conf`."
       examples <<~DOC
       **Set vm.swappiness**:
 

data/lib/chef/resource/systemd_unit.rb

@@ -17,7 +17,7 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 require "iniparse"
 
 class Chef
@@ -52,7 +52,7 @@ class Chef
                description: "The user account that the systemd unit process is run under. The path to the unit for that user would be something like '/etc/systemd/user/sshd.service'. If no user account is specified, the systemd unit will run under a 'system' account, with the path to the unit being something like '/etc/systemd/system/sshd.service'."
 
       property :content, [String, Hash],
-        description: "A string or hash that contains a systemd [unit file](https://www.freedesktop.org/software/systemd/man/systemd.unit.html) definition that describes the properties of systemd-managed entities, such as services, sockets, devices, and so on. In #{Chef::Dist::PRODUCT} 14.4 or later, repeatable options can be implemented with an array."
+        description: "A string or hash that contains a systemd [unit file](https://www.freedesktop.org/software/systemd/man/systemd.unit.html) definition that describes the properties of systemd-managed entities, such as services, sockets, devices, and so on. In #{ChefUtils::Dist::Infra::PRODUCT} 14.4 or later, repeatable options can be implemented with an array."
 
       property :triggers_reload, [TrueClass, FalseClass],
         description: "Specifies whether to trigger a daemon reload when creating or deleting a unit.",

data/lib/chef/resource/template.rb

@@ -20,7 +20,7 @@
 
 require_relative "file"
 require_relative "../mixin/securable"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -69,7 +69,7 @@ class Chef
 
       property :local, [ TrueClass, FalseClass ],
         default: false, desired_state: false,
-        description: "Load a template from a local path. By default, the #{Chef::Dist::CLIENT} loads templates from a cookbook's /templates directory. When this property is set to true, use the source property to specify the path to a template on the local node."
+        description: "Load a template from a local path. By default, the #{ChefUtils::Dist::Infra::CLIENT} loads templates from a cookbook's /templates directory. When this property is set to true, use the source property to specify the path to a template on the local node."
 
       # Declares a helper method to be defined in the template context when
       # rendering.

data/lib/chef/resource/windows_ad_join.rb

@@ -16,7 +16,7 @@
 #
 
 require_relative "../resource"
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -76,10 +76,15 @@ class Chef
 
       property :reboot, Symbol,
         equal_to: %i{immediate delayed never request_reboot reboot_now},
-        validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{Chef::Dist::PRODUCT} run completes), and :never (Don't reboot)",
-        description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the #{Chef::Dist::PRODUCT} run completes, or never. Note that a reboot is necessary for changes to take effect.",
+        validation_message: "The reboot property accepts :immediate (reboot as soon as the resource completes), :delayed (reboot once the #{ChefUtils::Dist::Infra::PRODUCT} run completes), and :never (Don't reboot)",
+        description: "Controls the system reboot behavior post domain joining. Reboot immediately, after the #{ChefUtils::Dist::Infra::PRODUCT} run completes, or never. Note that a reboot is necessary for changes to take effect.",
         default: :immediate
 
+      property :reboot_delay, Integer,
+        description: "The amount of time (in minutes) to delay a reboot request.",
+        default: 0,
+        introduced: "16.5"
+
       property :new_hostname, String,
         description: "Specifies a new hostname for the computer in the new domain.",
         introduced: "14.5"
@@ -116,6 +121,7 @@ class Chef
             unless new_resource.reboot == :never
               reboot "Reboot to join domain #{new_resource.domain_name}" do
                 action clarify_reboot(new_resource.reboot)
+                delay_mins new_resource.reboot_delay
                 reason "Reboot to join domain #{new_resource.domain_name}"
               end
             end
@@ -149,6 +155,7 @@ class Chef
             unless new_resource.reboot == :never
               reboot "Reboot to leave domain #{new_resource.domain_name}" do
                 action clarify_reboot(new_resource.reboot)
+                delay_mins new_resource.reboot_delay
                 reason "Reboot to leave domain #{new_resource.domain_name}"
               end
             end

data/lib/chef/resource/windows_certificate.rb

@@ -19,9 +19,11 @@
 
 require_relative "../util/path_helper"
 require_relative "../resource"
-require "win32-certstore" if Chef::Platform.windows?
-require "openssl" unless defined?(OpenSSL)
-require_relative "../dist"
+module Win32
+  autoload :Certstore, "win32-certstore" if Chef::Platform.windows?
+end
+autoload :OpenSSL, "openssl"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -82,7 +84,7 @@ class Chef
 
       # lazy used to set default value of sensitive to true if password is set
       property :sensitive, [TrueClass, FalseClass],
-        description: "Ensure that sensitive resource data is not logged by the #{Chef::Dist::CLIENT}.",
+        description: "Ensure that sensitive resource data is not logged by the #{ChefUtils::Dist::Infra::CLIENT}.",
         default: lazy { pfx_password ? true : false }, skip_docs: true
 
       action :create do

data/lib/chef/resource/windows_firewall_profile.rb

@@ -19,8 +19,6 @@
 class Chef
   class Resource
     class WindowsFirewallProfile < Chef::Resource
-      unified_mode true
-
       provides :windows_firewall_profile
       description "Use the **windows_firewall_profile** resource to enable, disable, and configure the Windows firewall."
       introduced "16.3"
@@ -161,24 +159,6 @@ class Chef
           cmd
         end
 
-        def load_firewall_state(profile_name)
-          <<-EOH
-            Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
-            $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
-            ([PSCustomObject]@{
-              default_inbound_action = $#{profile_name}.DefaultInboundAction.ToString()
-              default_outbound_action = $#{profile_name}.DefaultOutboundAction.ToString()
-              allow_inbound_rules = $#{profile_name}.AllowInboundRules.ToString()
-              allow_local_firewall_rules = $#{profile_name}.AllowLocalFirewallRules.ToString()
-              allow_local_ipsec_rules = $#{profile_name}.AllowLocalIPsecRules.ToString()
-              allow_user_apps = $#{profile_name}.AllowUserApps.ToString()
-              allow_user_ports = $#{profile_name}.AllowUserPorts.ToString()
-              allow_unicast_response = $#{profile_name}.AllowUnicastResponseToMulticast.ToString()
-              display_notification = $#{profile_name}.NotifyOnListen.ToString()
-            }) | ConvertTo-Json
-          EOH
-        end
-
         def firewall_enabled?(profile_name)
           cmd = <<~CODE
             $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
@@ -194,6 +174,28 @@ class Chef
           end
         end
       end
+
+      private
+
+      # build the command to load the current resource
+      # @return [String] current firewall state
+      def load_firewall_state(profile_name)
+        <<-EOH
+          Remove-TypeData System.Array # workaround for PS bug here: https://bit.ly/2SRMQ8M
+          $#{profile_name} = Get-NetFirewallProfile -Profile #{profile_name}
+          ([PSCustomObject]@{
+            default_inbound_action = $#{profile_name}.DefaultInboundAction.ToString()
+            default_outbound_action = $#{profile_name}.DefaultOutboundAction.ToString()
+            allow_inbound_rules = $#{profile_name}.AllowInboundRules.ToString()
+            allow_local_firewall_rules = $#{profile_name}.AllowLocalFirewallRules.ToString()
+            allow_local_ipsec_rules = $#{profile_name}.AllowLocalIPsecRules.ToString()
+            allow_user_apps = $#{profile_name}.AllowUserApps.ToString()
+            allow_user_ports = $#{profile_name}.AllowUserPorts.ToString()
+            allow_unicast_response = $#{profile_name}.AllowUnicastResponseToMulticast.ToString()
+            display_notification = $#{profile_name}.NotifyOnListen.ToString()
+          }) | ConvertTo-Json
+        EOH
+      end
     end
   end
 end

data/lib/chef/resource/windows_package.rb

@@ -20,7 +20,7 @@ require_relative "../mixin/uris"
 require_relative "package"
 require_relative "../provider/package/windows"
 require_relative "../win32/error" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
-require_relative "../dist"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -30,7 +30,30 @@ class Chef
       provides(:windows_package) { true }
       provides :package, os: "windows"
 
-      description "Use the **windows_package** resource to manage packages on the Microsoft Windows platform. The windows_package resource supports these installer formats:\n\n Microsoft Installer Package (MSI)\n Nullsoft Scriptable Install System (NSIS)\n Inno Setup (inno)\n Wise\n InstallShield\n Custom installers such as installing a non-.msi file that embeds an .msi-based installer\n"
+      description <<~DESC
+        Use the **windows_package** resource to manage packages on the Microsoft Windows platform.
+        The **windows_package** resource supports these installer formats:
+          * Microsoft Installer Package (MSI)
+          * Nullsoft Scriptable Install System (NSIS)
+          * Inno Setup (inno)
+          * Wise
+          * InstallShield
+          * Custom installers such as installing a non-.msi file that embeds an .msi-based installer
+
+        To enable idempotence of the `:install` action or to enable the `:remove` action with no source property specified,
+        `package_name` MUST be an exact match of the name used by the package installer. The names of installed packages
+        Windows knows about can be found in **Add/Remove programs**, in the output of `ohai packages`, or in the
+        `DisplayName` property in one of the following in the Windows registry:
+
+        * `HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`
+        * `HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall`
+        * `HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall`
+
+        Note: If there are multiple versions of a package installed with the same display name, all of those packages will
+        be removed unless a version is provided in the **version** property or unless it can be discovered in the installer
+        file specified by the **source** property.
+      DESC
+
       introduced "11.12"
       examples <<~DOC
       **Install a package**:
@@ -135,15 +158,15 @@ class Chef
           end
         end),
         default_description: "The resource block's name", # this property is basically a name_property but not really so we need to spell it out
-        description: "The path to a package in the local file system. The location of the package may be at a URL."
+        description: "The path to a package in the local file system or the URL of a remote file that will be downloaded."
 
       property :checksum, String,
         desired_state: false, coerce: (proc { |c| c.downcase }),
-        description: "The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{Chef::Dist::PRODUCT} does not download it. Use when a URL is specified by the `source` property."
+        description: "The SHA-256 checksum of the file. Use to prevent a file from being re-downloaded. When the local file matches the checksum, #{ChefUtils::Dist::Infra::PRODUCT} does not download it. Use when a URL is specified by the `source` property."
 
       property :remote_file_attributes, Hash,
         desired_state: false,
-        description: "If the source package to install is at a remote location this property allows you to define a hash of properties and their value which will be used by the underlying remote_file resource, which fetches the source."
+        description: "If the source package to install is at a remote location, this property allows you to define a hash of properties which will be used by the underlying **remote_file** resource used to fetch the source."
     end
   end
 end

data/lib/chef/resource/windows_printer.rb

@@ -24,7 +24,7 @@ class Chef
     class WindowsPrinter < Chef::Resource
       unified_mode true
 
-      require "resolv"
+      autoload :Resolv, "resolv"
 
       provides(:windows_printer) { true }
 
@@ -78,8 +78,10 @@ class Chef
 
       property :ipv4_address, String,
         description: "The IPv4 address of the printer, such as `10.4.64.23`",
-        validation_message: "The ipv4_address property must be in the IPv4 format of `WWW.XXX.YYY.ZZZ`",
-        regex: Resolv::IPv4::Regex
+        callbacks: {
+          "The ipv4_address property must be in the IPv4 format of `WWW.XXX.YYY.ZZZ`" =>
+            proc { |v| v.match(Resolv::IPv4::Regex) },
+        }
 
       PRINTERS_REG_KEY = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\'.freeze unless defined?(PRINTERS_REG_KEY)
 

data/lib/chef/resource/windows_printer_port.rb

@@ -24,7 +24,7 @@ class Chef
     class WindowsPrinterPort < Chef::Resource
       unified_mode true
 
-      require "resolv"
+      autoload :Resolv, "resolv"
 
       provides(:windows_printer_port) { true }
 
@@ -61,9 +61,11 @@ class Chef
 
       property :ipv4_address, String,
         name_property: true,
-        regex: Resolv::IPv4::Regex,
-        validation_message: "The ipv4_address property must be in the format of WWW.XXX.YYY.ZZZ!",
-        description: "An optional property for the IPv4 address of the printer if it differs from the resource block's name."
+        description: "An optional property for the IPv4 address of the printer if it differs from the resource block's name.",
+        callbacks: {
+          "The ipv4_address property must be in the format of WWW.XXX.YYY.ZZZ!" =>
+            proc { |v| v.match(Resolv::IPv4::Regex) },
+        }
 
       property :port_name, String,
         description: "The port name."

data/lib/chef/resource/windows_user_privilege.rb

@@ -23,52 +23,6 @@ class Chef
     class WindowsUserPrivilege < Chef::Resource
       unified_mode true
 
-      privilege_opts = %w{SeTrustedCredManAccessPrivilege
-                          SeNetworkLogonRight
-                          SeTcbPrivilege
-                          SeMachineAccountPrivilege
-                          SeIncreaseQuotaPrivilege
-                          SeInteractiveLogonRight
-                          SeRemoteInteractiveLogonRight
-                          SeBackupPrivilege
-                          SeChangeNotifyPrivilege
-                          SeSystemtimePrivilege
-                          SeTimeZonePrivilege
-                          SeCreatePagefilePrivilege
-                          SeCreateTokenPrivilege
-                          SeCreateGlobalPrivilege
-                          SeCreatePermanentPrivilege
-                          SeCreateSymbolicLinkPrivilege
-                          SeDebugPrivilege
-                          SeDenyNetworkLogonRight
-                          SeDenyBatchLogonRight
-                          SeDenyServiceLogonRight
-                          SeDenyInteractiveLogonRight
-                          SeDenyRemoteInteractiveLogonRight
-                          SeEnableDelegationPrivilege
-                          SeRemoteShutdownPrivilege
-                          SeAuditPrivilege
-                          SeImpersonatePrivilege
-                          SeIncreaseWorkingSetPrivilege
-                          SeIncreaseBasePriorityPrivilege
-                          SeLoadDriverPrivilege
-                          SeLockMemoryPrivilege
-                          SeBatchLogonRight
-                          SeServiceLogonRight
-                          SeSecurityPrivilege
-                          SeRelabelPrivilege
-                          SeSystemEnvironmentPrivilege
-                          SeManageVolumePrivilege
-                          SeProfileSingleProcessPrivilege
-                          SeSystemProfilePrivilege
-                          SeUndockPrivilege
-                          SeAssignPrimaryTokenPrivilege
-                          SeRestorePrivilege
-                          SeShutdownPrivilege
-                          SeSyncAgentPrivilege
-                          SeTakeOwnershipPrivilege
-                        }
-
       provides :windows_user_privilege
       description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment"
 
@@ -125,22 +79,67 @@ class Chef
       ```
       DOC
 
+      PRIVILEGE_OPTS = %w{ SeAssignPrimaryTokenPrivilege
+                           SeAuditPrivilege
+                           SeBackupPrivilege
+                           SeBatchLogonRight
+                           SeChangeNotifyPrivilege
+                           SeCreateGlobalPrivilege
+                           SeCreatePagefilePrivilege
+                           SeCreatePermanentPrivilege
+                           SeCreateSymbolicLinkPrivilege
+                           SeCreateTokenPrivilege
+                           SeDebugPrivilege
+                           SeDenyBatchLogonRight
+                           SeDenyInteractiveLogonRight
+                           SeDenyNetworkLogonRight
+                           SeDenyRemoteInteractiveLogonRight
+                           SeDenyServiceLogonRight
+                           SeEnableDelegationPrivilege
+                           SeImpersonatePrivilege
+                           SeIncreaseBasePriorityPrivilege
+                           SeIncreaseQuotaPrivilege
+                           SeIncreaseWorkingSetPrivilege
+                           SeInteractiveLogonRight
+                           SeLoadDriverPrivilege
+                           SeLockMemoryPrivilege
+                           SeMachineAccountPrivilege
+                           SeManageVolumePrivilege
+                           SeNetworkLogonRight
+                           SeProfileSingleProcessPrivilege
+                           SeRelabelPrivilege
+                           SeRemoteInteractiveLogonRight
+                           SeRemoteShutdownPrivilege
+                           SeRestorePrivilege
+                           SeSecurityPrivilege
+                           SeServiceLogonRight
+                           SeShutdownPrivilege
+                           SeSyncAgentPrivilege
+                           SeSystemEnvironmentPrivilege
+                           SeSystemProfilePrivilege
+                           SeSystemtimePrivilege
+                           SeTakeOwnershipPrivilege
+                           SeTcbPrivilege
+                           SeTimeZonePrivilege
+                           SeTrustedCredManAccessPrivilege
+                           SeUndockPrivilege
+                          }.freeze
+
       property :principal, String,
         description: "An optional property to add the user to the given privilege. Use only with add and remove action.",
         name_property: true
 
-      property :users, Array,
-        description: "An optional property to set the privilege for given users. Use only with set action."
+      property :users, [Array, String],
+        description: "An optional property to set the privilege for given users. Use only with set action.",
+        coerce: proc { |v| Array(v) }
 
       property :privilege, [Array, String],
-        description: "Privilege to set for users.",
+        description: "One or more privileges to set for users.",
         required: true,
-        coerce: proc { |v| v.is_a?(String) ? Array[v] : v },
+        coerce: proc { |v| Array(v) },
         callbacks: {
-           "Option privilege must include any of the: #{privilege_opts}" => lambda { |v|
-             (privilege_opts & v).size == v.size
-           },
-         }
+          "Privilege property restricted to the following values: #{PRIVILEGE_OPTS}" => lambda { |n| (n - PRIVILEGE_OPTS).empty? },
+        }
 
       load_current_value do |new_resource|
         if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove))