chef 16.5.64 → 16.8.14
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +6 -14
- data/README.md +1 -1
- data/Rakefile +21 -14
- data/chef-universal-mingw32.gemspec +1 -1
- data/chef.gemspec +3 -2
- data/lib/chef/application.rb +2 -2
- data/lib/chef/application/base.rb +1 -1
- data/lib/chef/application/client.rb +7 -2
- data/lib/chef/application/knife.rb +1 -1
- data/lib/chef/application/solo.rb +1 -1
- data/lib/chef/chef_fs/chef_fs_data_store.rb +1 -1
- data/lib/chef/chef_fs/data_handler/cookbook_data_handler.rb +1 -1
- data/lib/chef/chef_fs/file_pattern.rb +1 -1
- data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_cookbook_entry.rb +1 -1
- data/lib/chef/client.rb +6 -32
- data/lib/chef/compliance/default_attributes.rb +89 -0
- data/lib/chef/compliance/fetcher/automate.rb +69 -0
- data/lib/chef/compliance/fetcher/chef_server.rb +134 -0
- data/lib/chef/compliance/reporter/automate.rb +202 -0
- data/lib/chef/compliance/reporter/chef_server_automate.rb +94 -0
- data/lib/chef/compliance/reporter/compliance_enforcer.rb +20 -0
- data/lib/chef/compliance/reporter/json_file.rb +19 -0
- data/lib/chef/compliance/runner.rb +261 -0
- data/lib/chef/cookbook/gem_installer.rb +1 -1
- data/lib/chef/cookbook_manifest.rb +2 -1
- data/lib/chef/cookbook_site_streaming_uploader.rb +1 -1
- data/lib/chef/cookbook_version.rb +2 -5
- data/lib/chef/data_collector.rb +1 -1
- data/lib/chef/encrypted_data_bag_item/assertions.rb +1 -1
- data/lib/chef/environment.rb +1 -1
- data/lib/chef/event_loggers/windows_eventlog.rb +1 -1
- data/lib/chef/exceptions.rb +5 -1
- data/lib/chef/file_access_control/windows.rb +1 -4
- data/lib/chef/file_content_management/tempfile.rb +1 -1
- data/lib/chef/formatters/error_inspectors/compile_error_inspector.rb +2 -2
- data/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb +5 -5
- data/lib/chef/formatters/indentable_output_stream.rb +2 -2
- data/lib/chef/guard_interpreter/resource_guard_interpreter.rb +28 -39
- data/lib/chef/http.rb +2 -12
- data/lib/chef/http/basic_client.rb +1 -1
- data/lib/chef/http/http_request.rb +1 -1
- data/lib/chef/http/socketless_chef_zero_client.rb +1 -1
- data/lib/chef/http/ssl_policies.rb +6 -0
- data/lib/chef/json_compat.rb +2 -7
- data/lib/chef/key.rb +1 -1
- data/lib/chef/knife/bootstrap.rb +2 -1
- data/lib/chef/knife/bootstrap/templates/windows-chef-client-msi.erb +2 -2
- data/lib/chef/knife/bootstrap/train_connector.rb +1 -1
- data/lib/chef/knife/config_show.rb +1 -1
- data/lib/chef/knife/core/cookbook_scm_repo.rb +1 -1
- data/lib/chef/knife/core/gem_glob_loader.rb +1 -1
- data/lib/chef/knife/core/ui.rb +5 -2
- data/lib/chef/knife/core/windows_bootstrap_context.rb +7 -4
- data/lib/chef/knife/node_policy_set.rb +2 -2
- data/lib/chef/knife/node_run_list_add.rb +1 -1
- data/lib/chef/knife/node_run_list_remove.rb +1 -1
- data/lib/chef/knife/node_run_list_set.rb +1 -1
- data/lib/chef/knife/role_env_run_list_add.rb +1 -1
- data/lib/chef/knife/role_env_run_list_set.rb +1 -1
- data/lib/chef/knife/role_run_list_add.rb +1 -1
- data/lib/chef/knife/role_run_list_set.rb +1 -1
- data/lib/chef/knife/search.rb +0 -1
- data/lib/chef/knife/ssh.rb +5 -3
- data/lib/chef/knife/tag_create.rb +1 -1
- data/lib/chef/knife/tag_delete.rb +1 -1
- data/lib/chef/local_mode.rb +1 -1
- data/lib/chef/mixin/convert_to_class_name.rb +0 -56
- data/lib/chef/mixin/openssl_helper.rb +1 -1
- data/lib/chef/mixin/powershell_exec.rb +24 -10
- data/lib/chef/mixin/powershell_out.rb +12 -5
- data/lib/chef/mixin/properties.rb +2 -0
- data/lib/chef/mixin/template.rb +1 -1
- data/lib/chef/mixin/unformatter.rb +1 -1
- data/lib/chef/mixin/uris.rb +3 -1
- data/lib/chef/node/attribute_collections.rb +2 -6
- data/lib/chef/node/mixin/immutablize_hash.rb +2 -0
- data/lib/chef/node_map.rb +2 -2
- data/lib/chef/platform/query_helpers.rb +4 -4
- data/lib/chef/policy_builder/dynamic.rb +2 -0
- data/lib/chef/powershell.rb +10 -4
- data/lib/chef/property.rb +1 -1
- data/lib/chef/provider.rb +1 -1
- data/lib/chef/provider/cron.rb +2 -13
- data/lib/chef/provider/dsc_resource.rb +12 -24
- data/lib/chef/provider/dsc_script.rb +16 -20
- data/lib/chef/provider/file.rb +1 -1
- data/lib/chef/provider/git.rb +5 -5
- data/lib/chef/provider/group.rb +14 -6
- data/lib/chef/provider/group/windows.rb +12 -1
- data/lib/chef/provider/ifconfig.rb +8 -8
- data/lib/chef/provider/ifconfig/debian.rb +38 -22
- data/lib/chef/provider/ifconfig/redhat.rb +54 -18
- data/lib/chef/provider/launchd.rb +1 -11
- data/lib/chef/provider/link.rb +0 -9
- data/lib/chef/provider/mount.rb +18 -1
- data/lib/chef/provider/mount/linux.rb +4 -0
- data/lib/chef/provider/mount/mount.rb +41 -43
- data/lib/chef/provider/package.rb +3 -0
- data/lib/chef/provider/package/apt.rb +1 -1
- data/lib/chef/provider/package/chocolatey.rb +6 -6
- data/lib/chef/provider/package/dpkg.rb +3 -12
- data/lib/chef/provider/package/freebsd/base.rb +3 -2
- data/lib/chef/provider/package/freebsd/pkgng.rb +1 -1
- data/lib/chef/provider/package/homebrew.rb +1 -1
- data/lib/chef/provider/package/ips.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +2 -3
- data/lib/chef/provider/package/rubygems.rb +1 -1
- data/lib/chef/provider/package/snap.rb +1 -3
- data/lib/chef/provider/package/solaris.rb +0 -2
- data/lib/chef/provider/package/yum/rpm_utils.rb +1 -1
- data/lib/chef/provider/package/zypper.rb +98 -71
- data/lib/chef/provider/powershell_script.rb +12 -1
- data/lib/chef/provider/registry_key.rb +4 -3
- data/lib/chef/provider/route.rb +2 -2
- data/lib/chef/provider/service/debian.rb +2 -1
- data/lib/chef/provider/service/redhat.rb +1 -1
- data/lib/chef/provider/user.rb +17 -9
- data/lib/chef/provider/user/aix.rb +1 -1
- data/lib/chef/provider/user/dscl.rb +2 -2
- data/lib/chef/provider/user/mac.rb +14 -6
- data/lib/chef/provider/user/solaris.rb +1 -1
- data/lib/chef/provider/user/windows.rb +10 -3
- data/lib/chef/providers.rb +0 -3
- data/lib/chef/pwsh.rb +71 -0
- data/lib/chef/resource.rb +1 -1
- data/lib/chef/resource/apt_repository.rb +6 -5
- data/lib/chef/resource/bash.rb +119 -1
- data/lib/chef/resource/batch.rb +1 -1
- data/lib/chef/resource/breakpoint.rb +3 -1
- data/lib/chef/resource/build_essential.rb +5 -8
- data/lib/chef/resource/chef_client_config.rb +313 -0
- data/lib/chef/resource/chef_client_cron.rb +5 -5
- data/lib/chef/resource/chef_client_scheduled_task.rb +4 -4
- data/lib/chef/resource/chef_client_systemd_timer.rb +5 -5
- data/lib/chef/resource/chef_handler.rb +1 -0
- data/lib/chef/resource/chef_sleep.rb +1 -1
- data/lib/chef/resource/cron/_cron_shared.rb +1 -0
- data/lib/chef/resource/cron/cron_d.rb +2 -2
- data/lib/chef/resource/csh.rb +2 -2
- data/lib/chef/resource/dsc_script.rb +8 -1
- data/lib/chef/resource/execute.rb +6 -4
- data/lib/chef/resource/file.rb +2 -2
- data/lib/chef/resource/homebrew_update.rb +4 -1
- data/lib/chef/resource/hostname.rb +5 -5
- data/lib/chef/resource/ifconfig.rb +52 -5
- data/lib/chef/resource/kernel_module.rb +1 -1
- data/lib/chef/resource/ksh.rb +3 -3
- data/lib/chef/resource/launchd.rb +15 -15
- data/lib/chef/resource/lwrp_base.rb +3 -5
- data/lib/chef/resource/mount.rb +8 -2
- data/lib/chef/resource/perl.rb +2 -2
- data/lib/chef/resource/plist.rb +2 -6
- data/lib/chef/resource/powershell_package_source.rb +19 -18
- data/lib/chef/resource/powershell_script.rb +14 -11
- data/lib/chef/resource/python.rb +2 -2
- data/lib/chef/resource/registry_key.rb +93 -2
- data/lib/chef/resource/route.rb +1 -1
- data/lib/chef/resource/ruby.rb +2 -2
- data/lib/chef/resource/scm/_scm.rb +2 -1
- data/lib/chef/resource/scm/git.rb +82 -1
- data/lib/chef/resource/scm/subversion.rb +12 -0
- data/lib/chef/resource/script.rb +2 -2
- data/lib/chef/resource/solaris_package.rb +0 -2
- data/lib/chef/resource/sudo.rb +1 -1
- data/lib/chef/resource/support/client.erb +64 -0
- data/lib/chef/resource/systemd_unit.rb +42 -1
- data/lib/chef/resource/template.rb +2 -2
- data/lib/chef/resource/windows_ad_join.rb +9 -9
- data/lib/chef/resource/windows_audit_policy.rb +26 -24
- data/lib/chef/resource/windows_certificate.rb +13 -7
- data/lib/chef/resource/windows_dfs_server.rb +7 -4
- data/lib/chef/resource/windows_env.rb +173 -0
- data/lib/chef/resource/windows_feature.rb +2 -0
- data/lib/chef/resource/windows_firewall_profile.rb +7 -12
- data/lib/chef/resource/windows_firewall_rule.rb +9 -11
- data/lib/chef/resource/windows_font.rb +1 -1
- data/lib/chef/resource/windows_package.rb +1 -0
- data/lib/chef/resource/windows_path.rb +38 -0
- data/lib/chef/resource/windows_security_policy.rb +5 -5
- data/lib/chef/resource/windows_service.rb +108 -0
- data/lib/chef/resource/windows_share.rb +18 -18
- data/lib/chef/resource/windows_task.rb +629 -28
- data/lib/chef/resource/windows_workgroup.rb +6 -4
- data/lib/chef/resource/yum_repository.rb +1 -1
- data/lib/chef/resource_collection/resource_set.rb +2 -6
- data/lib/chef/resource_inspector.rb +77 -75
- data/lib/chef/resource_reporter.rb +0 -2
- data/lib/chef/resources.rb +1 -0
- data/lib/chef/run_lock.rb +2 -2
- data/lib/chef/search/query.rb +3 -1
- data/lib/chef/server_api.rb +0 -4
- data/lib/chef/shell/ext.rb +1 -1
- data/lib/chef/util/backup.rb +1 -1
- data/lib/chef/util/dsc/configuration_generator.rb +52 -11
- data/lib/chef/util/dsc/lcm_output_parser.rb +4 -7
- data/lib/chef/util/dsc/local_configuration_manager.rb +18 -15
- data/lib/chef/util/dsc/resource_store.rb +5 -11
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/api/file.rb +4 -0
- data/lib/chef/win32/file.rb +1 -1
- data/lib/chef/win32/security/sid.rb +1 -1
- data/lib/chef/win32/unicode.rb +1 -1
- data/spec/functional/mixin/powershell_out_spec.rb +11 -3
- data/spec/functional/resource/apt_package_spec.rb +4 -6
- data/spec/functional/resource/chocolatey_package_spec.rb +3 -3
- data/spec/functional/resource/cron_spec.rb +3 -3
- data/spec/functional/resource/dsc_script_spec.rb +6 -9
- data/spec/functional/resource/mount_spec.rb +10 -2
- data/spec/functional/resource/powershell_package_source_spec.rb +107 -0
- data/spec/functional/resource/powershell_script_spec.rb +57 -14
- data/spec/functional/resource/windows_certificate_spec.rb +10 -6
- data/spec/functional/resource/windows_firewall_rule_spec.rb +93 -0
- data/spec/functional/resource/windows_package_spec.rb +36 -10
- data/spec/functional/resource/windows_share_spec.rb +103 -0
- data/spec/functional/resource/windows_task_spec.rb +2 -3
- data/spec/functional/resource/zypper_package_spec.rb +11 -0
- data/spec/integration/client/client_spec.rb +2 -1
- data/spec/integration/compliance/compliance_spec.rb +81 -0
- data/spec/integration/knife/client_key_create_spec.rb +1 -1
- data/spec/integration/knife/node_create_spec.rb +1 -1
- data/spec/integration/knife/node_environment_set_spec.rb +1 -1
- data/spec/integration/knife/node_run_list_add_spec.rb +4 -4
- data/spec/integration/knife/node_run_list_remove_spec.rb +1 -1
- data/spec/integration/knife/node_run_list_set_spec.rb +1 -1
- data/spec/integration/knife/node_show_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/provider_choice.rb +2 -2
- data/spec/integration/recipes/recipe_dsl_spec.rb +1 -0
- data/spec/spec_helper.rb +3 -4
- data/spec/support/lib/chef/resource/cat.rb +1 -1
- data/spec/support/lib/chef/resource/one_two_three_four.rb +1 -1
- data/spec/support/mock/platform.rb +24 -16
- data/spec/support/platform_helpers.rb +11 -4
- data/spec/support/shared/unit/knife_shared.rb +1 -1
- data/spec/support/shared/unit/script_resource.rb +4 -4
- data/spec/support/shared/unit/windows_script_resource.rb +1 -1
- data/spec/unit/chef_fs/config_spec.rb +1 -1
- data/spec/unit/chef_fs/data_handler/data_bag_item_data_handler.rb +1 -1
- data/spec/unit/client_spec.rb +17 -0
- data/spec/unit/compliance/fetcher/automate_spec.rb +134 -0
- data/spec/unit/compliance/fetcher/chef_server_spec.rb +93 -0
- data/spec/unit/compliance/reporter/automate_spec.rb +427 -0
- data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +177 -0
- data/spec/unit/compliance/reporter/compliance_enforcer_spec.rb +48 -0
- data/spec/unit/compliance/runner_spec.rb +140 -0
- data/spec/unit/data_collector_spec.rb +0 -4
- data/spec/unit/guard_interpreter/resource_guard_interpreter_spec.rb +11 -11
- data/spec/unit/http/ssl_policies_spec.rb +11 -0
- data/spec/unit/knife/client_create_spec.rb +2 -2
- data/spec/unit/knife/configure_client_spec.rb +5 -5
- data/spec/unit/knife/configure_spec.rb +3 -3
- data/spec/unit/knife/cookbook_delete_spec.rb +2 -2
- data/spec/unit/knife/cookbook_download_spec.rb +2 -2
- data/spec/unit/knife/cookbook_list_spec.rb +2 -2
- data/spec/unit/knife/cookbook_metadata_spec.rb +3 -3
- data/spec/unit/knife/core/node_editor_spec.rb +1 -1
- data/spec/unit/knife/environment_compare_spec.rb +3 -3
- data/spec/unit/knife/supermarket_download_spec.rb +8 -8
- data/spec/unit/knife/supermarket_list_spec.rb +3 -3
- data/spec/unit/knife/supermarket_search_spec.rb +1 -1
- data/spec/unit/knife/tag_create_spec.rb +1 -1
- data/spec/unit/knife/tag_delete_spec.rb +1 -1
- data/spec/unit/knife/user_create_spec.rb +1 -1
- data/spec/unit/mixin/powershell_exec_spec.rb +41 -4
- data/spec/unit/mixin/powershell_out_spec.rb +14 -0
- data/spec/unit/mixin/which.rb +1 -1
- data/spec/unit/platform/query_helpers_spec.rb +11 -12
- data/spec/unit/provider/dsc_resource_spec.rb +10 -27
- data/spec/unit/provider/dsc_script_spec.rb +1 -1
- data/spec/unit/provider/group/windows_spec.rb +6 -0
- data/spec/unit/provider/group_spec.rb +1 -1
- data/spec/unit/provider/mount/linux_spec.rb +10 -0
- data/spec/unit/provider/mount/mount_spec.rb +21 -10
- data/spec/unit/provider/mount/solaris_spec.rb +1 -1
- data/spec/unit/provider/mount/windows_spec.rb +1 -0
- data/spec/unit/provider/mount_spec.rb +31 -0
- data/spec/unit/provider/package/chocolatey_spec.rb +1 -2
- data/spec/unit/provider/package/powershell_spec.rb +87 -95
- data/spec/unit/provider/package/zypper_spec.rb +0 -25
- data/spec/unit/provider/package_spec.rb +2 -2
- data/spec/unit/provider/powershell_script_spec.rb +11 -0
- data/spec/unit/provider/subversion_spec.rb +0 -3
- data/spec/unit/provider/systemd_unit_spec.rb +1 -1
- data/spec/unit/provider/user_spec.rb +7 -1
- data/spec/unit/provider/windows_env_spec.rb +18 -34
- data/spec/unit/provider/windows_path_spec.rb +6 -11
- data/spec/unit/provider/windows_task_spec.rb +7 -6
- data/spec/unit/resource/breakpoint_spec.rb +1 -1
- data/spec/unit/resource/build_essential_spec.rb +0 -12
- data/spec/unit/resource/chef_client_config_spec.rb +137 -0
- data/spec/unit/resource/ifconfig_spec.rb +2 -10
- data/spec/unit/resource/mount_spec.rb +18 -5
- data/spec/unit/resource/powershell_package_source_spec.rb +20 -20
- data/spec/unit/resource/powershell_script_spec.rb +4 -74
- data/spec/unit/resource/service_spec.rb +2 -2
- data/spec/unit/resource/solaris_package_spec.rb +8 -10
- data/spec/unit/resource/windows_certificate_spec.rb +12 -0
- data/spec/unit/resource_inspector_spec.rb +3 -3
- data/spec/unit/shell_spec.rb +2 -2
- data/spec/unit/util/dsc/configuration_generator_spec.rb +79 -0
- data/spec/unit/util/dsc/local_configuration_manager_spec.rb +27 -35
- data/tasks/rspec.rb +1 -1
- metadata +47 -24
- data/lib/chef/monkey_patches/net_http.rb +0 -22
- data/lib/chef/provider/windows_env.rb +0 -210
- data/lib/chef/provider/windows_path.rb +0 -61
- data/lib/chef/provider/windows_task.rb +0 -631
- data/lib/chef/util/powershell/cmdlet.rb +0 -175
- data/lib/chef/util/powershell/cmdlet_result.rb +0 -61
- data/spec/functional/util/powershell/cmdlet_spec.rb +0 -111
- data/spec/support/mock/constant.rb +0 -52
- data/spec/unit/monkey_patches/uri_spec.rb +0 -34
- data/spec/unit/provider_resolver_spec.rb +0 -885
- data/spec/unit/resource/data/InstallHistory_with_CLT.plist +0 -92
- data/spec/unit/resource/data/InstallHistory_without_CLT.plist +0 -38
- data/spec/unit/util/powershell/cmdlet_spec.rb +0 -106
@@ -29,6 +29,18 @@ class Chef
|
|
29
29
|
provides :subversion
|
30
30
|
|
31
31
|
description "Use the **subversion** resource to manage source control resources that exist in a Subversion repository."
|
32
|
+
examples <<~DOC
|
33
|
+
**Get the latest version of an application**
|
34
|
+
|
35
|
+
```ruby
|
36
|
+
subversion 'CouchDB Edge' do
|
37
|
+
repository 'http://svn.apache.org/repos/asf/couchdb/trunk'
|
38
|
+
revision 'HEAD'
|
39
|
+
destination '/opt/my_sources/couch'
|
40
|
+
action :sync
|
41
|
+
end
|
42
|
+
```
|
43
|
+
DOC
|
32
44
|
|
33
45
|
allowed_actions :force_export
|
34
46
|
|
data/lib/chef/resource/script.rb
CHANGED
@@ -29,9 +29,9 @@ class Chef
|
|
29
29
|
identity_attr :name
|
30
30
|
|
31
31
|
description "Use the **script** resource to execute scripts using a specified interpreter, such as Bash, csh, Perl, Python, or Ruby."\
|
32
|
-
" This resource may also use any of the actions and properties that are available to the execute resource. Commands"\
|
32
|
+
" This resource may also use any of the actions and properties that are available to the **execute** resource. Commands"\
|
33
33
|
" that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the"\
|
34
|
-
" environment in which they are run. Use not_if and only_if to guard this resource for idempotence."
|
34
|
+
" environment in which they are run. Use `not_if` and `only_if` to guard this resource for idempotence."
|
35
35
|
|
36
36
|
def initialize(name, run_context = nil)
|
37
37
|
super
|
@@ -25,8 +25,6 @@ class Chef
|
|
25
25
|
unified_mode true
|
26
26
|
|
27
27
|
provides :solaris_package
|
28
|
-
provides :package, os: "solaris2", platform_family: "nexentacore"
|
29
|
-
provides :package, os: "solaris2", platform_family: "solaris2", platform_version: "<= 5.10"
|
30
28
|
|
31
29
|
description "Use the **solaris_package** resource to manage packages on the Solaris platform."
|
32
30
|
|
data/lib/chef/resource/sudo.rb
CHANGED
@@ -30,7 +30,7 @@ class Chef
|
|
30
30
|
|
31
31
|
description "Use the **sudo** resource to add or remove individual sudo entries using sudoers.d files."\
|
32
32
|
" Sudo version 1.7.2 or newer is required to use the sudo resource, as it relies on the"\
|
33
|
-
"
|
33
|
+
" `#includedir` directive introduced in version 1.7.2. This resource does not enforce"\
|
34
34
|
" installation of the required sudo version. Chef-supported releases of Ubuntu, SuSE, Debian,"\
|
35
35
|
" and RHEL (6+) all support this feature."
|
36
36
|
introduced "14.0"
|
@@ -0,0 +1,64 @@
|
|
1
|
+
<% %w(@node_name
|
2
|
+
@chef_license
|
3
|
+
@chef_server_url
|
4
|
+
@event_loggers
|
5
|
+
@file_backup_path
|
6
|
+
@file_cache_path
|
7
|
+
@file_staging_uses_destdir
|
8
|
+
@formatters
|
9
|
+
@http_proxy
|
10
|
+
@https_proxy
|
11
|
+
@ftp_proxy
|
12
|
+
@log_level
|
13
|
+
@minimal_ohai
|
14
|
+
@named_run_list
|
15
|
+
@no_proxy
|
16
|
+
@ohai_disabled_plugins
|
17
|
+
@ohai_optional_plugins
|
18
|
+
@pid_file
|
19
|
+
@policy_group
|
20
|
+
@policy_name
|
21
|
+
@ssl_verify_mode).each do |prop| -%>
|
22
|
+
<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
|
23
|
+
<%=prop.delete_prefix("@") %> <%= instance_variable_get(prop).inspect %>
|
24
|
+
<% end -%>
|
25
|
+
<%# log_location is special due to STDOUT/STDERR from String -> IO Object -%>
|
26
|
+
<% unless @log_location.nil? %>
|
27
|
+
<% if @log_location.is_a?(String) && %w(STDOUT STDERR).include?(@log_location) -%>
|
28
|
+
log_location <%= @log_location %>
|
29
|
+
<% else -%>
|
30
|
+
log_location <%= @log_location.inspect %>
|
31
|
+
<% end -%>
|
32
|
+
<% end -%>
|
33
|
+
<%# The code below is not DRY on purpose to improve readability -%>
|
34
|
+
<% unless @start_handlers.empty? -%>
|
35
|
+
# Do not crash if a start handler is missing / not installed yet
|
36
|
+
begin
|
37
|
+
<% @start_handlers.each do |handler| -%>
|
38
|
+
start_handlers << <%= @handler %>
|
39
|
+
<% end -%>
|
40
|
+
rescue NameError => e
|
41
|
+
Chef::Log.error e
|
42
|
+
end
|
43
|
+
<% end -%>
|
44
|
+
<% unless @report_handlers.empty? -%>
|
45
|
+
# Do not crash if a report handler is missing / not installed yet
|
46
|
+
begin
|
47
|
+
<% @report_handlers.each do |handler| -%>
|
48
|
+
report_handlers << <%= @handler %>
|
49
|
+
<% end -%>
|
50
|
+
rescue NameError => e
|
51
|
+
Chef::Log.error e
|
52
|
+
end
|
53
|
+
<% end -%>
|
54
|
+
<% unless @exception_handlers.empty? -%>
|
55
|
+
# Do not crash if an exception handler is missing / not installed yet
|
56
|
+
begin
|
57
|
+
<% @exception_handlers.each do |handler| -%>
|
58
|
+
exception_handlers << <%= @handler %>
|
59
|
+
<% end -%>
|
60
|
+
rescue NameError => e
|
61
|
+
Chef::Log.error e
|
62
|
+
end
|
63
|
+
<% end -%>
|
64
|
+
<%= @additional_config -%>
|
@@ -27,8 +27,49 @@ class Chef
|
|
27
27
|
|
28
28
|
provides(:systemd_unit) { true }
|
29
29
|
|
30
|
-
description "Use the **systemd_unit** resource to create, manage, and run systemd units."
|
30
|
+
description "Use the **systemd_unit** resource to create, manage, and run [systemd units](https://www.freedesktop.org/software/systemd/man/systemd.html#Concepts)."
|
31
31
|
introduced "12.11"
|
32
|
+
examples <<~DOC
|
33
|
+
**Create systemd service unit file from a Hash**
|
34
|
+
|
35
|
+
```ruby
|
36
|
+
systemd_unit 'etcd.service' do
|
37
|
+
content({Unit: {
|
38
|
+
Description: 'Etcd',
|
39
|
+
Documentation: ['https://coreos.com/etcd', 'man:etcd(1)'],
|
40
|
+
After: 'network.target',
|
41
|
+
},
|
42
|
+
Service: {
|
43
|
+
Type: 'notify',
|
44
|
+
ExecStart: '/usr/local/etcd',
|
45
|
+
Restart: 'always',
|
46
|
+
},
|
47
|
+
Install: {
|
48
|
+
WantedBy: 'multi-user.target',
|
49
|
+
}})
|
50
|
+
action [:create, :enable]
|
51
|
+
end
|
52
|
+
```
|
53
|
+
|
54
|
+
**Create systemd service unit file from a String**
|
55
|
+
|
56
|
+
```ruby
|
57
|
+
systemd_unit 'sysstat-collect.timer' do
|
58
|
+
content <<~EOU
|
59
|
+
[Unit]
|
60
|
+
Description=Run system activity accounting tool every 10 minutes
|
61
|
+
|
62
|
+
[Timer]
|
63
|
+
OnCalendar=*:00/10
|
64
|
+
|
65
|
+
[Install]
|
66
|
+
WantedBy=sysstat.service
|
67
|
+
EOU
|
68
|
+
|
69
|
+
action [:create, :enable]
|
70
|
+
end
|
71
|
+
```
|
72
|
+
DOC
|
32
73
|
|
33
74
|
default_action :nothing
|
34
75
|
allowed_actions :create, :delete,
|
@@ -169,8 +169,8 @@ class Chef
|
|
169
169
|
elsif module_name.nil?
|
170
170
|
raise Exceptions::ValidationFailed,
|
171
171
|
"#helpers requires either a module name or inline module code as a block.\n" +
|
172
|
-
|
173
|
-
|
172
|
+
"e.g.: helpers do; helper_code; end;\n" +
|
173
|
+
"OR: helpers(MyHelpersModule)"
|
174
174
|
else
|
175
175
|
raise Exceptions::ValidationFailed,
|
176
176
|
"Argument to #helpers must be a module. You gave #{module_name.inspect} (#{module_name.class})"
|
@@ -109,12 +109,12 @@ class Chef
|
|
109
109
|
cmd << " -Force"
|
110
110
|
|
111
111
|
converge_by("join Active Directory domain #{new_resource.domain_name}") do
|
112
|
-
ps_run =
|
112
|
+
ps_run = powershell_exec(cmd)
|
113
113
|
if ps_run.error?
|
114
114
|
if sensitive?
|
115
115
|
raise "Failed to join the domain #{new_resource.domain_name}: *suppressed sensitive resource output*"
|
116
116
|
else
|
117
|
-
raise "Failed to join the domain #{new_resource.domain_name}: #{ps_run.
|
117
|
+
raise "Failed to join the domain #{new_resource.domain_name}: #{ps_run.errors}"
|
118
118
|
end
|
119
119
|
end
|
120
120
|
|
@@ -143,12 +143,12 @@ class Chef
|
|
143
143
|
cmd << " -Force"
|
144
144
|
|
145
145
|
converge_by("leave Active Directory domain #{node_domain}") do
|
146
|
-
ps_run =
|
146
|
+
ps_run = powershell_exec(cmd)
|
147
147
|
if ps_run.error?
|
148
148
|
if sensitive?
|
149
149
|
raise "Failed to leave the domain #{node_domain}: *suppressed sensitive resource output*"
|
150
150
|
else
|
151
|
-
raise "Failed to leave the domain #{node_domain}: #{ps_run.
|
151
|
+
raise "Failed to leave the domain #{node_domain}: #{ps_run.errors}"
|
152
152
|
end
|
153
153
|
end
|
154
154
|
|
@@ -170,10 +170,10 @@ class Chef
|
|
170
170
|
# workgroup the node is a member of.
|
171
171
|
#
|
172
172
|
def node_domain
|
173
|
-
node_domain =
|
174
|
-
raise "Failed to check if the system is joined to the domain #{new_resource.domain_name}: #{node_domain.
|
173
|
+
node_domain = powershell_exec!("(Get-WmiObject Win32_ComputerSystem).Domain")
|
174
|
+
raise "Failed to check if the system is joined to the domain #{new_resource.domain_name}: #{node_domain.errors}}" if node_domain.error?
|
175
175
|
|
176
|
-
node_domain.
|
176
|
+
node_domain.result.downcase.strip
|
177
177
|
end
|
178
178
|
|
179
179
|
#
|
@@ -182,10 +182,10 @@ class Chef
|
|
182
182
|
# workgroup.
|
183
183
|
#
|
184
184
|
def node_workgroup
|
185
|
-
node_workgroup =
|
185
|
+
node_workgroup = powershell_exec!("(Get-WmiObject Win32_ComputerSystem).Workgroup")
|
186
186
|
raise "Failed to check if the system is currently a member of a workgroup" if node_workgroup.error?
|
187
187
|
|
188
|
-
node_workgroup.
|
188
|
+
node_workgroup.result
|
189
189
|
end
|
190
190
|
|
191
191
|
#
|
@@ -152,30 +152,6 @@ class Chef
|
|
152
152
|
property :audit_base_directories, [true, false],
|
153
153
|
description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of container objects such as directories."
|
154
154
|
|
155
|
-
def subcategory_configured?(sub_cat, success_value, failure_value)
|
156
|
-
setting = if success_value && failure_value
|
157
|
-
"Success and Failure$"
|
158
|
-
elsif success_value && !failure_value
|
159
|
-
"Success$"
|
160
|
-
elsif !success_value && failure_value
|
161
|
-
"(Failure$)&!(Success and Failure$)"
|
162
|
-
else
|
163
|
-
"No Auditing"
|
164
|
-
end
|
165
|
-
powershell_exec(<<-CODE).result
|
166
|
-
$auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
|
167
|
-
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
168
|
-
CODE
|
169
|
-
end
|
170
|
-
|
171
|
-
def option_configured?(option_name, option_setting)
|
172
|
-
setting = option_setting ? "Enabled$" : "Disabled$"
|
173
|
-
powershell_exec(<<-CODE).result
|
174
|
-
$auditpol_config = auditpol /get /option:#{option_name}
|
175
|
-
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
176
|
-
CODE
|
177
|
-
end
|
178
|
-
|
179
155
|
action :set do
|
180
156
|
unless new_resource.subcategory.nil?
|
181
157
|
new_resource.subcategory.each do |subcategory|
|
@@ -225,6 +201,32 @@ class Chef
|
|
225
201
|
end
|
226
202
|
end
|
227
203
|
end
|
204
|
+
|
205
|
+
action_class do
|
206
|
+
def subcategory_configured?(sub_cat, success_value, failure_value)
|
207
|
+
setting = if success_value && failure_value
|
208
|
+
"Success and Failure$"
|
209
|
+
elsif success_value && !failure_value
|
210
|
+
"Success$"
|
211
|
+
elsif !success_value && failure_value
|
212
|
+
"#{sub_cat}\\s+Failure$"
|
213
|
+
else
|
214
|
+
"No Auditing"
|
215
|
+
end
|
216
|
+
powershell_exec!(<<-CODE).result
|
217
|
+
$auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
|
218
|
+
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
219
|
+
CODE
|
220
|
+
end
|
221
|
+
|
222
|
+
def option_configured?(option_name, option_setting)
|
223
|
+
setting = option_setting ? "Enabled$" : "Disabled$"
|
224
|
+
powershell_exec!(<<-CODE).result
|
225
|
+
$auditpol_config = auditpol /get /option:#{option_name}
|
226
|
+
if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
|
227
|
+
CODE
|
228
|
+
end
|
229
|
+
end
|
228
230
|
end
|
229
231
|
end
|
230
232
|
end
|
@@ -80,13 +80,18 @@ class Chef
|
|
80
80
|
default: false
|
81
81
|
|
82
82
|
property :cert_path, String,
|
83
|
-
description: ""
|
83
|
+
description: "The path to the certificate."
|
84
84
|
|
85
85
|
# lazy used to set default value of sensitive to true if password is set
|
86
86
|
property :sensitive, [TrueClass, FalseClass],
|
87
87
|
description: "Ensure that sensitive resource data is not logged by the #{ChefUtils::Dist::Infra::CLIENT}.",
|
88
88
|
default: lazy { pfx_password ? true : false }, skip_docs: true
|
89
89
|
|
90
|
+
property :exportable, [TrueClass, FalseClass],
|
91
|
+
description: "Ensure that imported pfx certificate is exportable. Please provide 'true' if you want the certificate to be exportable.",
|
92
|
+
default: false,
|
93
|
+
introduced: "16.8"
|
94
|
+
|
90
95
|
action :create do
|
91
96
|
description "Creates or updates a certificate."
|
92
97
|
|
@@ -162,8 +167,9 @@ class Chef
|
|
162
167
|
end
|
163
168
|
|
164
169
|
def add_pfx_cert
|
170
|
+
exportable = new_resource.exportable ? 1 : 0
|
165
171
|
store = ::Win32::Certstore.open(new_resource.store_name)
|
166
|
-
store.add_pfx(new_resource.source, new_resource.pfx_password)
|
172
|
+
store.add_pfx(new_resource.source, new_resource.pfx_password, exportable)
|
167
173
|
end
|
168
174
|
|
169
175
|
def delete_cert
|
@@ -207,16 +213,16 @@ class Chef
|
|
207
213
|
when ".der"
|
208
214
|
out_file.puts(cert_obj.to_der)
|
209
215
|
when ".cer"
|
210
|
-
cert_out =
|
216
|
+
cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout
|
211
217
|
out_file.puts(cert_out)
|
212
218
|
when ".crt"
|
213
|
-
cert_out =
|
219
|
+
cert_out = shell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CRT").stdout
|
214
220
|
out_file.puts(cert_out)
|
215
221
|
when ".pfx"
|
216
|
-
cert_out =
|
222
|
+
cert_out = shell_out("openssl pkcs12 -export -nokeys -in #{cert_obj.to_pem} -outform PFX").stdout
|
217
223
|
out_file.puts(cert_out)
|
218
224
|
when ".p7b"
|
219
|
-
cert_out =
|
225
|
+
cert_out = shell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout
|
220
226
|
out_file.puts(cert_out)
|
221
227
|
else
|
222
228
|
Chef::Log.info("Supported certificate format .pem, .der, .cer, .crt, .pfx and .p7b")
|
@@ -327,7 +333,7 @@ class Chef
|
|
327
333
|
# @return [Boolean] Whether the certificate file is binary encoded or not
|
328
334
|
#
|
329
335
|
def binary_cert?
|
330
|
-
|
336
|
+
shell_out!("file -b --mime-encoding #{new_resource.source}").stdout.strip == "binary"
|
331
337
|
end
|
332
338
|
|
333
339
|
# Imports the certificate object into cert store
|
@@ -49,14 +49,14 @@ class Chef
|
|
49
49
|
default: 3600
|
50
50
|
|
51
51
|
load_current_value do
|
52
|
-
ps_results =
|
52
|
+
ps_results = powershell_exec("Get-DfsnServerConfiguration -ComputerName '#{ENV["COMPUTERNAME"]}' | Select LdapTimeoutSec, PreferLogonDC, EnableSiteCostedReferrals, SyncIntervalSec, UseFqdn")
|
53
53
|
|
54
54
|
if ps_results.error?
|
55
55
|
raise "The dfs_server resource failed to fetch the current state via the Get-DfsnServerConfiguration PowerShell cmdlet. Is the DFS Windows feature installed?"
|
56
56
|
end
|
57
57
|
|
58
|
-
Chef::Log.debug("The Get-DfsnServerConfiguration results were #{ps_results.
|
59
|
-
results =
|
58
|
+
Chef::Log.debug("The Get-DfsnServerConfiguration results were #{ps_results.result}")
|
59
|
+
results = ps_results.result
|
60
60
|
|
61
61
|
use_fqdn results["UseFqdn"] || false
|
62
62
|
ldap_timeout_secs results["LdapTimeoutSec"]
|
@@ -69,7 +69,10 @@ class Chef
|
|
69
69
|
description "Configure DFS settings."
|
70
70
|
|
71
71
|
converge_if_changed do
|
72
|
-
|
72
|
+
dfs_cmd = "Set-DfsnServerConfiguration -ComputerName '#{ENV["COMPUTERNAME"]}' -UseFqdn $#{new_resource.use_fqdn} -LdapTimeoutSec #{new_resource.ldap_timeout_secs} -SyncIntervalSec #{new_resource.sync_interval_secs}"
|
73
|
+
dfs_cmd << " -EnableSiteCostedReferrals $#{new_resource.enable_site_costed_referrals}" if new_resource.enable_site_costed_referrals != current_resource.enable_site_costed_referrals
|
74
|
+
dfs_cmd << " -PreferLogonDC $#{new_resource.prefer_login_dc}" if new_resource.prefer_login_dc != current_resource.prefer_login_dc
|
75
|
+
powershell_exec!(dfs_cmd)
|
73
76
|
end
|
74
77
|
end
|
75
78
|
end
|
@@ -18,10 +18,13 @@
|
|
18
18
|
#
|
19
19
|
|
20
20
|
require_relative "../resource"
|
21
|
+
require_relative "../mixin/windows_env_helper"
|
21
22
|
|
22
23
|
class Chef
|
23
24
|
class Resource
|
24
25
|
class WindowsEnv < Chef::Resource
|
26
|
+
unified_mode true
|
27
|
+
|
25
28
|
provides :windows_env
|
26
29
|
provides :env # backwards compat with the pre-Chef 14 resource name
|
27
30
|
|
@@ -52,6 +55,176 @@ class Chef
|
|
52
55
|
desired_state: false
|
53
56
|
|
54
57
|
property :user, String, default: "<System>"
|
58
|
+
|
59
|
+
action_class do
|
60
|
+
include Chef::Mixin::WindowsEnvHelper
|
61
|
+
|
62
|
+
def whyrun_supported?
|
63
|
+
false
|
64
|
+
end
|
65
|
+
|
66
|
+
def load_current_resource
|
67
|
+
@current_resource = Chef::Resource::WindowsEnv.new(new_resource.name)
|
68
|
+
current_resource.key_name(new_resource.key_name)
|
69
|
+
|
70
|
+
if key_exists?
|
71
|
+
current_resource.value(env_value(new_resource.key_name))
|
72
|
+
else
|
73
|
+
logger.trace("#{new_resource} key does not exist")
|
74
|
+
end
|
75
|
+
|
76
|
+
current_resource
|
77
|
+
end
|
78
|
+
|
79
|
+
def key_exists?
|
80
|
+
@key_exists ||= !!env_value(new_resource.key_name)
|
81
|
+
end
|
82
|
+
|
83
|
+
def requires_modify_or_create?
|
84
|
+
if new_resource.delim
|
85
|
+
# e.g. check for existing value within PATH
|
86
|
+
new_values.inject(0) do |index, val|
|
87
|
+
next_index = current_values.find_index val
|
88
|
+
return true if next_index.nil? || next_index < index
|
89
|
+
|
90
|
+
next_index
|
91
|
+
end
|
92
|
+
false
|
93
|
+
else
|
94
|
+
new_resource.value != current_resource.value
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
alias_method :compare_value, :requires_modify_or_create?
|
99
|
+
|
100
|
+
# e.g. delete a PATH element
|
101
|
+
#
|
102
|
+
# ==== Returns
|
103
|
+
# <true>:: If we handled the element case and caller should not delete the key
|
104
|
+
# <false>:: Caller should delete the key, either no :delim was specific or value was empty
|
105
|
+
# after we removed the element.
|
106
|
+
def delete_element
|
107
|
+
return false unless new_resource.delim # no delim: delete the key
|
108
|
+
|
109
|
+
needs_delete = new_values.any? { |v| current_values.include?(v) }
|
110
|
+
if !needs_delete
|
111
|
+
logger.trace("#{new_resource} element '#{new_resource.value}' does not exist")
|
112
|
+
true # do not delete the key
|
113
|
+
else
|
114
|
+
new_value =
|
115
|
+
current_values.select do |item|
|
116
|
+
not new_values.include?(item)
|
117
|
+
end.join(new_resource.delim)
|
118
|
+
|
119
|
+
if new_value.empty?
|
120
|
+
false # nothing left here, delete the key
|
121
|
+
else
|
122
|
+
old_value = new_resource.value(new_value)
|
123
|
+
create_env
|
124
|
+
logger.trace("#{new_resource} deleted #{old_value} element")
|
125
|
+
new_resource.updated_by_last_action(true)
|
126
|
+
true # we removed the element and updated; do not delete the key
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
def create_env
|
132
|
+
obj = env_obj(@new_resource.key_name)
|
133
|
+
unless obj
|
134
|
+
obj = WIN32OLE.connect("winmgmts://").get("Win32_Environment").spawninstance_
|
135
|
+
obj.name = @new_resource.key_name
|
136
|
+
obj.username = new_resource.user
|
137
|
+
end
|
138
|
+
obj.variablevalue = @new_resource.value
|
139
|
+
obj.put_
|
140
|
+
value = @new_resource.value
|
141
|
+
value = expand_path(value) if @new_resource.key_name.casecmp("PATH") == 0
|
142
|
+
ENV[@new_resource.key_name] = value
|
143
|
+
broadcast_env_change
|
144
|
+
end
|
145
|
+
|
146
|
+
def delete_env
|
147
|
+
obj = env_obj(@new_resource.key_name)
|
148
|
+
if obj
|
149
|
+
obj.delete_
|
150
|
+
broadcast_env_change
|
151
|
+
end
|
152
|
+
if ENV[@new_resource.key_name]
|
153
|
+
ENV.delete(@new_resource.key_name)
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
def modify_env
|
158
|
+
if new_resource.delim
|
159
|
+
new_resource.value((new_values + current_values).uniq.join(new_resource.delim))
|
160
|
+
end
|
161
|
+
create_env
|
162
|
+
end
|
163
|
+
|
164
|
+
# Returns the current values to split by delimiter
|
165
|
+
def current_values
|
166
|
+
@current_values ||= current_resource.value.split(new_resource.delim)
|
167
|
+
end
|
168
|
+
|
169
|
+
# Returns the new values to split by delimiter
|
170
|
+
def new_values
|
171
|
+
@new_values ||= new_resource.value.split(new_resource.delim)
|
172
|
+
end
|
173
|
+
|
174
|
+
def env_value(key_name)
|
175
|
+
obj = env_obj(key_name)
|
176
|
+
obj.variablevalue if obj
|
177
|
+
end
|
178
|
+
|
179
|
+
def env_obj(key_name)
|
180
|
+
return @env_obj if @env_obj
|
181
|
+
|
182
|
+
wmi = WmiLite::Wmi.new
|
183
|
+
# Note that by design this query is case insensitive with regard to key_name
|
184
|
+
environment_variables = wmi.query("select * from Win32_Environment where name = '#{key_name}'")
|
185
|
+
if environment_variables && environment_variables.length > 0
|
186
|
+
environment_variables.each do |env|
|
187
|
+
@env_obj = env.wmi_ole_object
|
188
|
+
return @env_obj if @env_obj.username.split('\\').last.casecmp(new_resource.user) == 0
|
189
|
+
end
|
190
|
+
end
|
191
|
+
@env_obj = nil
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
action :create do
|
196
|
+
if key_exists?
|
197
|
+
if requires_modify_or_create?
|
198
|
+
modify_env
|
199
|
+
logger.info("#{new_resource} altered")
|
200
|
+
new_resource.updated_by_last_action(true)
|
201
|
+
end
|
202
|
+
else
|
203
|
+
create_env
|
204
|
+
logger.info("#{new_resource} created")
|
205
|
+
new_resource.updated_by_last_action(true)
|
206
|
+
end
|
207
|
+
end
|
208
|
+
|
209
|
+
action :delete do
|
210
|
+
if ( ENV[new_resource.key_name] || key_exists? ) && !delete_element
|
211
|
+
delete_env
|
212
|
+
logger.info("#{new_resource} deleted")
|
213
|
+
new_resource.updated_by_last_action(true)
|
214
|
+
end
|
215
|
+
end
|
216
|
+
|
217
|
+
action :modify do
|
218
|
+
if key_exists?
|
219
|
+
if requires_modify_or_create?
|
220
|
+
modify_env
|
221
|
+
logger.info("#{new_resource} modified")
|
222
|
+
new_resource.updated_by_last_action(true)
|
223
|
+
end
|
224
|
+
else
|
225
|
+
raise Chef::Exceptions::WindowsEnv, "Cannot modify #{new_resource} - key does not exist!"
|
226
|
+
end
|
227
|
+
end
|
55
228
|
end
|
56
229
|
end
|
57
230
|
end
|