chef 16.6.14 → 16.7.61

data/lib/chef/provider/registry_key.rb

@@ -35,6 +35,8 @@ class Chef
 
       include Chef::Mixin::Checksum
 
+      WORD_TYPES = %i{dword dword_big_endian qword}.freeze
+
       def running_on_windows!
         unless ChefUtils.windows?
           raise Chef::Exceptions::Win32NotWindows, "Attempt to manipulate the windows registry on a non-windows node"
@@ -122,9 +124,8 @@ class Chef
         new_resource.unscrubbed_values.each do |value|
           if @name_hash.key?(value[:name].downcase)
             current_value = @name_hash[value[:name].downcase]
-            if %i{dword dword_big_endian qword}.include? value[:type]
-              value[:data] = value[:data].to_i
-            end
+            value[:data] = value[:data].to_i if WORD_TYPES.include?(value[:type])
+
             unless current_value[:type] == value[:type] && current_value[:data] == value[:data]
               converge_by_value = if new_resource.sensitive
                                     value.merge(data: "*sensitive value suppressed*")

data/lib/chef/provider/route.rb

@@ -188,8 +188,8 @@ class Chef
                 logger.trace("#{new_resource} writing default route #{new_resource.gateway} to #{network_file_name}")
                 if ::File.exist?(network_file_name)
                   network_file = ::Chef::Util::FileEdit.new(network_file_name)
-                  network_file.search_file_replace_line /^GATEWAY=/, "GATEWAY=#{new_resource.gateway}"
-                  network_file.insert_line_if_no_match /^GATEWAY=/, "GATEWAY=#{new_resource.gateway}"
+                  network_file.search_file_replace_line(/^GATEWAY=/, "GATEWAY=#{new_resource.gateway}")
+                  network_file.insert_line_if_no_match(/^GATEWAY=/, "GATEWAY=#{new_resource.gateway}")
                   network_file.write_file
                 else
                   network_file = ::File.new(network_file_name, "w")

data/lib/chef/provider/service/debian.rb

@@ -28,6 +28,7 @@ class Chef
 
         UPDATE_RC_D_ENABLED_MATCHES = %r{/rc[\dS].d/S|not installed}i.freeze
         UPDATE_RC_D_PRIORITIES = %r{/rc([\dS]).d/([SK])(\d\d)}i.freeze
+        RUNLEVELS = %w{ 1 2 3 4 5 S }.freeze
 
         def self.supports?(resource, action)
           service_script_exist?(:initd, resource.service_name)
@@ -121,7 +122,7 @@ class Chef
           priority.each do |runlevel, arguments|
             logger.trace("#{new_resource} runlevel #{runlevel}, action #{arguments[0]}, priority #{arguments[1]}")
             # if we are in a update-rc.d default startup runlevel && we start in this runlevel
-            if %w{ 1 2 3 4 5 S }.include?(runlevel) && arguments[0] == :start
+            if RUNLEVELS.include?(runlevel) && arguments[0] == :start
               enabled = true
             end
           end

data/lib/chef/provider/user.rb

@@ -24,6 +24,7 @@ class Chef
     class User < Chef::Provider
 
       attr_accessor :user_exists, :locked
+      attr_accessor :change_desc
 
       def initialize(new_resource, run_context)
         super
@@ -107,13 +108,20 @@ class Chef
       # <true>:: If a change is required
       # <false>:: If the users are identical
       def compare_user
-        return true if !new_resource.home.nil? && Pathname.new(new_resource.home).cleanpath != Pathname.new(current_resource.home).cleanpath
+        @change_desc = []
+        if !new_resource.home.nil? && Pathname.new(new_resource.home).cleanpath != Pathname.new(current_resource.home).cleanpath
+          @change_desc << "change homedir from #{current_resource.home} to #{new_resource.home}"
+        end
 
         %i{comment shell password uid gid}.each do |user_attrib|
-          return true if !new_resource.send(user_attrib).nil? && new_resource.send(user_attrib).to_s != current_resource.send(user_attrib).to_s
+          new_val = new_resource.send(user_attrib)
+          cur_val = current_resource.send(user_attrib)
+          if !new_val.nil? && new_val.to_s != cur_val.to_s
+            @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
+          end
         end
 
-        false
+        !@change_desc.empty?
       end
 
       action :create do
@@ -123,9 +131,9 @@ class Chef
             logger.info("#{new_resource} created")
           end
         elsif compare_user
-          converge_by("alter user #{new_resource.username}") do
+          converge_by(["alter user #{new_resource.username}"] + change_desc) do
             manage_user
-            logger.info("#{new_resource} altered")
+            logger.info("#{new_resource} altered, #{change_desc.join(", ")}")
           end
         end
       end
@@ -142,18 +150,18 @@ class Chef
       action :manage do
         return unless @user_exists && compare_user
 
-        converge_by("manage user #{new_resource.username}") do
+        converge_by(["manage user #{new_resource.username}"] + change_desc) do
           manage_user
-          logger.info("#{new_resource} managed")
+          logger.info("#{new_resource} managed: #{change_desc.join(", ")}")
         end
       end
 
       action :modify do
         return unless compare_user
 
-        converge_by("modify user #{new_resource.username}") do
+        converge_by(["modify user #{new_resource.username}"] + change_desc) do
           manage_user
-          logger.info("#{new_resource} modified")
+          logger.info("#{new_resource} modified: #{change_desc.join(", ")}")
         end
       end
 

data/lib/chef/provider/user/aix.rb

@@ -68,7 +68,7 @@ class Chef
 
         def check_lock
           lock_info = shell_out!("lsuser", "-a", "account_locked", new_resource.username)
-          if whyrun_mode? && passwd_s.stdout.empty? && lock_info.stderr.match(/does not exist/)
+          if whyrun_mode? && passwd_s.stdout.empty? && lock_info.stderr.include?("does not exist")
             # if we're in whyrun mode and the user is not yet created we assume it would be
             return false
           end

data/lib/chef/provider/user/mac.rb

@@ -221,7 +221,17 @@ class Chef
         end
 
         def compare_user
-          %i{comment shell uid gid salt password admin secure_token hidden}.any? { |m| diverged?(m) }
+          @change_desc = []
+          %i{comment shell uid gid salt password admin secure_token hidden}.each do |attr|
+            if diverged?(attr)
+              desc = "Update #{attr}"
+              unless %i{password gid secure_token hidden}.include?(attr)
+                desc << " from #{current_resource.send(attr)} to #{new_resource.send(attr)}"
+              end
+              @change_desc << desc
+            end
+          end
+          !@change_desc.empty?
         end
 
         def manage_user
@@ -290,9 +300,7 @@ class Chef
           end
 
           if diverged?(:hidden)
-            converge_by("alter hidden") do
-              set_hidden
-            end
+            converge_by("alter hidden") { set_hidden }
           end
 
           reload_user_plist

data/lib/chef/provider/user/solaris.rb

@@ -25,7 +25,7 @@ class Chef
     class User
       class Solaris < Chef::Provider::User
         provides :solaris_user
-        provides :user, os: %w{openindiana opensolaris illumos omnios solaris2 smartos}
+        provides :user, os: %w{openindiana illumos omnios solaris2 smartos}
 
         PASSWORD_FILE = "/etc/shadow".freeze
 

data/lib/chef/provider/user/windows.rb

@@ -61,13 +61,20 @@ class Chef
         # <true>:: If a change is required
         # <false>:: If the users are identical
         def compare_user
+          @change_desc = []
           unless @net_user.validate_credentials(new_resource.password)
-            logger.trace("#{new_resource} password has changed")
-            return true
+            @change_desc << "update password"
           end
+
           %i{uid comment home shell full_name}.any? do |user_attrib|
-            !new_resource.send(user_attrib).nil? && new_resource.send(user_attrib) != current_resource.send(user_attrib)
+            new_val = new_resource.send(user_attrib)
+            cur_val = current_resource.send(user_attrib)
+            if !new_val.nil? && new_val != cur_val
+              @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
+            end
           end
+
+          !@change_desc.empty?
         end
 
         def create_user

data/lib/chef/providers.rb

@@ -47,11 +47,8 @@ require_relative "provider/systemd_unit"
 require_relative "provider/template"
 require_relative "provider/user"
 require_relative "provider/whyrun_safe_ruby_block"
-require_relative "provider/windows_env"
 require_relative "provider/yum_repository"
-require_relative "provider/windows_task"
 require_relative "provider/zypper_repository"
-require_relative "provider/windows_path"
 
 require_relative "provider/package/apt"
 require_relative "provider/package/chocolatey"

data/lib/chef/pwsh.rb

@@ -58,6 +58,13 @@ class Chef
     end
 
     def self.dll
+      # This Powershell DLL source lives here: https://github.com/chef/chef-powershell-shim
+      # Every merge into that repo triggers a Habitat build and promotion. Running
+      # the rake :update_chef_exec_dll task in this (chef/chef) repo will pull down
+      # the built packages and copy the binaries to distro/ruby_bin_folder. Bundle install
+      # ensures that the correct architecture binaries are installed into the path.
+      # Also note that the version of pwsh is determined by which assemblies the dll was
+      # built with. To update powershell, those dependencies must be bumped.
       @dll ||= Dir.glob("#{RbConfig::CONFIG["bindir"]}/**/Chef.PowerShell.Wrapper.Core.dll").last
     end
   end

data/lib/chef/resource/bash.rb

@@ -25,7 +25,125 @@ class Chef
 
       provides :bash
 
-      description "Use the **bash** resource to execute scripts using the Bash interpreter. This resource may also use any of the actions and properties that are available to the execute resource. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use not_if and only_if to guard this resource for idempotence."
+      description "Use the **bash** resource to execute scripts using the Bash interpreter. This resource may also use any of the actions and properties that are available to the **execute** resource. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use `not_if` and `only_if` to guard this resource for idempotence."
+      examples <<~'DOC'
+      **Compile an application**
+
+      ```ruby
+      bash 'install_something' do
+        user 'root'
+        cwd '/tmp'
+        code <<-EOH
+          wget http://www.example.com/tarball.tar.gz
+          tar -zxf tarball.tar.gz
+          cd tarball
+          ./configure
+          make
+          make install
+        EOH
+      end
+      ```
+
+      **Install a file from a remote location**
+
+      The following is an example of how to install the foo123 module for Nginx. This module adds shell-style functionality to an Nginx configuration file and does the following:
+
+        - Declares three variables
+        - Gets the Nginx file from a remote location
+        - Installs the file using Bash to the path specified by the `src_filepath` variable
+
+      ```ruby
+      src_filename = "foo123-nginx-module-v#{node['nginx']['foo123']['version']}.tar.gz"
+      src_filepath = "#{Chef::Config['file_cache_path']}/#{src_filename}"
+      extract_path = "#{Chef::Config['file_cache_path']}/nginx_foo123_module/#{node['nginx']['foo123']['checksum']}"
+
+      remote_file 'src_filepath' do
+        source node['nginx']['foo123']['url']
+        checksum node['nginx']['foo123']['checksum']
+        owner 'root'
+        group 'root'
+        mode '0755'
+      end
+
+      bash 'extract_module' do
+        cwd ::File.dirname(src_filepath)
+        code <<-EOH
+          mkdir -p #{extract_path}
+          tar xzf #{src_filename} -C #{extract_path}
+          mv #{extract_path}/*/* #{extract_path}/
+        EOH
+        not_if { ::File.exist?(extract_path) }
+      end
+      ```
+
+      **Install an application from git**
+
+      ```ruby
+      git "#{Chef::Config[:file_cache_path]}/ruby-build" do
+        repository 'git://github.com/rbenv/ruby-build.git'
+        revision 'master'
+        action :sync
+      end
+
+      bash 'install_ruby_build' do
+        cwd "#{Chef::Config[:file_cache_path]}/ruby-build"
+        user 'rbenv'
+        group 'rbenv'
+        code <<-EOH
+          ./install.sh
+        EOH
+        environment 'PREFIX' => '/usr/local'
+      end
+      ```
+
+      **Using Attributes in Bash Code**
+
+      The following recipe shows how an attributes file can be used to store certain settings. An attributes file is located in the `attributes/`` directory in the same cookbook as the recipe which calls the attributes file. In this example, the attributes file specifies certain settings for Python that are then used across all nodes against which this recipe will run.
+
+      Python packages have versions, installation directories, URLs, and checksum files. An attributes file that exists to support this type of recipe would include settings like the following:
+
+      ```ruby
+      default['python']['version'] = '2.7.1'
+
+      if python['install_method'] == 'package'
+        default['python']['prefix_dir'] = '/usr'
+      else
+        default['python']['prefix_dir'] = '/usr/local'
+      end
+
+      default['python']['url'] = 'http://www.python.org/ftp/python'
+      default['python']['checksum'] = '80e387...85fd61'
+      ```
+
+      and then the methods in the recipe may refer to these values. A recipe that is used to install Python will need to do the following:
+
+        - Identify each package to be installed (implied in this example, not shown)
+        - Define variables for the package `version` and the `install_path`
+        - Get the package from a remote location, but only if the package does not already exist on the target system
+        - Use the **bash** resource to install the package on the node, but only when the package is not already installed
+
+      ```ruby
+      version = node['python']['version']
+      install_path = "#{node['python']['prefix_dir']}/lib/python#{version.split(/(^\d+\.\d+)/)[1]}"
+
+      remote_file "#{Chef::Config[:file_cache_path]}/Python-#{version}.tar.bz2" do
+        source "#{node['python']['url']}/#{version}/Python-#{version}.tar.bz2"
+        checksum node['python']['checksum']
+        mode '0755'
+        not_if { ::File.exist?(install_path) }
+      end
+
+      bash 'build-and-install-python' do
+        cwd Chef::Config[:file_cache_path]
+        code <<-EOF
+          tar -jxvf Python-#{version}.tar.bz2
+          (cd Python-#{version} && ./configure #{configure_options})
+          (cd Python-#{version} && make && make install)
+        EOF
+        not_if { ::File.exist?(install_path) }
+      end
+      ```
+      DOC
 
       def initialize(name, run_context = nil)
         super

data/lib/chef/resource/batch.rb

@@ -25,7 +25,7 @@ class Chef
 
       provides :batch
 
-      description "Use the **batch** resource to execute a batch script using the cmd.exe interpreter on Windows. The batch resource creates and executes a temporary file (similar to how the script resource behaves), rather than running the command inline. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use not_if and only_if to guard this resource for idempotence."
+      description "Use the **batch** resource to execute a batch script using the cmd.exe interpreter on Windows. The batch resource creates and executes a temporary file (similar to how the script resource behaves), rather than running the command inline. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use `not_if` and `only_if` to guard this resource for idempotence."
 
       def initialize(*args)
         super

data/lib/chef/resource/breakpoint.rb

@@ -49,6 +49,8 @@ class Chef
 
       **The same recipe with breakpoints**
 
+      In the following example, the name of each breakpoint is an arbitrary string.
+
       ```ruby
       breakpoint "before yum_key node['yum']['repo_name']['key']" do
         action :break
@@ -81,7 +83,7 @@ class Chef
       end
       ```
 
-      where the name of each breakpoint is an arbitrary string. In the previous examples, the names are used to indicate if the breakpoint is before or after a resource, and then also to specify which resource.
+      In the previous examples, the names are used to indicate if the breakpoint is before or after a resource and also to specify which resource it is before or after.
       DOC
 
       default_action :break

data/lib/chef/resource/build_essential.rb

@@ -15,7 +15,6 @@
 #
 
 require_relative "../resource"
-autoload :Plist, "plist"
 
 class Chef
   class Resource
@@ -130,8 +129,8 @@ class Chef
           pkg_label = xcode_cli_package_label
 
           # With upgrade action we should install if it's not installed or if there's an available update.
-          # `xcode_cli_package_label` will be nil if there's no update.
-          install_xcode_cli_tools(pkg_label) if !xcode_cli_installed? || xcode_cli_package_label
+          # `pkg_label` will be nil if there's no update.
+          install_xcode_cli_tools(pkg_label) if !xcode_cli_installed? || pkg_label
         else
           Chef::Log.info "The build_essential resource :upgrade action is only supported on macOS systems. Skipping..."
         end
@@ -160,14 +159,12 @@ class Chef
         end
 
         #
-        # Determine if the XCode Command Line Tools are installed by parsing the install history plist.
-        # We parse the plist data install of running pkgutil because we found that pkgutils doesn't always contain all the packages
+        # Determine if the XCode Command Line Tools are installed by checking
+        # for success from `xcode-select -p`
         #
         # @return [true, false]
         def xcode_cli_installed?
-          packages = ::Plist.parse_xml(::File.open("/Library/Receipts/InstallHistory.plist", "r"))
-          packages.select! { |package| package["displayName"].match? "Command Line Tools" }
-          !packages.empty?
+          !shell_out("xcode-select", "-p").error?
         end
 
         #

data/lib/chef/resource/csh.rb

@@ -27,9 +27,9 @@ class Chef
 
       description "Use the **csh** resource to execute scripts using the csh interpreter."\
                   " This resource may also use any of the actions and properties that are"\
-                  " available to the execute resource. Commands that are executed with this"\
+                  " available to the **execute** resource. Commands that are executed with this"\
                   " resource are (by their nature) not idempotent, as they are typically"\
-                  " unique to the environment in which they are run. Use not_if and only_if"\
+                  " unique to the environment in which they are run. Use `not_if` and `only_if`"\
                   " to guard this resource for idempotence."
 
       def initialize(name, run_context = nil)

data/lib/chef/resource/execute.rb

@@ -27,7 +27,7 @@ class Chef
 
       provides :execute, target_mode: true
 
-      description "Use the **execute** resource to execute a single command. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use not_if and only_if to guard this resource for idempotence. Note: Use the **script** resource to execute a script using a specific interpreter (Ruby, Python, Perl, csh, or Bash)."
+      description "Use the **execute** resource to execute a single command. Commands that are executed with this resource are (by their nature) not idempotent, as they are typically unique to the environment in which they are run. Use `not_if` and `only_if` to guard this resource for idempotence. Note: Use the **script** resource to execute a script using a specific interpreter (Ruby, Python, Perl, csh, or Bash)."
 
       examples <<~EXAMPLES
         **Run a command upon notification**:
@@ -549,11 +549,11 @@ class Chef
         desired_state: false
 
       property :user, [ String, Integer ],
-        description: "The user name of the user identity with which to launch the new process. The user name may optionally be specified with a domain, i.e. domainuser or user@my.dns.domain.com via Universal Principal Name (UPN)format. It can also be specified without a domain simply as user if the domain is instead specified using the domain property. On Windows only, if this property is specified, the password property must be specified."
+        description: "The user name of the user identity with which to launch the new process. The user name may optionally be specified with a domain, i.e. `domainuser` or `user@my.dns.domain.com` via Universal Principal Name (UPN)format. It can also be specified without a domain simply as user if the domain is instead specified using the domain property. On Windows only, if this property is specified, the password property must be specified."
 
       property :domain, String,
         introduced: "12.21",
-        description: "Windows only: The domain of the user user specified by the user property. If not specified, the user name and password specified by the user and password properties will be used to resolve that user against the domain in which the system running #{ChefUtils::Dist::Infra::PRODUCT} is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the user property."
+        description: "Windows only: The domain of the user user specified by the user property. If not specified, the username and password specified by the `user` and `password` properties will be used to resolve that user against the domain in which the system running #{ChefUtils::Dist::Infra::PRODUCT} is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the user property."
 
       property :password, String, sensitive: true,
         introduced: "12.21",
@@ -565,7 +565,7 @@ class Chef
         default: lazy { password ? true : false }, default_description: "True if the password property is set. False otherwise."
 
       property :elevated, [ TrueClass, FalseClass ], default: false,
-        description: "Determines whether the script will run with elevated permissions to circumvent User Access Control (UAC) interactively blocking the process.\nThis will cause the process to be run under a batch login instead of an interactive login. The user running #{ChefUtils::Dist::Infra::CLIENT} needs the 'Replace a process level token' and 'Adjust Memory Quotas for a process' permissions. The user that is running the command needs the 'Log on as a batch job' permission.\nBecause this requires a login, the user and password properties are required.",
+        description: "Determines whether the script will run with elevated permissions to circumvent User Access Control (UAC) from interactively blocking the process.\nThis will cause the process to be run under a batch login instead of an interactive login. The user running #{ChefUtils::Dist::Infra::CLIENT} needs the 'Replace a process level token' and 'Adjust Memory Quotas for a process' permissions. The user that is running the command needs the 'Log on as a batch job' permission.\nBecause this requires a login, the user and password properties are required.",
         introduced: "13.3"
 
       property :input, [String],
@@ -661,8 +661,10 @@ class Chef
 
       set_guard_inherited_attributes(
         :cwd,
+        :domain,
         :environment,
         :group,
+        :password,
         :user,
         :umask
       )