chef 16.5.77 → 16.6.14

data/lib/chef/resource/launchd.rb

@@ -131,35 +131,35 @@ class Chef
         description: "If a job dies, all remaining processes with the same process ID may be kept running. Set to true to kill all remaining processes."
 
       property :debug, [ TrueClass, FalseClass ],
-        description: "Sets the log mask to LOG_DEBUG for this job."
+        description: "Sets the log mask to `LOG_DEBUG` for this job."
 
       property :disabled, [ TrueClass, FalseClass ], default: false,
-               description: "Hints to launchctl to not submit this job to launchd."
+               description: "Hints to `launchctl` to not submit this job to launchd."
 
       property :enable_globbing, [ TrueClass, FalseClass ],
         description: "Update program arguments before invocation."
 
       property :enable_transactions, [ TrueClass, FalseClass ],
-        description: "Track in-progress transactions; if none, then send the SIGKILL signal."
+        description: "Track in-progress transactions; if none, then send the `SIGKILL` signal."
 
       property :environment_variables, Hash,
         description: "Additional environment variables to set before running a job."
 
       property :exit_timeout, Integer,
-        description: "The amount of time (in seconds) launchd waits before sending a SIGKILL signal."
+        description: "The amount of time (in seconds) launchd waits before sending a `SIGKILL` signal."
 
       property :hard_resource_limits, Hash,
         description: "A Hash of resource limits to be imposed on a job."
 
       property :inetd_compatibility, Hash,
-        description: "Specifies if a daemon expects to be run as if it were launched from inetd. Set to wait => true to pass standard input, output, and error file descriptors. Set to wait => false to call the accept system call on behalf of the job, and then pass standard input, output, and error file descriptors."
+        description: "Specifies if a daemon expects to be run as if it were launched from inetd. Set to `wait => true` to pass standard input, output, and error file descriptors. Set to `wait => false` to call the accept system call on behalf of the job, and then pass standard input, output, and error file descriptors."
 
       property :init_groups, [ TrueClass, FalseClass ],
-        description: "Specify if initgroups is called before running a job."
+        description: "Specify if `initgroups` is called before running a job."
 
       property :keep_alive, [ TrueClass, FalseClass, Hash ],
         introduced: "12.14",
-        description: "Keep a job running continuously (true) or allow demand and conditions on the node to determine if the job keeps running (false)."
+        description: "Keep a job running continuously (true) or allow demand and conditions on the node to determine if the job keeps running (`false`)."
 
       property :launch_events, [ Hash ],
         introduced: "15.1",
@@ -191,10 +191,10 @@ class Chef
         callbacks: { "should be a Integer between -20 and 19" => proc { |v| v >= -20 && v <= 19 } }
 
       property :on_demand, [ TrueClass, FalseClass ],
-        description: "Keep a job alive. Only applies to macOS version 10.4 (and earlier); use keep_alive instead for newer versions."
+        description: "Keep a job alive. Only applies to macOS version 10.4 (and earlier); use `keep_alive` instead for newer versions."
 
       property :process_type, String,
-        description: "The intended purpose of the job: Adaptive, Background, Interactive, or Standard."
+        description: "The intended purpose of the job: `Adaptive`, `Background`, `Interactive`, or `Standard`."
 
       property :program, String,
         description: "The first argument of execvp, typically the file name associated with the file to be executed. This value must be specified if program_arguments is not specified, and vice-versa."
@@ -206,7 +206,7 @@ class Chef
         description: "An array of non-empty directories which, if any are modified, will cause a job to be started."
 
       property :root_directory, String,
-        description: "chroot to this directory, and then run the job."
+        description: "`chroot` to this directory, and then run the job."
 
       property :run_at_load, [ TrueClass, FalseClass ],
         description: "Launch a job once (at the time it is loaded)."
@@ -218,13 +218,13 @@ class Chef
         description: "A Hash of resource limits to be imposed on a job."
 
       property :standard_error_path, String,
-        description: "The file to which standard error (stderr) is sent."
+        description: "The file to which standard error (`stderr`) is sent."
 
       property :standard_in_path, String,
-        description: "The file to which standard input (stdin) is sent."
+        description: "The file to which standard input (`stdin`) is sent."
 
       property :standard_out_path, String,
-        description: "The file to which standard output (stdout) is sent."
+        description: "The file to which standard output (`stdout`) is sent."
 
       property :start_interval, Integer,
         description: "The frequency (in seconds) at which a job is started."
@@ -239,7 +239,7 @@ class Chef
         description: "The amount of time (in seconds) a job may be idle before it times out. If no value is specified, the default timeout value for launchd will be used."
 
       property :umask, Integer,
-        description: "A decimal value to pass to umask before running a job."
+        description: "A decimal value to pass to `umask` before running a job."
 
       property :username, String,
         description: "When launchd is run as the root user, the user to run the job as."
@@ -251,7 +251,7 @@ class Chef
         description: "An array of paths which, if any are modified, will cause a job to be started."
 
       property :working_directory, String,
-        description: "Chdir to this directory, and then run the job."
+        description: "`chdir` to this directory, and then run the job."
     end
   end
 end

data/lib/chef/resource/mount.rb

@@ -84,7 +84,7 @@ class Chef
         description: "Windows only: Use to specify the user name."
 
       property :domain, String,
-        description: "Windows only: Use to specify the domain in which the username and password are located."
+        description: "Windows only: Use to specify the domain in which the `username` and `password` are located."
 
       private
 

data/lib/chef/resource/powershell_script.rb

@@ -22,11 +22,18 @@ class Chef
     class PowershellScript < Chef::Resource::WindowsScript
       unified_mode true
 
+      set_guard_inherited_attributes(:interpreter)
+
       provides :powershell_script, os: "windows"
 
       property :flags, String,
         description: "A string that is passed to the Windows PowerShell command"
 
+      property :interpreter, String,
+        default: "powershell",
+        equal_to: %w{powershell pwsh},
+        description: "The interpreter type, `powershell` or `pwsh` (PowerShell Core)"
+
       property :convert_boolean_return, [true, false],
         default: false,
         description: <<~DESC
@@ -62,7 +69,6 @@ class Chef
 
       def initialize(*args)
         super
-        @interpreter = "powershell.exe"
         @default_guard_interpreter = resource_name
       end
 

data/lib/chef/resource/support/client.erb

@@ -0,0 +1,65 @@
+<% %w(@node_name
+      @chef_license
+      @chef_server_url
+      @event_loggers
+      @file_backup_path
+      @file_cache_path
+      @file_staging_uses_destdir
+      @formatters
+      @http_proxy
+      @https_proxy
+      @ftp_proxy
+      @log_level
+      @log_location
+      @minimal_ohai
+      @named_run_list
+      @no_proxy
+      @ohai_disabled_plugins
+      @ohai_optional_plugins
+      @pid_file
+      @policy_group
+      @policy_name
+      @ssl_verify_mode).each do |prop| -%>
+<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
+<%=prop.delete_prefix("@") %> = <%= instance_variable_get(prop).inspect %>
+<% end -%>
+<%# log_location is special due to STDOUT/STDERR from String -> IO Object -%>
+<% unless @log_location.nil? %>
+  <% if @log_location.is_a? String && %w(STDOUT STDERR).include?(@log_location) -%>
+log_location = <%= @log_location %>
+  <% else -%>
+log_location = <%= @log_location.inspect %>
+  <% end -%>
+<% end -%>
+<%# The code below is not DRY on purpose to improve readability -%>
+<% unless @start_handlers.empty? -%>
+  # Do not crash if a start handler is missing / not installed yet
+  begin
+  <% @start_handlers.each do |handler| -%>
+    start_handlers << <%= @handler %>
+  <% end -%>
+  rescue NameError => e
+    Chef::Log.error e
+  end
+<% end -%>
+<% unless @report_handlers.empty? -%>
+  # Do not crash if a report handler is missing / not installed yet
+  begin
+  <% @report_handlers.each do |handler| -%>
+    report_handlers << <%= @handler %>
+  <% end -%>
+  rescue NameError => e
+    Chef::Log.error e
+  end
+<% end -%>
+<% unless @exception_handlers.empty? -%>
+  # Do not crash if an exception handler is missing / not installed yet
+  begin
+  <% @exception_handlers.each do |handler| -%>
+    exception_handlers << <%= @handler %>
+  <% end -%>
+  rescue NameError => e
+    Chef::Log.error e
+  end
+<% end -%>
+<%= @additional_config -%>

data/lib/chef/resource/windows_audit_policy.rb

@@ -152,30 +152,6 @@ class Chef
       property :audit_base_directories, [true, false],
                description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of container objects such as directories."
 
-      def subcategory_configured?(sub_cat, success_value, failure_value)
-        setting = if success_value && failure_value
-                    "Success and Failure$"
-                  elsif success_value && !failure_value
-                    "Success$"
-                  elsif !success_value && failure_value
-                    "(Failure$)&!(Success and Failure$)"
-                  else
-                    "No Auditing"
-                  end
-        powershell_exec(<<-CODE).result
-          $auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
-          if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
-        CODE
-      end
-
-      def option_configured?(option_name, option_setting)
-        setting = option_setting ? "Enabled$" : "Disabled$"
-        powershell_exec(<<-CODE).result
-          $auditpol_config = auditpol /get /option:#{option_name}
-          if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
-        CODE
-      end
-
       action :set do
         unless new_resource.subcategory.nil?
           new_resource.subcategory.each do |subcategory|
@@ -225,6 +201,32 @@ class Chef
           end
         end
       end
+
+      action_class do
+        def subcategory_configured?(sub_cat, success_value, failure_value)
+          setting = if success_value && failure_value
+                      "Success and Failure$"
+                    elsif success_value && !failure_value
+                      "Success$"
+                    elsif !success_value && failure_value
+                      "#{sub_cat}\\s+Failure$"
+                    else
+                      "No Auditing"
+                    end
+          powershell_exec!(<<-CODE).result
+            $auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
+            if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
+          CODE
+        end
+
+        def option_configured?(option_name, option_setting)
+          setting = option_setting ? "Enabled$" : "Disabled$"
+          powershell_exec!(<<-CODE).result
+            $auditpol_config = auditpol /get /option:#{option_name}
+            if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
+          CODE
+        end
+      end
     end
   end
 end

data/lib/chef/resources.rb

@@ -27,6 +27,7 @@ require_relative "resource/batch"
 require_relative "resource/breakpoint"
 require_relative "resource/build_essential"
 require_relative "resource/cookbook_file"
+require_relative "resource/chef_client_config"
 require_relative "resource/chef_client_cron"
 require_relative "resource/chef_client_launchd"
 require_relative "resource/chef_client_scheduled_task"

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("16.5.77")
+  VERSION = Chef::VersionString.new("16.6.14")
 end
 
 #

data/spec/functional/mixin/powershell_out_spec.rb

@@ -18,7 +18,7 @@
 require "spec_helper"
 require "chef/mixin/powershell_out"
 
-describe Chef::Mixin::PowershellOut, windows_only: true do
+describe Chef::Mixin::PowershellOut, :windows_only do
   include Chef::Mixin::PowershellOut
 
   describe "#powershell_out" do
@@ -26,6 +26,14 @@ describe Chef::Mixin::PowershellOut, windows_only: true do
       expect(powershell_out("get-process").run_command.stdout).to match /Handles/
     end
 
+    it "uses :powershell by default" do
+      expect(powershell_out("$PSVersionTable").run_command.stdout).to match /CLRVersion/
+    end
+
+    it ":pwsh interpreter uses core edition", :pwsh_installed do
+      expect(powershell_out("$PSVersionTable", :pwsh).run_command.stdout).to match /Core/
+    end
+
     it "does not raise exceptions when the command is invalid" do
       powershell_out("this-is-not-a-valid-command").run_command
     end

data/spec/functional/resource/powershell_script_spec.rb

@@ -47,7 +47,7 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do
     r
   end
 
-  describe "when the run action is invoked on Windows" do
+  shared_examples_for "a running powershell script" do
     it "successfully executes a non-cmdlet Windows binary as the last command of the script" do
       resource.code(successful_executable_script_content + " | out-file -encoding ASCII #{script_output_path}")
       resource.returns(0)
@@ -231,22 +231,54 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do
       resource.only_if { true }
       expect { resource.should_skip?(:run) }.to raise_error(ArgumentError, /guard_interpreter does not support blocks/)
     end
+  end
+
+  context "when using the powershell interpreter" do
+    before do
+      resource.interpreter "powershell"
+    end
+
+    it_behaves_like "a running powershell script"
+
+    it "runs Windows Powershell" do
+      resource.code("$PSVersionTable.PSVersion.Major | out-file -encoding ASCII #{script_output_path}")
+      resource.returns(0)
+      resource.run_action(:run)
+
+      expect(get_script_output.to_i).to be < 6
+    end
+  end
+
+  context "when using the pwsh interpreter", :pwsh_installed do
+    before do
+      resource.interpreter "pwsh"
+    end
+
+    it_behaves_like "a running powershell script"
 
-    context "when dsc is supported", :windows_powershell_dsc_only do
-      it "can execute LCM configuration code" do
-        resource.code <<~EOF
-          configuration LCM
+    it "runs a version of powershell greater than 6" do
+      resource.code("$PSVersionTable.PSVersion.Major | out-file -encoding ASCII #{script_output_path}")
+      resource.returns(0)
+      resource.run_action(:run)
+
+      expect(get_script_output.to_i).to be > 6
+    end
+  end
+
+  context "when dsc is supported", :windows_powershell_dsc_only do
+    it "can execute LCM configuration code" do
+      resource.code <<~EOF
+        configuration LCM
+        {
+          param ($thumbprint)
+          localconfigurationmanager
           {
-            param ($thumbprint)
-            localconfigurationmanager
-            {
-              RebootNodeIfNeeded = $false
-              ConfigurationMode = 'ApplyOnly'
-            }
+            RebootNodeIfNeeded = $false
+            ConfigurationMode = 'ApplyOnly'
           }
-        EOF
-        expect { resource.run_action(:run) }.not_to raise_error
-      end
+        }
+      EOF
+      expect { resource.run_action(:run) }.not_to raise_error
     end
   end
 
@@ -347,6 +379,17 @@ describe Chef::Resource::WindowsScript::PowershellScript, :windows_only do
 
     context "with powershell_script as the guard_interpreter" do
 
+      context "when pwsh is the interpreter", :pwsh_installed do
+        before do
+          resource.interpreter "pwsh"
+        end
+
+        it "uses powershell core to evaluate the guard" do
+          resource.not_if "$PSVersionTable.PSEdition -eq 'Core'"
+          expect(resource.should_skip?(:run)).to be_truthy
+        end
+      end
+
       it "has a guard_interpreter attribute set to :powershell_script" do
         expect(resource.guard_interpreter).to eq(:powershell_script)
       end

data/spec/spec_helper.rb

@@ -200,6 +200,7 @@ RSpec.configure do |config|
   # check for particular binaries we need
   config.filter_run_excluding choco_installed: true unless choco_installed?
   config.filter_run_excluding requires_ifconfig: true unless ifconfig?
+  config.filter_run_excluding pwsh_installed: true unless pwsh_installed?
 
   running_platform_arch = `uname -m`.strip unless windows?
 

data/spec/support/platform_helpers.rb

@@ -243,5 +243,10 @@ end
 
 def choco_installed?
   result = ShellHelpers.powershell_out("choco --version")
-  result.stderr.empty? ? true : false
+  result.stderr.empty?
+end
+
+def pwsh_installed?
+  result = ShellHelpers.powershell_out("pwsh.exe --version")
+  result.stderr.empty?
 end

data/spec/unit/mixin/powershell_exec_spec.rb

@@ -19,13 +19,42 @@
 require "spec_helper"
 require "chef/mixin/powershell_exec"
 
-describe Chef::Mixin::PowershellExec, :windows_only, :windows_gte_10 do
+describe Chef::Mixin::PowershellExec, :windows_only do
   let(:powershell_mixin) { Class.new { include Chef::Mixin::PowershellExec } }
   subject(:object) { powershell_mixin.new }
 
   describe "#powershell_exec" do
-    it "runs a basic command and returns a Chef::PowerShell object" do
-      expect(object.powershell_exec("$PSVersionTable")).to be_kind_of(Chef::PowerShell)
+    context "not specifying an interpreter" do
+      it "runs a basic command and returns a Chef::PowerShell object" do
+        expect(object.powershell_exec("$PSVersionTable")).to be_kind_of(Chef::PowerShell)
+      end
+
+      it "uses less than version 6" do
+        execution = object.powershell_exec("$PSVersionTable")
+        expect(execution.result["PSVersion"].to_s.to_i).to be < 6
+      end
+    end
+
+    context "using pwsh interpreter" do
+      it "runs a basic command and returns a Chef::PowerShell object" do
+        expect(object.powershell_exec("$PSVersionTable", :pwsh)).to be_kind_of(Chef::Pwsh)
+      end
+
+      it "uses greater than version 6" do
+        execution = object.powershell_exec("$PSVersionTable", :pwsh)
+        expect(execution.result["PSVersion"]["Major"]).to be > 6
+      end
+    end
+
+    context "using powershell interpreter" do
+      it "runs a basic command and returns a Chef::PowerShell object" do
+        expect(object.powershell_exec("$PSVersionTable", :powershell)).to be_kind_of(Chef::PowerShell)
+      end
+
+      it "uses less than version 6" do
+        execution = object.powershell_exec("$PSVersionTable", :powershell)
+        expect(execution.result["PSVersion"].to_s.to_i).to be < 6
+      end
     end
 
     it "runs a command that fails with a non-terminating error and can trap the error via .error?" do
@@ -39,6 +68,10 @@ describe Chef::Mixin::PowershellExec, :windows_only, :windows_gte_10 do
       expect(execution.errors[0]).to be_a_kind_of(String)
       expect(execution.errors[0]).to include("Runtime exception: this-should-error")
     end
+
+    it "raises an error if the interpreter is invalid" do
+      expect { object.powershell_exec("this-should-error", :powerfart) }.to raise_error(ArgumentError)
+    end
   end
 
   describe "#powershell_exec!" do
@@ -49,5 +82,9 @@ describe Chef::Mixin::PowershellExec, :windows_only, :windows_gte_10 do
     it "raises an error if the command fails" do
       expect { object.powershell_exec!("this-should-error") }.to raise_error(Chef::PowerShell::CommandFailed)
     end
+
+    it "raises an error if the interpreter is invalid" do
+      expect { object.powershell_exec!("this-should-error", :powerfart) }.to raise_error(ArgumentError)
+    end
   end
 end