chef 16.7.61-universal-mingw32 → 16.8.9-universal-mingw32

data/lib/chef/knife/core/ui.rb

@@ -64,7 +64,10 @@ class Chef
       # Creates a new object of class TTY::Prompt
       # with interrupt as exit so that it can be terminated with status code.
       def prompt
-        @prompt ||= TTY::Prompt.new(interrupt: :exit)
+        @prompt ||= begin
+          require "tty-prompt"
+          TTY::Prompt.new(interrupt: :exit)
+        end
       end
 
       # pastel.decorate is a lightweight replacement for highline.color

data/lib/chef/knife/ssh.rb

@@ -289,7 +289,7 @@ class Chef
           opts[:port] = port unless port.nil?
           opts[:logger] = Chef::Log.with_child(subsystem: "net/ssh") if Chef::Log.level == :trace
           unless config[:host_key_verify]
-            opts[:verify_host_key] = false
+            opts[:verify_host_key] = :never
             opts[:user_known_hosts_file] = "/dev/null"
           end
           if ssh_config[:keepalive]

data/lib/chef/mixin/powershell_exec.rb

@@ -23,10 +23,12 @@ require_relative "../pwsh"
 # powershell_exec is initialized with a string that should be set to the script
 # to run and also takes an optional interpreter argument which must be either
 # :powershell (Windows PowerShell which is the default) or :pwsh (PowerShell
-# Core). It will return a Chef::PowerShell object that provides 4 methods:
+# Core). It will return a Chef::PowerShell object that provides 5 methods:
 #
 # .result - returns a hash representing the results returned by executing the
 #           PowerShell script block
+# .verbose - this is an array of string containing any messages written to the
+#           PowerShell verbose stream during execution
 # .errors - this is an array of string containing any messages written to the
 #           PowerShell error stream during execution
 # .error? - returns true if there were error messages written to the PowerShell

data/lib/chef/platform/query_helpers.rb

@@ -58,10 +58,10 @@ class Chef
       end
 
       def dsc_refresh_mode_disabled?(node)
-        require_relative "../util/powershell/cmdlet"
-        cmdlet = Chef::Util::Powershell::Cmdlet.new(node, "Get-DscLocalConfigurationManager", :object)
-        metadata = cmdlet.run!.return_value
-        metadata["RefreshMode"] == "Disabled"
+        require_relative "../powershell"
+        exec = Chef::PowerShell.new("Get-DscLocalConfigurationManager")
+        exec.error!
+        exec.result["RefreshMode"] == "Disabled"
       end
 
       def supported_powershell_version?(node, version_string)

data/lib/chef/powershell.rb

@@ -24,6 +24,7 @@ class Chef
 
     attr_reader :result
     attr_reader :errors
+    attr_reader :verbose
 
     # Run a command under PowerShell via FFI
     # This implementation requires the managed dll and native wrapper to be in the library search
@@ -72,6 +73,7 @@ class Chef
       hashed_outcome = Chef::JSONCompat.parse(execution)
       @result = Chef::JSONCompat.parse(hashed_outcome["result"])
       @errors = hashed_outcome["errors"]
+      @verbose = hashed_outcome["verbose"]
     end
   end
 end

data/lib/chef/provider/dsc_resource.rb

@@ -15,7 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-require_relative "../util/powershell/cmdlet"
+require "timeout" unless defined?(Timeout)
+require_relative "../mixin/powershell_exec"
 require_relative "../util/dsc/local_configuration_manager"
 require_relative "../mixin/powershell_type_coercions"
 require_relative "../util/dsc/resource_store"
@@ -130,27 +131,27 @@ class Chef
       def test_resource
         result = invoke_resource(:test)
         add_dsc_verbose_log(result)
-        return_dsc_resource_result(result, "InDesiredState")
+        result.result["InDesiredState"]
       end
 
       def set_resource
         result = invoke_resource(:set)
         add_dsc_verbose_log(result)
-        create_reboot_resource if return_dsc_resource_result(result, "RebootRequired")
-        result.return_value
+        create_reboot_resource if result.result["RebootRequired"]
+        result
       end
 
       def add_dsc_verbose_log(result)
         # We really want this information from the verbose stream,
         # however in some versions of WMF, Invoke-DscResource is not correctly
         # writing to that stream and instead just dumping to stdout
-        verbose_output = result.stream(:verbose)
-        verbose_output = result.stdout if verbose_output.empty?
+        verbose_output = result.verbose.join("\n")
+        verbose_output = result.result if verbose_output.empty?
 
         if @converge_description.nil? || @converge_description.empty?
           @converge_description = verbose_output
         else
-          @converge_description << "\n"
+          @converge_description << "\n\n"
           @converge_description << verbose_output
         end
       end
@@ -159,26 +160,13 @@ class Chef
         @module_version.nil? ? module_name : "@{ModuleName='#{module_name}';ModuleVersion='#{@module_version}'}"
       end
 
-      def invoke_resource(method, output_format = :object)
+      def invoke_resource(method)
         properties = translate_type(new_resource.properties)
         switches = "-Method #{method} -Name #{new_resource.resource}"\
                    " -Property #{properties} -Module #{module_info_object} -Verbose"
-        cmdlet = Chef::Util::Powershell::Cmdlet.new(
-          node,
-          "Invoke-DscResource #{switches}",
-          output_format
-        )
-        cmdlet.run!({}, { timeout: new_resource.timeout })
-      end
-
-      def return_dsc_resource_result(result, property_name)
-        if result.return_value.is_a?(Array)
-          # WMF Feb 2015 Preview
-          result.return_value[0][property_name]
-        else
-          # WMF April 2015 Preview
-          result.return_value[property_name]
-        end
+        Timeout.timeout(new_resource.timeout) {
+          powershell_exec!("Invoke-DscResource #{switches}")
+        }
       end
 
       def create_reboot_resource

data/lib/chef/provider/dsc_script.rb

@@ -16,7 +16,6 @@
 # limitations under the License.
 #
 
-require_relative "../util/powershell/cmdlet"
 require_relative "../util/dsc/configuration_generator"
 require_relative "../util/dsc/local_configuration_manager"
 require_relative "../util/path_helper"
@@ -32,11 +31,11 @@ class Chef
         @dsc_resource = dsc_resource
         @resource_converged = false
         @operations = {
-          set: Proc.new do |config_manager, document, shellout_flags|
-            config_manager.set_configuration(document, shellout_flags)
+          set: Proc.new do |config_manager, document|
+            config_manager.set_configuration(document)
           end,
-          test: Proc.new do |config_manager, document, shellout_flags|
-            config_manager.test_configuration(document, shellout_flags)
+          test: Proc.new do |config_manager, document|
+            config_manager.test_configuration(document)
           end }
       end
 
@@ -85,20 +84,23 @@ class Chef
 
         config_manager = Chef::Util::DSC::LocalConfigurationManager.new(@run_context.node, config_directory)
 
-        shellout_flags = {
-          cwd: @dsc_resource.cwd,
-          environment: @dsc_resource.environment,
-          timeout: @dsc_resource.timeout,
-        }
+        cwd = @dsc_resource.cwd || Dir.pwd
+        original_env = ENV.to_hash
 
         begin
-          configuration_document = generate_configuration_document(config_directory, configuration_flags)
-          @operations[operation].call(config_manager, configuration_document, shellout_flags)
+          ENV.update(@dsc_resource.environment) if @dsc_resource.environment
+          Dir.chdir(cwd) do
+            Timeout.timeout(@dsc_resource.timeout) do
+              configuration_document = generate_configuration_document(config_directory, configuration_flags)
+              @operations[operation].call(config_manager, configuration_document)
+            end
+          end
         rescue Exception => e
           logger.error("DSC operation failed: #{e.message}")
           raise e
         ensure
           ::FileUtils.rm_rf(config_directory)
+          ENV.replace(original_env)
         end
       end
 
@@ -112,20 +114,14 @@ class Chef
       end
 
       def generate_configuration_document(config_directory, configuration_flags)
-        shellout_flags = {
-          cwd: @dsc_resource.cwd,
-          environment: @dsc_resource.environment,
-          timeout: @dsc_resource.timeout,
-        }
-
         generator = Chef::Util::DSC::ConfigurationGenerator.new(@run_context.node, config_directory)
 
         if @dsc_resource.command
-          generator.configuration_document_from_script_path(@dsc_resource.command, configuration_name, configuration_flags, shellout_flags)
+          generator.configuration_document_from_script_path(@dsc_resource.command, configuration_name, configuration_flags)
         else
           # If code is also not provided, we mimic what the other script resources do (execute nothing)
           logger.warn("Neither code or command were provided for dsc_resource[#{@dsc_resource.name}].") unless @dsc_resource.code
-          generator.configuration_document_from_script_code(@dsc_resource.code || "", configuration_flags, @dsc_resource.imports, shellout_flags)
+          generator.configuration_document_from_script_code(@dsc_resource.code || "", configuration_flags, @dsc_resource.imports)
         end
       end
 

data/lib/chef/provider/git.rb

@@ -68,9 +68,9 @@ class Chef
           a.assertion { !(new_resource.revision =~ %r{^origin/}) }
           a.failure_message Chef::Exceptions::InvalidRemoteGitReference,
             "Deploying remote branches is not supported. " +
-            "Specify the remote branch as a local branch for " +
-            "the git repository you're deploying from " +
-            "(ie: '#{new_resource.revision.gsub("origin/", "")}' rather than '#{new_resource.revision}')."
+              "Specify the remote branch as a local branch for " +
+              "the git repository you're deploying from " +
+              "(ie: '#{new_resource.revision.gsub("origin/", "")}' rather than '#{new_resource.revision}')."
         end
 
         requirements.assert(:all_actions) do |a|
@@ -80,8 +80,8 @@ class Chef
           a.assertion { !target_revision.nil? }
           a.failure_message Chef::Exceptions::UnresolvableGitReference,
             "Unable to parse SHA reference for '#{new_resource.revision}' in repository '#{new_resource.repository}'. " +
-            "Verify your (case-sensitive) repository URL and revision.\n" +
-            "`git ls-remote '#{new_resource.repository}' '#{rev_search_pattern}'` output: #{@resolved_reference}"
+              "Verify your (case-sensitive) repository URL and revision.\n" +
+              "`git ls-remote '#{new_resource.repository}' '#{rev_search_pattern}'` output: #{@resolved_reference}"
         end
       end
 

data/lib/chef/resource/chef_client_config.rb

@@ -110,7 +110,7 @@ class Chef
       property :config_directory, String,
         description: "The directory to store the client.rb in.",
         default: ChefConfig::Config.etc_chef_dir,
-        default_description: "`/etc/chef/` on *nix-like systems and `C:\chef\` on Windows"
+        default_description: "`/etc/chef/` on *nix-like systems and `C:\\chef\\` on Windows"
 
       property :user, String,
         description: "The user that should own the client.rb file and the configuration directory if it needs to be created. Note: The configuration directory will not be created if it already exists, which allows you to further control the setup of that directory outside of this resource."

data/lib/chef/resource/dsc_script.rb

@@ -29,7 +29,14 @@ class Chef
       unified_mode true
       provides :dsc_script
 
-      description "Many DSC resources are comparable to built-in #{ChefUtils::Dist::Infra::PRODUCT} resources. For example, both DSC and #{ChefUtils::Dist::Infra::PRODUCT} have file, package, and service resources. The dsc_script resource is most useful for those DSC resources that do not have a direct comparison to a resource in #{ChefUtils::Dist::Infra::PRODUCT}, such as the Archive resource, a custom DSC resource, an existing DSC script that performs an important task, and so on. Use the dsc_script resource to embed the code that defines a DSC configuration directly within a #{ChefUtils::Dist::Infra::PRODUCT} recipe."
+      description <<~DESC
+        Many DSC resources are comparable to built-in #{ChefUtils::Dist::Infra::PRODUCT} resources. For example, both DSC and #{ChefUtils::Dist::Infra::PRODUCT}
+        have file, package, and service resources. The dsc_script resource is most useful for those DSC resources that do not have a direct comparison to a
+        resource in #{ChefUtils::Dist::Infra::PRODUCT}, such as the Archive resource, a custom DSC resource, an existing DSC script that performs an important
+        task, and so on. Use the dsc_script resource to embed the code that defines a DSC configuration directly within a #{ChefUtils::Dist::Infra::PRODUCT} recipe.
+
+        Warning: The **dsc_script** resource may not be used with the 32 bit Chef Infra client. It must be executed from a 64 bit Chef Infra client.
+      DESC
 
       default_action :run
 

data/lib/chef/resource/hostname.rb

@@ -131,18 +131,18 @@ class Chef
             # darwin
             declare_resource(:execute, "set HostName via scutil") do
               command "/usr/sbin/scutil --set HostName #{new_resource.hostname}"
-              not_if { shell_out!("/usr/sbin/scutil --get HostName").stdout.chomp == new_resource.hostname }
+              not_if { shell_out("/usr/sbin/scutil --get HostName").stdout.chomp == new_resource.hostname }
               notifies :reload, "ohai[reload hostname]"
             end
             declare_resource(:execute, "set ComputerName via scutil") do
               command "/usr/sbin/scutil --set ComputerName  #{new_resource.hostname}"
-              not_if { shell_out!("/usr/sbin/scutil --get ComputerName").stdout.chomp == new_resource.hostname }
+              not_if { shell_out("/usr/sbin/scutil --get ComputerName").stdout.chomp == new_resource.hostname }
               notifies :reload, "ohai[reload hostname]"
             end
             shortname = new_resource.hostname[/[^\.]*/]
             declare_resource(:execute, "set LocalHostName via scutil") do
               command "/usr/sbin/scutil --set LocalHostName #{shortname}"
-              not_if { shell_out!("/usr/sbin/scutil --get LocalHostName").stdout.chomp == shortname }
+              not_if { shell_out("/usr/sbin/scutil --get LocalHostName").stdout.chomp == shortname }
               notifies :reload, "ohai[reload hostname]"
             end
           when linux?

data/lib/chef/resource/template.rb

@@ -169,8 +169,8 @@ class Chef
         elsif module_name.nil?
           raise Exceptions::ValidationFailed,
             "#helpers requires either a module name or inline module code as a block.\n" +
-            "e.g.: helpers do; helper_code; end;\n" +
-            "OR: helpers(MyHelpersModule)"
+              "e.g.: helpers do; helper_code; end;\n" +
+              "OR: helpers(MyHelpersModule)"
         else
           raise Exceptions::ValidationFailed,
             "Argument to #helpers must be a module. You gave #{module_name.inspect} (#{module_name.class})"

data/lib/chef/resource/windows_certificate.rb

@@ -87,6 +87,11 @@ class Chef
         description: "Ensure that sensitive resource data is not logged by the #{ChefUtils::Dist::Infra::CLIENT}.",
         default: lazy { pfx_password ? true : false }, skip_docs: true
 
+      property :exportable, [TrueClass, FalseClass],
+        description: "Ensure that imported pfx certificate is exportable. Please provide 'true' if you want the certificate to be exportable.",
+        default: false,
+        introduced: "16.8"
+
       action :create do
         description "Creates or updates a certificate."
 
@@ -162,8 +167,9 @@ class Chef
         end
 
         def add_pfx_cert
+          exportable = new_resource.exportable ? 1 : 0
           store = ::Win32::Certstore.open(new_resource.store_name)
-          store.add_pfx(new_resource.source, new_resource.pfx_password)
+          store.add_pfx(new_resource.source, new_resource.pfx_password, exportable)
         end
 
         def delete_cert

data/lib/chef/resource_collection/resource_set.rb

@@ -131,7 +131,7 @@ class Chef
           else
             raise Chef::Exceptions::InvalidResourceSpecification,
               "The object `#{query_object.inspect}' is not valid for resource collection lookup. " +
-              "Use a String like `resource_type[resource_name]' or a Chef::Resource object"
+                "Use a String like `resource_type[resource_name]' or a Chef::Resource object"
         end
       end
 

data/lib/chef/util/dsc/configuration_generator.rb

@@ -16,36 +16,34 @@
 # limitations under the License.
 #
 
-require_relative "../powershell/cmdlet"
+require_relative "../../mixin/powershell_exec"
 
 class Chef::Util::DSC
   class ConfigurationGenerator
+    include Chef::Mixin::PowershellExec
+
     def initialize(node, config_directory)
       @node = node
       @config_directory = config_directory
     end
 
-    def configuration_document_from_script_code(code, configuration_flags, imports, shellout_flags)
+    def configuration_document_from_script_code(code, configuration_flags, imports)
       Chef::Log.trace("DSC: DSC code:\n '#{code}'")
       generated_script_path = write_document_generation_script(code, "chef_dsc", imports)
       begin
-        configuration_document_from_script_path(generated_script_path, "chef_dsc", configuration_flags, shellout_flags)
+        configuration_document_from_script_path(generated_script_path, "chef_dsc", configuration_flags)
       ensure
         ::FileUtils.rm(generated_script_path)
       end
     end
 
-    def configuration_document_from_script_path(script_path, configuration_name, configuration_flags, shellout_flags)
+    def configuration_document_from_script_path(script_path, configuration_name, configuration_flags)
       validate_configuration_name!(configuration_name)
 
-      document_generation_cmdlet = Chef::Util::Powershell::Cmdlet.new(
-        @node,
-        configuration_document_generation_code(script_path, configuration_name)
-      )
-
-      merged_configuration_flags = get_merged_configuration_flags!(configuration_flags, configuration_name)
+      config_generation_code = configuration_document_generation_code(script_path, configuration_name)
+      switches_string = command_switches_string(get_merged_configuration_flags!(configuration_flags, configuration_name))
 
-      document_generation_cmdlet.run!(merged_configuration_flags, shellout_flags)
+      powershell_exec!("#{config_generation_code} #{switches_string}")
       configuration_document_location = find_configuration_document(configuration_name)
 
       unless configuration_document_location
@@ -59,6 +57,49 @@ class Chef::Util::DSC
 
     protected
 
+    def validate_switch_name!(switch_parameter_name)
+      unless switch_parameter_name.match?(/\A[A-Za-z]+[_a-zA-Z0-9]*\Z/)
+        raise ArgumentError, "`#{switch_parameter_name}` is not a valid PowerShell cmdlet switch parameter name"
+      end
+    end
+
+    def escape_parameter_value(parameter_value)
+      parameter_value.gsub(/(`|'|"|#)/, '`\1')
+    end
+
+    def escape_string_parameter_value(parameter_value)
+      "'#{escape_parameter_value(parameter_value)}'"
+    end
+
+    def command_switches_string(switches)
+      command_switches = switches.map do |switch_name, switch_value|
+        if switch_name.class != Symbol
+          raise ArgumentError, "Invalid type `#{switch_name} `for PowerShell switch '#{switch_name}'. The switch must be specified as a Symbol'"
+        end
+
+        validate_switch_name!(switch_name)
+
+        switch_argument = ""
+        switch_present = true
+
+        case switch_value
+        when Numeric, Float
+          switch_argument = switch_value.to_s
+        when FalseClass
+          switch_present = false
+        when TrueClass
+        when String
+          switch_argument = escape_string_parameter_value(switch_value)
+        else
+          raise ArgumentError, "Invalid argument type `#{switch_value.class}` specified for PowerShell switch `:#{switch_name}`. Arguments to PowerShell must be of type `String`, `Numeric`, `Float`, `FalseClass`, or `TrueClass`"
+        end
+
+        switch_present ? ["-#{switch_name.to_s.downcase}", switch_argument].join(" ").strip : ""
+      end
+
+      command_switches.join(" ")
+    end
+
     # From PowerShell error help for the Configuration language element:
     #   Standard names may only contain letters (a-z, A-Z), numbers (0-9), and underscore (_).
     #   The name may not be null or empty, and should start with a letter.

data/lib/chef/util/dsc/lcm_output_parser.rb

@@ -75,15 +75,15 @@ class Chef
           #
 
           def self.parse(lcm_output, test_dsc_configuration)
+            lcm_output = String(lcm_output).split("\n")
             test_dsc_configuration ? test_dsc_parser(lcm_output) : what_if_parser(lcm_output)
           end
 
           def self.test_dsc_parser(lcm_output)
-            lcm_output ||= ""
             current_resource = {}
 
             resources = []
-            lcm_output.lines.each do |line|
+            lcm_output.each do |line|
               op_action , op_value = line.strip.split(":")
               op_action&.strip!
               case op_action
@@ -107,11 +107,10 @@ class Chef
           end
 
           def self.what_if_parser(lcm_output)
-            lcm_output ||= ""
             current_resource = {}
 
             resources = []
-            lcm_output.lines.each do |line|
+            lcm_output.each do |line|
               op_action, op_type, info = parse_line(line)
 
               case op_action