chef 16.4.41 → 16.8.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +6 -14
- data/README.md +1 -1
- data/Rakefile +22 -15
- data/bin/knife +1 -1
- data/chef-universal-mingw32.gemspec +1 -1
- data/chef.gemspec +4 -2
- data/lib/chef/application.rb +19 -17
- data/lib/chef/application/apply.rb +12 -7
- data/lib/chef/application/base.rb +27 -24
- data/lib/chef/application/client.rb +16 -5
- data/lib/chef/application/exit_code.rb +13 -4
- data/lib/chef/application/knife.rb +22 -11
- data/lib/chef/application/solo.rb +2 -1
- data/lib/chef/application/windows_service.rb +14 -14
- data/lib/chef/application/windows_service_manager.rb +6 -6
- data/lib/chef/chef_fs/chef_fs_data_store.rb +1 -1
- data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
- data/lib/chef/chef_fs/file_pattern.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/chef_fs/knife.rb +2 -2
- data/lib/chef/chef_fs/parallelizer.rb +0 -1
- data/lib/chef/client.rb +16 -43
- data/lib/chef/compliance/default_attributes.rb +89 -0
- data/lib/chef/compliance/fetcher/automate.rb +69 -0
- data/lib/chef/compliance/fetcher/chef_server.rb +134 -0
- data/lib/chef/compliance/reporter/automate.rb +202 -0
- data/lib/chef/compliance/reporter/chef_server_automate.rb +92 -0
- data/lib/chef/compliance/reporter/compliance_enforcer.rb +20 -0
- data/lib/chef/compliance/reporter/json_file.rb +19 -0
- data/lib/chef/compliance/runner.rb +250 -0
- data/lib/chef/cookbook/cookbook_version_loader.rb +1 -1
- data/lib/chef/cookbook/gem_installer.rb +1 -1
- data/lib/chef/cookbook/synchronizer.rb +2 -2
- data/lib/chef/cookbook_manifest.rb +2 -1
- data/lib/chef/cookbook_site_streaming_uploader.rb +13 -11
- data/lib/chef/cookbook_uploader.rb +1 -1
- data/lib/chef/cookbook_version.rb +2 -5
- data/lib/chef/data_collector.rb +7 -6
- data/lib/chef/data_collector/config_validation.rb +22 -13
- data/lib/chef/data_collector/run_end_message.rb +2 -2
- data/lib/chef/data_collector/run_start_message.rb +1 -1
- data/lib/chef/deprecated.rb +1 -1
- data/lib/chef/deprecation/warnings.rb +2 -2
- data/lib/chef/digester.rb +2 -2
- data/lib/chef/dsl/chef_vault.rb +1 -1
- data/lib/chef/dsl/data_query.rb +2 -2
- data/lib/chef/dsl/platform_introspection.rb +1 -1
- data/lib/chef/encrypted_data_bag_item.rb +3 -4
- data/lib/chef/encrypted_data_bag_item/assertions.rb +1 -1
- data/lib/chef/encrypted_data_bag_item/decryptor.rb +3 -3
- data/lib/chef/encrypted_data_bag_item/encryptor.rb +3 -3
- data/lib/chef/environment.rb +3 -3
- data/lib/chef/event_loggers/windows_eventlog.rb +2 -2
- data/lib/chef/exceptions.rb +9 -5
- data/lib/chef/file_access_control/windows.rb +6 -5
- data/lib/chef/file_content_management/tempfile.rb +1 -1
- data/lib/chef/formatters/doc.rb +7 -6
- data/lib/chef/formatters/error_inspectors/api_error_formatting.rb +6 -5
- data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +2 -2
- data/lib/chef/formatters/error_inspectors/node_load_error_inspector.rb +3 -3
- data/lib/chef/formatters/error_inspectors/registration_error_inspector.rb +9 -9
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +6 -6
- data/lib/chef/formatters/error_inspectors/run_list_expansion_error_inspector.rb +3 -3
- data/lib/chef/formatters/indentable_output_stream.rb +2 -2
- data/lib/chef/formatters/minimal.rb +5 -4
- data/lib/chef/guard_interpreter/resource_guard_interpreter.rb +28 -39
- data/lib/chef/http.rb +6 -14
- data/lib/chef/http/auth_credentials.rb +5 -1
- data/lib/chef/http/authenticator.rb +1 -1
- data/lib/chef/http/basic_client.rb +4 -2
- data/lib/chef/http/decompressor.rb +1 -1
- data/lib/chef/http/http_request.rb +7 -5
- data/lib/chef/http/socketless_chef_zero_client.rb +5 -2
- data/lib/chef/http/ssl_policies.rb +7 -1
- data/lib/chef/json_compat.rb +3 -8
- data/lib/chef/key.rb +1 -1
- data/lib/chef/knife.rb +4 -4
- data/lib/chef/knife/bootstrap.rb +18 -15
- data/lib/chef/knife/bootstrap/chef_vault_handler.rb +1 -1
- data/lib/chef/knife/bootstrap/templates/chef-full.erb +3 -3
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +9 -9
- data/lib/chef/knife/bootstrap/train_connector.rb +1 -1
- data/lib/chef/knife/client_create.rb +3 -3
- data/lib/chef/knife/config_get.rb +8 -97
- data/lib/chef/knife/config_get_profile.rb +9 -9
- data/lib/chef/knife/config_list.rb +139 -0
- data/lib/chef/knife/config_list_profiles.rb +8 -98
- data/lib/chef/knife/config_show.rb +127 -0
- data/lib/chef/knife/config_use.rb +61 -0
- data/lib/chef/knife/config_use_profile.rb +9 -24
- data/lib/chef/knife/configure.rb +2 -2
- data/lib/chef/knife/core/bootstrap_context.rb +2 -2
- data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/object_loader.rb +1 -1
- data/lib/chef/knife/core/ui.rb +5 -2
- data/lib/chef/knife/core/windows_bootstrap_context.rb +18 -15
- data/lib/chef/knife/exec.rb +2 -2
- data/lib/chef/knife/node_policy_set.rb +2 -2
- data/lib/chef/knife/node_run_list_add.rb +1 -1
- data/lib/chef/knife/node_run_list_remove.rb +1 -1
- data/lib/chef/knife/node_run_list_set.rb +1 -1
- data/lib/chef/knife/node_show.rb +2 -2
- data/lib/chef/knife/role_env_run_list_add.rb +1 -1
- data/lib/chef/knife/role_env_run_list_set.rb +1 -1
- data/lib/chef/knife/role_run_list_add.rb +1 -1
- data/lib/chef/knife/role_run_list_set.rb +1 -1
- data/lib/chef/knife/search.rb +0 -1
- data/lib/chef/knife/serve.rb +3 -3
- data/lib/chef/knife/ssh.rb +19 -4
- data/lib/chef/knife/ssl_check.rb +3 -3
- data/lib/chef/knife/status.rb +2 -2
- data/lib/chef/knife/tag_create.rb +1 -1
- data/lib/chef/knife/tag_delete.rb +1 -1
- data/lib/chef/knife/user_create.rb +2 -2
- data/lib/chef/knife/yaml_convert.rb +1 -1
- data/lib/chef/local_mode.rb +2 -2
- data/lib/chef/log/syslog.rb +2 -2
- data/lib/chef/log/winevt.rb +2 -2
- data/lib/chef/mixin/convert_to_class_name.rb +0 -56
- data/lib/chef/mixin/deep_merge.rb +0 -12
- data/lib/chef/mixin/openssl_helper.rb +2 -5
- data/lib/chef/mixin/powershell_exec.rb +24 -10
- data/lib/chef/mixin/powershell_out.rb +12 -5
- data/lib/chef/mixin/properties.rb +2 -0
- data/lib/chef/mixin/template.rb +3 -3
- data/lib/chef/mixin/unformatter.rb +1 -1
- data/lib/chef/mixin/uris.rb +4 -2
- data/lib/chef/mixin/versioned_api.rb +1 -2
- data/lib/chef/node/attribute_collections.rb +2 -6
- data/lib/chef/node/mixin/immutablize_hash.rb +2 -0
- data/lib/chef/node_map.rb +4 -4
- data/lib/chef/platform/query_helpers.rb +4 -4
- data/lib/chef/policy_builder/dynamic.rb +2 -0
- data/lib/chef/policy_builder/policyfile.rb +2 -2
- data/lib/chef/powershell.rb +10 -4
- data/lib/chef/property.rb +1 -1
- data/lib/chef/provider.rb +1 -5
- data/lib/chef/provider/cron.rb +2 -13
- data/lib/chef/provider/dsc_resource.rb +12 -24
- data/lib/chef/provider/dsc_script.rb +16 -20
- data/lib/chef/provider/file.rb +2 -2
- data/lib/chef/provider/git.rb +5 -5
- data/lib/chef/provider/group.rb +14 -6
- data/lib/chef/provider/group/windows.rb +12 -1
- data/lib/chef/provider/ifconfig.rb +9 -9
- data/lib/chef/provider/ifconfig/debian.rb +38 -22
- data/lib/chef/provider/ifconfig/redhat.rb +54 -18
- data/lib/chef/provider/launchd.rb +3 -13
- data/lib/chef/provider/link.rb +0 -9
- data/lib/chef/provider/mount.rb +18 -1
- data/lib/chef/provider/mount/linux.rb +67 -0
- data/lib/chef/provider/mount/mount.rb +41 -43
- data/lib/chef/provider/package.rb +3 -0
- data/lib/chef/provider/package/apt.rb +1 -1
- data/lib/chef/provider/package/chocolatey.rb +6 -6
- data/lib/chef/provider/package/dpkg.rb +3 -12
- data/lib/chef/provider/package/freebsd/base.rb +3 -2
- data/lib/chef/provider/package/freebsd/pkgng.rb +1 -1
- data/lib/chef/provider/package/homebrew.rb +1 -1
- data/lib/chef/provider/package/ips.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +2 -3
- data/lib/chef/provider/package/rubygems.rb +22 -19
- data/lib/chef/provider/package/snap.rb +1 -4
- data/lib/chef/provider/package/solaris.rb +0 -2
- data/lib/chef/provider/package/windows.rb +2 -2
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +3 -1
- data/lib/chef/provider/package/yum/rpm_utils.rb +1 -1
- data/lib/chef/provider/package/zypper.rb +99 -72
- data/lib/chef/provider/powershell_script.rb +12 -1
- data/lib/chef/provider/registry_key.rb +4 -3
- data/lib/chef/provider/remote_file/content.rb +3 -0
- data/lib/chef/provider/remote_file/ftp.rb +6 -4
- data/lib/chef/provider/remote_file/sftp.rb +6 -4
- data/lib/chef/provider/route.rb +4 -8
- data/lib/chef/provider/service/debian.rb +2 -1
- data/lib/chef/provider/service/macosx.rb +2 -2
- data/lib/chef/provider/service/redhat.rb +1 -1
- data/lib/chef/provider/template_finder.rb +2 -10
- data/lib/chef/provider/user.rb +17 -9
- data/lib/chef/provider/user/aix.rb +1 -1
- data/lib/chef/provider/user/dscl.rb +5 -5
- data/lib/chef/provider/user/mac.rb +15 -7
- data/lib/chef/provider/user/solaris.rb +1 -1
- data/lib/chef/provider/user/windows.rb +10 -3
- data/lib/chef/provider/zypper_repository.rb +2 -2
- data/lib/chef/provider_resolver.rb +1 -1
- data/lib/chef/providers.rb +1 -3
- data/lib/chef/pwsh.rb +71 -0
- data/lib/chef/recipe.rb +2 -2
- data/lib/chef/resource.rb +2 -2
- data/lib/chef/resource/apt_repository.rb +6 -5
- data/lib/chef/resource/bash.rb +119 -1
- data/lib/chef/resource/batch.rb +1 -1
- data/lib/chef/resource/bff_package.rb +22 -0
- data/lib/chef/resource/breakpoint.rb +59 -2
- data/lib/chef/resource/build_essential.rb +5 -8
- data/lib/chef/resource/cab_package.rb +29 -0
- data/lib/chef/resource/chef_client_config.rb +313 -0
- data/lib/chef/resource/chef_client_cron.rb +35 -28
- data/lib/chef/resource/chef_client_launchd.rb +194 -0
- data/lib/chef/resource/chef_client_scheduled_task.rb +24 -21
- data/lib/chef/resource/chef_client_systemd_timer.rb +27 -20
- data/lib/chef/resource/chef_client_trusted_certificate.rb +101 -0
- data/lib/chef/resource/chef_gem.rb +10 -10
- data/lib/chef/resource/chef_handler.rb +149 -4
- data/lib/chef/resource/chef_sleep.rb +3 -3
- data/lib/chef/resource/chef_vault_secret.rb +1 -1
- data/lib/chef/resource/cookbook_file.rb +2 -2
- data/lib/chef/resource/cron/_cron_shared.rb +1 -0
- data/lib/chef/resource/cron/cron_d.rb +2 -3
- data/lib/chef/resource/csh.rb +2 -2
- data/lib/chef/resource/dnf_package.rb +2 -2
- data/lib/chef/resource/dsc_resource.rb +0 -1
- data/lib/chef/resource/dsc_script.rb +9 -2
- data/lib/chef/resource/execute.rb +10 -8
- data/lib/chef/resource/file.rb +4 -4
- data/lib/chef/resource/gem_package.rb +5 -5
- data/lib/chef/resource/homebrew_package.rb +3 -3
- data/lib/chef/resource/homebrew_update.rb +9 -6
- data/lib/chef/resource/hostname.rb +7 -7
- data/lib/chef/resource/ifconfig.rb +52 -5
- data/lib/chef/resource/kernel_module.rb +1 -1
- data/lib/chef/resource/ksh.rb +3 -3
- data/lib/chef/resource/launchd.rb +17 -16
- data/lib/chef/resource/locale.rb +2 -2
- data/lib/chef/resource/lwrp_base.rb +3 -5
- data/lib/chef/resource/macos_userdefaults.rb +3 -3
- data/lib/chef/resource/mount.rb +8 -2
- data/lib/chef/resource/notify_group.rb +0 -1
- data/lib/chef/resource/ohai.rb +46 -3
- data/lib/chef/resource/ohai_hint.rb +33 -0
- data/lib/chef/resource/openssl_dhparam.rb +27 -5
- data/lib/chef/resource/openssl_ec_private_key.rb +6 -3
- data/lib/chef/resource/openssl_ec_public_key.rb +2 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +6 -3
- data/lib/chef/resource/openssl_x509_certificate.rb +14 -14
- data/lib/chef/resource/openssl_x509_crl.rb +19 -10
- data/lib/chef/resource/openssl_x509_request.rb +14 -16
- data/lib/chef/resource/osx_profile.rb +77 -13
- data/lib/chef/resource/perl.rb +2 -2
- data/lib/chef/resource/plist.rb +3 -7
- data/lib/chef/resource/powershell_package_source.rb +24 -23
- data/lib/chef/resource/powershell_script.rb +14 -11
- data/lib/chef/resource/python.rb +2 -2
- data/lib/chef/resource/reboot.rb +2 -2
- data/lib/chef/resource/registry_key.rb +93 -2
- data/lib/chef/resource/remote_file.rb +3 -3
- data/lib/chef/resource/rhsm_register.rb +22 -10
- data/lib/chef/resource/route.rb +1 -1
- data/lib/chef/resource/ruby.rb +2 -2
- data/lib/chef/resource/ruby_block.rb +2 -2
- data/lib/chef/resource/scm/_scm.rb +2 -1
- data/lib/chef/resource/scm/git.rb +82 -1
- data/lib/chef/resource/scm/subversion.rb +14 -2
- data/lib/chef/resource/script.rb +2 -2
- data/lib/chef/resource/service.rb +3 -3
- data/lib/chef/resource/solaris_package.rb +0 -2
- data/lib/chef/resource/ssh_known_hosts_entry.rb +2 -2
- data/lib/chef/resource/sudo.rb +1 -1
- data/lib/chef/resource/support/client.erb +64 -0
- data/lib/chef/resource/support/cron.d.erb +1 -1
- data/lib/chef/resource/support/cron_access.erb +1 -1
- data/lib/chef/resource/support/sudoer.erb +1 -1
- data/lib/chef/resource/support/ulimit.erb +1 -1
- data/lib/chef/resource/sysctl.rb +1 -5
- data/lib/chef/resource/systemd_unit.rb +44 -3
- data/lib/chef/resource/template.rb +4 -4
- data/lib/chef/resource/windows_ad_join.rb +19 -12
- data/lib/chef/resource/windows_audit_policy.rb +26 -24
- data/lib/chef/resource/windows_certificate.rb +19 -11
- data/lib/chef/resource/windows_dfs_server.rb +7 -4
- data/lib/chef/resource/windows_env.rb +173 -0
- data/lib/chef/resource/windows_feature.rb +2 -0
- data/lib/chef/resource/windows_firewall_profile.rb +28 -31
- data/lib/chef/resource/windows_firewall_rule.rb +9 -11
- data/lib/chef/resource/windows_font.rb +1 -1
- data/lib/chef/resource/windows_package.rb +29 -5
- data/lib/chef/resource/windows_path.rb +38 -0
- data/lib/chef/resource/windows_printer.rb +5 -3
- data/lib/chef/resource/windows_printer_port.rb +6 -4
- data/lib/chef/resource/windows_security_policy.rb +5 -5
- data/lib/chef/resource/windows_service.rb +108 -0
- data/lib/chef/resource/windows_share.rb +18 -18
- data/lib/chef/resource/windows_task.rb +629 -28
- data/lib/chef/resource/windows_user_privilege.rb +53 -54
- data/lib/chef/resource/windows_workgroup.rb +9 -7
- data/lib/chef/resource/yum_package.rb +2 -2
- data/lib/chef/resource/yum_repository.rb +1 -1
- data/lib/chef/resource_collection/resource_set.rb +2 -6
- data/lib/chef/resource_inspector.rb +77 -75
- data/lib/chef/resource_reporter.rb +0 -2
- data/lib/chef/resources.rb +4 -1
- data/lib/chef/run_context.rb +2 -2
- data/lib/chef/run_context/cookbook_compiler.rb +1 -1
- data/lib/chef/run_lock.rb +3 -3
- data/lib/chef/search/query.rb +6 -5
- data/lib/chef/server_api.rb +0 -4
- data/lib/chef/shell.rb +31 -26
- data/lib/chef/shell/ext.rb +12 -12
- data/lib/chef/shell/shell_session.rb +2 -2
- data/lib/chef/train_transport.rb +5 -104
- data/lib/chef/util/backup.rb +1 -1
- data/lib/chef/util/diff.rb +3 -3
- data/lib/chef/util/dsc/configuration_generator.rb +52 -11
- data/lib/chef/util/dsc/lcm_output_parser.rb +4 -7
- data/lib/chef/util/dsc/local_configuration_manager.rb +18 -15
- data/lib/chef/util/dsc/resource_store.rb +5 -11
- data/lib/chef/util/powershell/ps_credential.rb +18 -14
- data/lib/chef/util/threaded_job_queue.rb +0 -2
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/api/file.rb +4 -0
- data/lib/chef/win32/crypto.rb +1 -1
- data/lib/chef/win32/file.rb +1 -1
- data/lib/chef/win32/registry.rb +1 -2
- data/lib/chef/win32/security/sid.rb +1 -1
- data/lib/chef/win32/unicode.rb +1 -1
- data/spec/data/shef-config.rb +1 -1
- data/spec/functional/event_loggers/windows_eventlog_spec.rb +6 -5
- data/spec/functional/mixin/powershell_out_spec.rb +11 -3
- data/spec/functional/resource/aix_service_spec.rb +2 -2
- data/spec/functional/resource/aixinit_service_spec.rb +1 -1
- data/spec/functional/resource/apt_package_spec.rb +4 -6
- data/spec/functional/resource/chocolatey_package_spec.rb +3 -3
- data/spec/functional/resource/cron_spec.rb +3 -3
- data/spec/functional/resource/dsc_script_spec.rb +6 -9
- data/spec/functional/resource/insserv_spec.rb +1 -1
- data/spec/functional/resource/mount_spec.rb +10 -2
- data/spec/functional/resource/powershell_package_source_spec.rb +107 -0
- data/spec/functional/resource/powershell_script_spec.rb +57 -14
- data/spec/functional/resource/user/dscl_spec.rb +1 -1
- data/spec/functional/resource/user/mac_user_spec.rb +1 -1
- data/spec/functional/resource/windows_certificate_spec.rb +10 -6
- data/spec/functional/resource/windows_firewall_rule_spec.rb +93 -0
- data/spec/functional/resource/windows_package_spec.rb +36 -10
- data/spec/functional/resource/windows_share_spec.rb +103 -0
- data/spec/functional/resource/windows_task_spec.rb +15 -16
- data/spec/functional/resource/zypper_package_spec.rb +11 -0
- data/spec/functional/version_spec.rb +3 -3
- data/spec/integration/client/client_spec.rb +6 -5
- data/spec/integration/client/exit_code_spec.rb +3 -2
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +81 -0
- data/spec/integration/knife/client_key_create_spec.rb +1 -1
- data/spec/integration/knife/{config_list_profiles_spec.rb → config_list_spec.rb} +30 -29
- data/spec/integration/knife/{config_get_spec.rb → config_show_spec.rb} +3 -3
- data/spec/integration/knife/{config_use_profile_spec.rb → config_use_spec.rb} +53 -10
- data/spec/integration/knife/cookbook_api_ipv6_spec.rb +1 -1
- data/spec/integration/knife/node_create_spec.rb +1 -1
- data/spec/integration/knife/node_environment_set_spec.rb +1 -1
- data/spec/integration/knife/node_run_list_add_spec.rb +4 -4
- data/spec/integration/knife/node_run_list_remove_spec.rb +1 -1
- data/spec/integration/knife/node_run_list_set_spec.rb +1 -1
- data/spec/integration/knife/node_show_spec.rb +1 -1
- data/spec/integration/ohai/ohai_spec.rb +61 -0
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/provider_choice.rb +2 -2
- data/spec/integration/recipes/recipe_dsl_spec.rb +1 -0
- data/spec/integration/recipes/remote_directory.rb +1 -1
- data/spec/integration/solo/solo_spec.rb +5 -5
- data/spec/spec_helper.rb +9 -7
- data/spec/stress/win32/file_spec.rb +1 -1
- data/spec/support/chef_helpers.rb +2 -2
- data/spec/support/lib/chef/resource/cat.rb +1 -1
- data/spec/support/lib/chef/resource/one_two_three_four.rb +1 -1
- data/spec/support/matchers/leak.rb +2 -2
- data/spec/support/mock/platform.rb +24 -16
- data/spec/support/platform_helpers.rb +27 -38
- data/spec/support/shared/functional/securable_resource.rb +108 -27
- data/spec/support/shared/functional/win32_service.rb +1 -1
- data/spec/support/shared/unit/application_dot_d.rb +5 -3
- data/spec/support/shared/unit/knife_shared.rb +1 -1
- data/spec/support/shared/unit/script_resource.rb +4 -4
- data/spec/support/shared/unit/windows_script_resource.rb +1 -1
- data/spec/tiny_server.rb +0 -1
- data/spec/unit/application/client_spec.rb +2 -2
- data/spec/unit/application/exit_code_spec.rb +10 -0
- data/spec/unit/application_spec.rb +4 -6
- data/spec/unit/chef_fs/config_spec.rb +1 -1
- data/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/spec/unit/chef_fs/parallelizer_spec.rb +5 -1
- data/spec/unit/chef_fs/path_util_spec.rb +1 -1
- data/spec/unit/client_spec.rb +17 -0
- data/spec/unit/compliance/fetcher/automate_spec.rb +134 -0
- data/spec/unit/compliance/fetcher/chef_server_spec.rb +93 -0
- data/spec/unit/compliance/reporter/automate_spec.rb +427 -0
- data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +177 -0
- data/spec/unit/compliance/reporter/compliance_enforcer_spec.rb +48 -0
- data/spec/unit/compliance/runner_spec.rb +113 -0
- data/spec/unit/cookbook/synchronizer_spec.rb +2 -2
- data/spec/unit/cookbook_spec.rb +2 -2
- data/spec/unit/data_collector/config_validation_spec.rb +208 -0
- data/spec/unit/data_collector_spec.rb +0 -117
- data/spec/unit/dsl/declare_resource_spec.rb +1 -1
- data/spec/unit/file_access_control_spec.rb +1 -1
- data/spec/unit/guard_interpreter/resource_guard_interpreter_spec.rb +11 -11
- data/spec/unit/http/ssl_policies_spec.rb +11 -0
- data/spec/unit/knife/bootstrap_spec.rb +6 -6
- data/spec/unit/knife/client_create_spec.rb +2 -2
- data/spec/unit/knife/configure_client_spec.rb +5 -5
- data/spec/unit/knife/configure_spec.rb +3 -3
- data/spec/unit/knife/cookbook_delete_spec.rb +2 -2
- data/spec/unit/knife/cookbook_download_spec.rb +2 -2
- data/spec/unit/knife/cookbook_list_spec.rb +2 -2
- data/spec/unit/knife/cookbook_metadata_spec.rb +3 -3
- data/spec/unit/knife/core/node_editor_spec.rb +1 -1
- data/spec/unit/knife/core/ui_spec.rb +1 -0
- data/spec/unit/knife/environment_compare_spec.rb +3 -3
- data/spec/unit/knife/ssh_spec.rb +2 -2
- data/spec/unit/knife/supermarket_download_spec.rb +8 -8
- data/spec/unit/knife/supermarket_list_spec.rb +3 -3
- data/spec/unit/knife/supermarket_search_spec.rb +1 -1
- data/spec/unit/knife/tag_create_spec.rb +1 -1
- data/spec/unit/knife/tag_delete_spec.rb +1 -1
- data/spec/unit/knife/user_create_spec.rb +1 -1
- data/spec/unit/lwrp_spec.rb +3 -3
- data/spec/unit/mixin/deep_merge_spec.rb +15 -0
- data/spec/unit/mixin/openssl_helper_spec.rb +1 -1
- data/spec/unit/mixin/powershell_exec_spec.rb +40 -3
- data/spec/unit/mixin/powershell_out_spec.rb +14 -0
- data/spec/unit/mixin/securable_spec.rb +2 -2
- data/spec/unit/mixin/which.rb +1 -1
- data/spec/unit/node/immutable_collections_spec.rb +2 -2
- data/spec/unit/platform/query_helpers_spec.rb +11 -12
- data/spec/unit/provider/dsc_resource_spec.rb +10 -27
- data/spec/unit/provider/dsc_script_spec.rb +1 -1
- data/spec/unit/provider/group/windows_spec.rb +6 -0
- data/spec/unit/provider/group_spec.rb +1 -1
- data/spec/unit/provider/mount/linux_spec.rb +107 -0
- data/spec/unit/provider/mount/mount_spec.rb +21 -10
- data/spec/unit/provider/mount/solaris_spec.rb +1 -1
- data/spec/unit/provider/mount/windows_spec.rb +1 -0
- data/spec/unit/provider/mount_spec.rb +31 -0
- data/spec/unit/provider/package/chocolatey_spec.rb +2 -3
- data/spec/unit/provider/package/powershell_spec.rb +88 -96
- data/spec/unit/provider/package/rubygems_spec.rb +4 -1
- data/spec/unit/provider/package/zypper_spec.rb +0 -25
- data/spec/unit/provider/package_spec.rb +2 -2
- data/spec/unit/provider/powershell_script_spec.rb +11 -0
- data/spec/unit/provider/route_spec.rb +0 -2
- data/spec/unit/provider/subversion_spec.rb +0 -3
- data/spec/unit/provider/systemd_unit_spec.rb +1 -1
- data/spec/unit/provider/user_spec.rb +7 -1
- data/spec/unit/provider/windows_env_spec.rb +18 -34
- data/spec/unit/provider/windows_path_spec.rb +6 -11
- data/spec/unit/provider/windows_task_spec.rb +7 -6
- data/spec/unit/recipe_spec.rb +1 -1
- data/spec/unit/resource/breakpoint_spec.rb +1 -1
- data/spec/unit/resource/build_essential_spec.rb +0 -12
- data/spec/unit/resource/chef_client_config_spec.rb +137 -0
- data/spec/unit/resource/chef_client_cron_spec.rb +35 -14
- data/spec/unit/resource/chef_client_launchd_spec.rb +127 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +36 -1
- data/spec/unit/resource/chef_client_trusted_certificate_spec.rb +54 -0
- data/spec/unit/resource/ifconfig_spec.rb +2 -10
- data/spec/unit/resource/launchd_spec.rb +8 -0
- data/spec/unit/resource/mount_spec.rb +18 -5
- data/spec/unit/resource/osx_profile_spec.rb +67 -1
- data/spec/unit/resource/powershell_package_source_spec.rb +20 -20
- data/spec/unit/resource/powershell_script_spec.rb +4 -74
- data/spec/unit/resource/rhsm_register_spec.rb +56 -18
- data/spec/unit/resource/service_spec.rb +2 -2
- data/spec/unit/resource/solaris_package_spec.rb +8 -10
- data/spec/unit/resource/windows_certificate_spec.rb +12 -0
- data/spec/unit/resource/windows_uac_spec.rb +1 -1
- data/spec/unit/resource/windows_user_privilege_spec.rb +55 -0
- data/spec/unit/resource_inspector_spec.rb +3 -3
- data/spec/unit/run_lock_spec.rb +5 -1
- data/spec/unit/runner_spec.rb +1 -2
- data/spec/unit/shell/shell_ext_spec.rb +46 -3
- data/spec/unit/shell/shell_session_spec.rb +35 -64
- data/spec/unit/shell_spec.rb +18 -21
- data/spec/unit/train_transport_spec.rb +14 -13
- data/spec/unit/util/dsc/configuration_generator_spec.rb +79 -0
- data/spec/unit/util/dsc/local_configuration_manager_spec.rb +27 -35
- data/spec/unit/util/selinux_spec.rb +2 -0
- data/tasks/rspec.rb +1 -3
- metadata +80 -33
- data/lib/chef/dist.rb +0 -68
- data/lib/chef/monkey_patches/net_http.rb +0 -22
- data/lib/chef/provider/windows_env.rb +0 -210
- data/lib/chef/provider/windows_path.rb +0 -61
- data/lib/chef/provider/windows_task.rb +0 -632
- data/lib/chef/util/powershell/cmdlet.rb +0 -173
- data/lib/chef/util/powershell/cmdlet_result.rb +0 -61
- data/spec/functional/util/powershell/cmdlet_spec.rb +0 -111
- data/spec/integration/knife/config_get_profile_spec.rb +0 -114
- data/spec/support/mock/constant.rb +0 -52
- data/spec/unit/monkey_patches/uri_spec.rb +0 -34
- data/spec/unit/provider_resolver_spec.rb +0 -885
- data/spec/unit/resource/data/InstallHistory_with_CLT.plist +0 -92
- data/spec/unit/resource/data/InstallHistory_without_CLT.plist +0 -38
- data/spec/unit/util/powershell/cmdlet_spec.rb +0 -106
data/lib/chef/resource/ksh.rb
CHANGED
@@ -27,10 +27,10 @@ class Chef
|
|
27
27
|
|
28
28
|
description "Use the **ksh** resource to execute scripts using the Korn shell (ksh)"\
|
29
29
|
" interpreter. This resource may also use any of the actions and properties"\
|
30
|
-
" that are available to the execute resource. Commands that are executed"\
|
30
|
+
" that are available to the **execute** resource. Commands that are executed"\
|
31
31
|
" with this resource are (by their nature) not idempotent, as they are"\
|
32
|
-
" typically unique to the environment in which they are run. Use not_if"\
|
33
|
-
" and only_if to guard this resource for idempotence."
|
32
|
+
" typically unique to the environment in which they are run. Use `not_if`"\
|
33
|
+
" and `only_if` to guard this resource for idempotence."
|
34
34
|
introduced "12.6"
|
35
35
|
|
36
36
|
def initialize(name, run_context = nil)
|
@@ -131,35 +131,35 @@ class Chef
|
|
131
131
|
description: "If a job dies, all remaining processes with the same process ID may be kept running. Set to true to kill all remaining processes."
|
132
132
|
|
133
133
|
property :debug, [ TrueClass, FalseClass ],
|
134
|
-
description: "Sets the log mask to LOG_DEBUG for this job."
|
134
|
+
description: "Sets the log mask to `LOG_DEBUG` for this job."
|
135
135
|
|
136
136
|
property :disabled, [ TrueClass, FalseClass ], default: false,
|
137
|
-
description: "Hints to launchctl to not submit this job to launchd."
|
137
|
+
description: "Hints to `launchctl` to not submit this job to launchd."
|
138
138
|
|
139
139
|
property :enable_globbing, [ TrueClass, FalseClass ],
|
140
140
|
description: "Update program arguments before invocation."
|
141
141
|
|
142
142
|
property :enable_transactions, [ TrueClass, FalseClass ],
|
143
|
-
description: "Track in-progress transactions; if none, then send the SIGKILL signal."
|
143
|
+
description: "Track in-progress transactions; if none, then send the `SIGKILL` signal."
|
144
144
|
|
145
145
|
property :environment_variables, Hash,
|
146
146
|
description: "Additional environment variables to set before running a job."
|
147
147
|
|
148
148
|
property :exit_timeout, Integer,
|
149
|
-
description: "The amount of time (in seconds) launchd waits before sending a SIGKILL signal."
|
149
|
+
description: "The amount of time (in seconds) launchd waits before sending a `SIGKILL` signal."
|
150
150
|
|
151
151
|
property :hard_resource_limits, Hash,
|
152
152
|
description: "A Hash of resource limits to be imposed on a job."
|
153
153
|
|
154
154
|
property :inetd_compatibility, Hash,
|
155
|
-
description: "Specifies if a daemon expects to be run as if it were launched from inetd. Set to wait => true to pass standard input, output, and error file descriptors. Set to wait => false to call the accept system call on behalf of the job, and then pass standard input, output, and error file descriptors."
|
155
|
+
description: "Specifies if a daemon expects to be run as if it were launched from inetd. Set to `wait => true` to pass standard input, output, and error file descriptors. Set to `wait => false` to call the accept system call on behalf of the job, and then pass standard input, output, and error file descriptors."
|
156
156
|
|
157
157
|
property :init_groups, [ TrueClass, FalseClass ],
|
158
|
-
description: "Specify if initgroups is called before running a job."
|
158
|
+
description: "Specify if `initgroups` is called before running a job."
|
159
159
|
|
160
160
|
property :keep_alive, [ TrueClass, FalseClass, Hash ],
|
161
161
|
introduced: "12.14",
|
162
|
-
description: "Keep a job running continuously (true) or allow demand and conditions on the node to determine if the job keeps running (false)."
|
162
|
+
description: "Keep a job running continuously (true) or allow demand and conditions on the node to determine if the job keeps running (`false`)."
|
163
163
|
|
164
164
|
property :launch_events, [ Hash ],
|
165
165
|
introduced: "15.1",
|
@@ -187,13 +187,14 @@ class Chef
|
|
187
187
|
description: "Specify services to be registered with the bootstrap subsystem."
|
188
188
|
|
189
189
|
property :nice, Integer,
|
190
|
-
description: "The program scheduling priority value in the range -20 to
|
190
|
+
description: "The program scheduling priority value in the range -20 to 19.",
|
191
|
+
callbacks: { "should be a Integer between -20 and 19" => proc { |v| v >= -20 && v <= 19 } }
|
191
192
|
|
192
193
|
property :on_demand, [ TrueClass, FalseClass ],
|
193
|
-
description: "Keep a job alive. Only applies to macOS version 10.4 (and earlier); use keep_alive instead for newer versions."
|
194
|
+
description: "Keep a job alive. Only applies to macOS version 10.4 (and earlier); use `keep_alive` instead for newer versions."
|
194
195
|
|
195
196
|
property :process_type, String,
|
196
|
-
description: "The intended purpose of the job: Adaptive
|
197
|
+
description: "The intended purpose of the job: `Adaptive`, `Background`, `Interactive`, or `Standard`."
|
197
198
|
|
198
199
|
property :program, String,
|
199
200
|
description: "The first argument of execvp, typically the file name associated with the file to be executed. This value must be specified if program_arguments is not specified, and vice-versa."
|
@@ -205,7 +206,7 @@ class Chef
|
|
205
206
|
description: "An array of non-empty directories which, if any are modified, will cause a job to be started."
|
206
207
|
|
207
208
|
property :root_directory, String,
|
208
|
-
description: "chroot to this directory, and then run the job."
|
209
|
+
description: "`chroot` to this directory, and then run the job."
|
209
210
|
|
210
211
|
property :run_at_load, [ TrueClass, FalseClass ],
|
211
212
|
description: "Launch a job once (at the time it is loaded)."
|
@@ -217,13 +218,13 @@ class Chef
|
|
217
218
|
description: "A Hash of resource limits to be imposed on a job."
|
218
219
|
|
219
220
|
property :standard_error_path, String,
|
220
|
-
description: "The file to which standard error (stderr) is sent."
|
221
|
+
description: "The file to which standard error (`stderr`) is sent."
|
221
222
|
|
222
223
|
property :standard_in_path, String,
|
223
|
-
description: "The file to which standard input (stdin) is sent."
|
224
|
+
description: "The file to which standard input (`stdin`) is sent."
|
224
225
|
|
225
226
|
property :standard_out_path, String,
|
226
|
-
description: "The file to which standard output (stdout) is sent."
|
227
|
+
description: "The file to which standard output (`stdout`) is sent."
|
227
228
|
|
228
229
|
property :start_interval, Integer,
|
229
230
|
description: "The frequency (in seconds) at which a job is started."
|
@@ -238,7 +239,7 @@ class Chef
|
|
238
239
|
description: "The amount of time (in seconds) a job may be idle before it times out. If no value is specified, the default timeout value for launchd will be used."
|
239
240
|
|
240
241
|
property :umask, Integer,
|
241
|
-
description: "A decimal value to pass to umask before running a job."
|
242
|
+
description: "A decimal value to pass to `umask` before running a job."
|
242
243
|
|
243
244
|
property :username, String,
|
244
245
|
description: "When launchd is run as the root user, the user to run the job as."
|
@@ -250,7 +251,7 @@ class Chef
|
|
250
251
|
description: "An array of paths which, if any are modified, will cause a job to be started."
|
251
252
|
|
252
253
|
property :working_directory, String,
|
253
|
-
description: "
|
254
|
+
description: "`chdir` to this directory, and then run the job."
|
254
255
|
end
|
255
256
|
end
|
256
257
|
end
|
data/lib/chef/resource/locale.rb
CHANGED
@@ -16,7 +16,7 @@
|
|
16
16
|
#
|
17
17
|
|
18
18
|
require_relative "../resource"
|
19
|
-
|
19
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
20
20
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
@@ -71,7 +71,7 @@ class Chef
|
|
71
71
|
#
|
72
72
|
def lc_all(arg = nil)
|
73
73
|
unless arg.nil?
|
74
|
-
Chef.deprecated(:locale_lc_all, "Changing LC_ALL can break #{
|
74
|
+
Chef.deprecated(:locale_lc_all, "Changing LC_ALL can break #{ChefUtils::Dist::Infra::PRODUCT}'s parsing of command output in unexpected ways.\n Use one of the more specific LC_ properties as needed.")
|
75
75
|
end
|
76
76
|
end
|
77
77
|
|
@@ -63,17 +63,15 @@ class Chef
|
|
63
63
|
|
64
64
|
Chef::Log.trace("Loaded contents of #{filename} into resource #{resource_name} (#{resource_class})")
|
65
65
|
|
66
|
-
LWRPBase.loaded_lwrps[filename] = true
|
67
|
-
|
68
66
|
# wire up the default resource name after the class is parsed only if we haven't declared one.
|
69
67
|
# (this ordering is important for MapCollision deprecation warnings)
|
70
68
|
resource_class.provides resource_name.to_sym unless Chef::ResourceResolver.includes_handler?(resource_name.to_sym, self)
|
71
69
|
|
70
|
+
LWRPBase.loaded_lwrps[filename] = resource_class
|
71
|
+
|
72
72
|
resource_class
|
73
73
|
end
|
74
74
|
|
75
|
-
alias :attribute :property
|
76
|
-
|
77
75
|
# Adds +action_names+ to the list of valid actions for this resource.
|
78
76
|
# Does not include superclass's action list when appending.
|
79
77
|
def actions(*action_names)
|
@@ -88,7 +86,7 @@ class Chef
|
|
88
86
|
|
89
87
|
# @deprecated
|
90
88
|
def valid_actions(*args)
|
91
|
-
Chef::Log.warn("`valid_actions
|
89
|
+
Chef::Log.warn("`valid_actions` is deprecated, please use `allowed_actions` instead!")
|
92
90
|
allowed_actions(*args)
|
93
91
|
end
|
94
92
|
|
@@ -16,8 +16,8 @@
|
|
16
16
|
#
|
17
17
|
|
18
18
|
require_relative "../resource"
|
19
|
-
|
20
|
-
|
19
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
20
|
+
autoload :Plist, "plist"
|
21
21
|
|
22
22
|
class Chef
|
23
23
|
class Resource
|
@@ -97,7 +97,7 @@ class Chef
|
|
97
97
|
desired_state: false
|
98
98
|
|
99
99
|
property :sudo, [TrueClass, FalseClass],
|
100
|
-
description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the '/usr/bin/defaults' command to be setup for the user running #{
|
100
|
+
description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the '/usr/bin/defaults' command to be setup for the user running #{ChefUtils::Dist::Infra::PRODUCT}.",
|
101
101
|
default: false,
|
102
102
|
desired_state: false
|
103
103
|
|
data/lib/chef/resource/mount.rb
CHANGED
@@ -41,6 +41,7 @@ class Chef
|
|
41
41
|
sensitive: true
|
42
42
|
|
43
43
|
property :mount_point, String, name_property: true,
|
44
|
+
coerce: proc { |arg| arg.chomp("/") }, # Removed "/" from the end of str, because it was causing idempotency issue.
|
44
45
|
description: "The directory (or path) in which the device is to be mounted. Defaults to the name of the resource block if not provided."
|
45
46
|
|
46
47
|
property :device, String, identity: true,
|
@@ -65,7 +66,7 @@ class Chef
|
|
65
66
|
|
66
67
|
property :options, [Array, String, nil],
|
67
68
|
description: "An array or comma separated list of options for the mount.",
|
68
|
-
coerce: proc { |arg| arg
|
69
|
+
coerce: proc { |arg| mount_options(arg) }, # Please see #mount_options method.
|
69
70
|
default: %w{defaults}
|
70
71
|
|
71
72
|
property :dump, [Integer, FalseClass],
|
@@ -84,7 +85,7 @@ class Chef
|
|
84
85
|
description: "Windows only: Use to specify the user name."
|
85
86
|
|
86
87
|
property :domain, String,
|
87
|
-
description: "Windows only: Use to specify the domain in which the username and password are located."
|
88
|
+
description: "Windows only: Use to specify the domain in which the `username` and `password` are located."
|
88
89
|
|
89
90
|
private
|
90
91
|
|
@@ -94,6 +95,11 @@ class Chef
|
|
94
95
|
@fstype = nil
|
95
96
|
end
|
96
97
|
|
98
|
+
# Returns array of string without leading and trailing whitespace.
|
99
|
+
def mount_options(options)
|
100
|
+
(options.is_a?(String) ? options.split(",") : options).collect(&:strip)
|
101
|
+
end
|
102
|
+
|
97
103
|
end
|
98
104
|
end
|
99
105
|
end
|
data/lib/chef/resource/ohai.rb
CHANGED
@@ -19,7 +19,7 @@
|
|
19
19
|
#
|
20
20
|
|
21
21
|
require_relative "../resource"
|
22
|
-
|
22
|
+
require "chef-utils/dist" unless defined?(ChefUtils::Dist)
|
23
23
|
require "ohai" unless defined?(Ohai::System)
|
24
24
|
|
25
25
|
class Chef
|
@@ -29,10 +29,53 @@ class Chef
|
|
29
29
|
|
30
30
|
provides :ohai
|
31
31
|
|
32
|
-
description "Use the **ohai** resource to reload the Ohai configuration on a node. This allows recipes that change system attributes (like a recipe that adds a user) to refer to those attributes later on during the #{
|
32
|
+
description "Use the **ohai** resource to reload the Ohai configuration on a node. This allows recipes that change system attributes (like a recipe that adds a user) to refer to those attributes later on during the #{ChefUtils::Dist::Infra::PRODUCT} run."
|
33
|
+
|
34
|
+
examples <<~DOC
|
35
|
+
Reload All Ohai Plugins
|
36
|
+
|
37
|
+
```ruby
|
38
|
+
ohai 'reload' do
|
39
|
+
action :reload
|
40
|
+
end
|
41
|
+
```
|
42
|
+
|
43
|
+
Reload A Single Ohai Plugin
|
44
|
+
|
45
|
+
```ruby
|
46
|
+
ohai 'reload' do
|
47
|
+
plugin 'ipaddress'
|
48
|
+
action :reload
|
49
|
+
end
|
50
|
+
```
|
51
|
+
|
52
|
+
Reload Ohai after a new user is created
|
53
|
+
|
54
|
+
```ruby
|
55
|
+
ohai 'reload_passwd' do
|
56
|
+
action :nothing
|
57
|
+
plugin 'etc'
|
58
|
+
end
|
59
|
+
|
60
|
+
user 'daemon_user' do
|
61
|
+
home '/dev/null'
|
62
|
+
shell '/sbin/nologin'
|
63
|
+
system true
|
64
|
+
notifies :reload, 'ohai[reload_passwd]', :immediately
|
65
|
+
end
|
66
|
+
|
67
|
+
ruby_block 'just an example' do
|
68
|
+
block do
|
69
|
+
# These variables will now have the new values
|
70
|
+
puts node['etc']['passwd']['daemon_user']['uid']
|
71
|
+
puts node['etc']['passwd']['daemon_user']['gid']
|
72
|
+
end
|
73
|
+
end
|
74
|
+
```
|
75
|
+
DOC
|
33
76
|
|
34
77
|
property :plugin, String,
|
35
|
-
description: "
|
78
|
+
description: "Specific Ohai attribute data to reload. This property behaves similar to specifying attributes when running Ohai on the command line and takes the attribute that you wish to reload instead of the actual plugin name. For instance, you can pass `ipaddress` to reload `node['ipaddress']` even though that data comes from the `Network` plugin. If this property is not specified, #{ChefUtils::Dist::Infra::PRODUCT} will reload all plugins."
|
36
79
|
|
37
80
|
def load_current_resource
|
38
81
|
true
|
@@ -26,6 +26,39 @@ class Chef
|
|
26
26
|
|
27
27
|
description "Use the **ohai_hint** resource to aid in configuration detection by passing hint data to Ohai."
|
28
28
|
introduced "14.0"
|
29
|
+
examples <<~DOC
|
30
|
+
**Create a hint file**
|
31
|
+
|
32
|
+
```ruby
|
33
|
+
ohai_hint 'example' do
|
34
|
+
content a: 'test_content'
|
35
|
+
end
|
36
|
+
```
|
37
|
+
|
38
|
+
**Create a hint file with a name that does not match the resource name**
|
39
|
+
|
40
|
+
```ruby
|
41
|
+
ohai_hint 'example' do
|
42
|
+
hint_name 'custom'
|
43
|
+
end
|
44
|
+
```
|
45
|
+
|
46
|
+
**Create a hint file that is not loaded at compile time**
|
47
|
+
|
48
|
+
```ruby
|
49
|
+
ohai_hint 'example' do
|
50
|
+
compile_time false
|
51
|
+
end
|
52
|
+
```
|
53
|
+
|
54
|
+
**Delete a hint file**
|
55
|
+
|
56
|
+
```ruby
|
57
|
+
ohai_hint 'example' do
|
58
|
+
action :delete
|
59
|
+
end
|
60
|
+
```
|
61
|
+
DOC
|
29
62
|
|
30
63
|
property :hint_name, String,
|
31
64
|
description: "An optional property to set the hint name if it differs from the resource block's name.",
|
@@ -27,15 +27,37 @@ class Chef
|
|
27
27
|
|
28
28
|
provides(:openssl_dhparam) { true }
|
29
29
|
|
30
|
-
description "Use the **openssl_dhparam** resource to generate dhparam.pem files. If a valid dhparam.pem file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid dhparam file, it will be overwritten."
|
30
|
+
description "Use the **openssl_dhparam** resource to generate `dhparam.pem` files. If a valid `dhparam.pem` file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid `dhparam.pem` file, it will be overwritten."
|
31
31
|
introduced "14.0"
|
32
32
|
examples <<~DOC
|
33
|
-
Create a
|
33
|
+
**Create a dhparam file**
|
34
34
|
|
35
35
|
```ruby
|
36
|
-
openssl_dhparam '/etc/
|
37
|
-
|
38
|
-
|
36
|
+
openssl_dhparam '/etc/httpd/ssl/dhparam.pem'
|
37
|
+
```
|
38
|
+
|
39
|
+
**Create a dhparam file with a specific key length**
|
40
|
+
|
41
|
+
```ruby
|
42
|
+
openssl_dhparam '/etc/httpd/ssl/dhparam.pem' do
|
43
|
+
key_length 4096
|
44
|
+
end
|
45
|
+
```
|
46
|
+
|
47
|
+
**Create a dhparam file with specific user/group ownership**
|
48
|
+
|
49
|
+
```ruby
|
50
|
+
openssl_dhparam '/etc/httpd/ssl/dhparam.pem' do
|
51
|
+
owner 'www-data'
|
52
|
+
group 'www-data'
|
53
|
+
end
|
54
|
+
```
|
55
|
+
|
56
|
+
**Manually specify the dhparam file path**
|
57
|
+
|
58
|
+
```ruby
|
59
|
+
openssl_dhparam 'httpd_dhparam' do
|
60
|
+
path '/etc/httpd/ssl/dhparam.pem'
|
39
61
|
end
|
40
62
|
```
|
41
63
|
DOC
|
@@ -66,10 +66,13 @@ class Chef
|
|
66
66
|
description: "The desired passphrase for the key."
|
67
67
|
|
68
68
|
property :key_cipher, String,
|
69
|
-
equal_to: OpenSSL::Cipher.ciphers,
|
70
|
-
validation_message: "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options.",
|
71
69
|
description: "The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options.",
|
72
|
-
default: "des3"
|
70
|
+
default: lazy { "des3" },
|
71
|
+
default_description: "des3",
|
72
|
+
callbacks: {
|
73
|
+
"key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options." =>
|
74
|
+
proc { |v| OpenSSL::Cipher.ciphers.include?(v) },
|
75
|
+
}
|
73
76
|
|
74
77
|
property :owner, [String, Integer],
|
75
78
|
description: "The owner applied to all files created by the resource."
|
@@ -31,7 +31,7 @@ class Chef
|
|
31
31
|
description "Use the **openssl_ec_public_key** resource to generate elliptic curve (EC) public key files from a given EC private key."
|
32
32
|
introduced "14.4"
|
33
33
|
examples <<~DOC
|
34
|
-
Generate new
|
34
|
+
**Generate new EC public key from a private key on disk**
|
35
35
|
|
36
36
|
```ruby
|
37
37
|
openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3.pub' do
|
@@ -41,7 +41,7 @@ class Chef
|
|
41
41
|
end
|
42
42
|
```
|
43
43
|
|
44
|
-
Generate new
|
44
|
+
**Generate new EC public key by passing in a private key**
|
45
45
|
|
46
46
|
```ruby
|
47
47
|
openssl_ec_public_key '/etc/ssl_files/eckey_prime256v1_des3_2.pub' do
|
@@ -65,10 +65,13 @@ class Chef
|
|
65
65
|
description: "The desired passphrase for the key."
|
66
66
|
|
67
67
|
property :key_cipher, String,
|
68
|
-
equal_to: OpenSSL::Cipher.ciphers,
|
69
|
-
validation_message: "key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options.",
|
70
68
|
description: "The designed cipher to use when generating your key. Run `openssl list-cipher-algorithms` to see available options.",
|
71
|
-
default: "des3"
|
69
|
+
default: lazy { "des3" },
|
70
|
+
default_description: "des3",
|
71
|
+
callbacks: {
|
72
|
+
"key_cipher must be a cipher known to openssl. Run `openssl list-cipher-algorithms` to see available options." =>
|
73
|
+
proc { |v| OpenSSL::Cipher.ciphers.include?(v) },
|
74
|
+
}
|
72
75
|
|
73
76
|
property :owner, [String, Integer],
|
74
77
|
description: "The owner applied to all files created by the resource."
|
@@ -86,32 +86,32 @@ class Chef
|
|
86
86
|
description: "The permission mode applied to all files created by the resource."
|
87
87
|
|
88
88
|
property :country, String,
|
89
|
-
description: "Value for the C certificate field."
|
89
|
+
description: "Value for the `C` certificate field."
|
90
90
|
|
91
91
|
property :state, String,
|
92
|
-
description: "Value for the ST certificate field."
|
92
|
+
description: "Value for the `ST` certificate field."
|
93
93
|
|
94
94
|
property :city, String,
|
95
|
-
description: "Value for the L certificate field."
|
95
|
+
description: "Value for the `L` certificate field."
|
96
96
|
|
97
97
|
property :org, String,
|
98
|
-
description: "Value for the O certificate field."
|
98
|
+
description: "Value for the `O` certificate field."
|
99
99
|
|
100
100
|
property :org_unit, String,
|
101
|
-
description: "Value for the OU certificate field."
|
101
|
+
description: "Value for the `OU` certificate field."
|
102
102
|
|
103
103
|
property :common_name, String,
|
104
|
-
description: "Value for the CN certificate field."
|
104
|
+
description: "Value for the `CN` certificate field."
|
105
105
|
|
106
106
|
property :email, String,
|
107
|
-
description: "Value for the email certificate field."
|
107
|
+
description: "Value for the `email` certificate field."
|
108
108
|
|
109
109
|
property :extensions, Hash,
|
110
|
-
description: "Hash of X509 Extensions entries, in format { 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }
|
110
|
+
description: "Hash of X509 Extensions entries, in format `{ 'keyUsage' => { 'values' => %w( keyEncipherment digitalSignature), 'critical' => true } }`.",
|
111
111
|
default: lazy { {} }
|
112
112
|
|
113
113
|
property :subject_alt_name, Array,
|
114
|
-
description: "Array of Subject Alternative Name entries, in format DNS:example.com or IP:1.2.3.4
|
114
|
+
description: "Array of Subject Alternative Name entries, in format `DNS:example.com` or `IP:1.2.3.4`.",
|
115
115
|
default: lazy { [] }
|
116
116
|
|
117
117
|
property :key_file, String,
|
@@ -122,7 +122,7 @@ class Chef
|
|
122
122
|
|
123
123
|
property :key_type, String,
|
124
124
|
equal_to: %w{rsa ec},
|
125
|
-
description: "The desired type of the generated key
|
125
|
+
description: "The desired type of the generated key.",
|
126
126
|
default: "rsa"
|
127
127
|
|
128
128
|
property :key_length, Integer,
|
@@ -131,18 +131,18 @@ class Chef
|
|
131
131
|
default: 2048
|
132
132
|
|
133
133
|
property :key_curve, String,
|
134
|
-
description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run openssl ecparam -list_curves to see available options.",
|
134
|
+
description: "The desired curve of the generated key (if key_type is equal to 'ec'). Run `openssl ecparam -list_curves` to see available options.",
|
135
135
|
equal_to: %w{secp384r1 secp521r1 prime256v1},
|
136
136
|
default: "prime256v1"
|
137
137
|
|
138
138
|
property :csr_file, String,
|
139
|
-
description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the csr_file property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
|
139
|
+
description: "The path to a X509 Certificate Request (CSR) on the filesystem. If the `csr_file` property is specified, the resource will attempt to source a CSR from this location. If no CSR file is found, the resource will generate a Self-Signed Certificate and the certificate fields must be specified (common_name at last)."
|
140
140
|
|
141
141
|
property :ca_cert_file, String,
|
142
|
-
description: "The path to the CA X509 Certificate on the filesystem. If the ca_cert_file property is specified, the ca_key_file property must also be specified, the certificate will be signed with them."
|
142
|
+
description: "The path to the CA X509 Certificate on the filesystem. If the `ca_cert_file` property is specified, the `ca_key_file` property must also be specified, the certificate will be signed with them."
|
143
143
|
|
144
144
|
property :ca_key_file, String,
|
145
|
-
description: "The path to the CA private key on the filesystem. If the ca_key_file property is specified, the
|
145
|
+
description: "The path to the CA private key on the filesystem. If the `ca_key_file` property is specified, the `ca_cert_file` property must also be specified, the certificate will be signed with them."
|
146
146
|
|
147
147
|
property :ca_key_pass, String,
|
148
148
|
description: "The passphrase for CA private key's passphrase."
|