chef 17.0.242-universal-mingw32 → 17.4.25-universal-mingw32

data/lib/chef/resource/homebrew_cask.rb

@@ -34,7 +34,7 @@ class Chef
 
       property :cask_name, String,
         description: "An optional property to set the cask name if it differs from the resource block's name.",
-        regex: %r{^[\w/-]+$},
+        regex: %r{^[\w/\-@]+$},
         validation_message: "The provided Homebrew cask name is not valid. Cask names can contain alphanumeric characters, _, -, or / only!",
         name_property: true
 
@@ -51,10 +51,16 @@ class Chef
 
       property :owner, [String, Integer],
         description: "The owner of the Homebrew installation.",
-        default: lazy { find_homebrew_username }
-
-      action :install, description: "Install an application packaged as a Homebrew cask" do
-        homebrew_tap "homebrew/cask" if new_resource.install_cask
+        default: lazy { find_homebrew_username },
+        default_description: "Calculated default username"\
+
+      action :install, description: "Install an application that is packaged as a Homebrew cask." do
+        if new_resource.install_cask
+          homebrew_tap "homebrew/cask" do
+            homebrew_path new_resource.homebrew_path
+            owner new_resource.owner
+          end
+        end
 
         unless casked?
           converge_by("install cask #{new_resource.cask_name} #{new_resource.options}") do
@@ -66,8 +72,13 @@ class Chef
         end
       end
 
-      action :remove, description: "Remove an application packaged as a Homebrew cask" do
-        homebrew_tap "homebrew/cask" if new_resource.install_cask
+      action :remove, description: "Remove an application that is packaged as a Homebrew cask." do
+        if new_resource.install_cask
+          homebrew_tap "homebrew/cask" do
+            homebrew_path new_resource.homebrew_path
+            owner new_resource.owner
+          end
+        end
 
         if casked?
           converge_by("uninstall cask #{new_resource.cask_name}") do

data/lib/chef/resource/homebrew_package.rb

@@ -62,7 +62,7 @@ class Chef
       DOC
 
       property :homebrew_user, [ String, Integer ],
-        description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command."
+        description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command.\n\n#{ChefUtils::Dist::Infra::PRODUCT}, by default, will attempt to execute a Homebrew command as the owner of the `/usr/local/bin/brew` executable. If that executable does not exist, #{ChefUtils::Dist::Infra::PRODUCT} will attempt to find the user by executing `which brew`. If that executable cannot be found, #{ChefUtils::Dist::Infra::PRODUCT} will print an error message: `Could not find the 'brew' executable in /usr/local/bin or anywhere on the path.`.\n\nSet this property to specify the Homebrew owner for situations where Chef Infra Client cannot automatically detect the correct owner.'"
 
     end
   end

data/lib/chef/resource/homebrew_tap.rb

@@ -51,9 +51,10 @@ class Chef
 
       property :owner, String,
         description: "The owner of the Homebrew installation.",
-        default: lazy { find_homebrew_username }
+        default: lazy { find_homebrew_username },
+        default_description: "Calculated default username"
 
-      action :tap, description: "Add a Homebrew tap" do
+      action :tap, description: "Add a Homebrew tap." do
         unless tapped?(new_resource.tap_name)
           converge_by("tap #{new_resource.tap_name}") do
             shell_out!("#{new_resource.homebrew_path} tap #{new_resource.full ? "--full" : ""} #{new_resource.tap_name} #{new_resource.url || ""}",
@@ -64,7 +65,7 @@ class Chef
         end
       end
 
-      action :untap, description: "Remove a Homebrew tap" do
+      action :untap, description: "Remove a Homebrew tap." do
         if tapped?(new_resource.tap_name)
           converge_by("untap #{new_resource.tap_name}") do
             shell_out!("#{new_resource.homebrew_path} untap #{new_resource.tap_name}",

data/lib/chef/resource/homebrew_update.rb

@@ -88,7 +88,7 @@ class Chef
         end
       end
 
-      action :periodic do
+      action :periodic, description: "Run a periodic update based on the frequency property." do
         return unless macos?
 
         unless brew_up_to_date?
@@ -98,7 +98,7 @@ class Chef
         end
       end
 
-      action :update do
+      action :update, description: "Run an immediate update." do
         return unless macos?
 
         converge_by "force update new lists of packages" do

data/lib/chef/resource/hostname.rb

@@ -44,6 +44,24 @@ class Chef
           ipaddress '198.51.100.2'
         end
         ```
+
+        **Change the hostname of a Windows, Non-Domain joined node**:
+
+        ```ruby
+        hostname 'renaming a workgroup computer' do
+          hostname 'Foo'
+        end
+        ```
+
+        **Change the hostname of a Windows, Domain-joined node (new in 17.2)**:
+
+        ```ruby
+        hostname 'renaming a domain-joined computer' do
+          hostname 'Foo'
+          domain_user "Domain\\Someone"
+          domain_password 'SomePassword'
+        end
+        ```
       DOC
 
       property :hostname, String,
@@ -71,6 +89,15 @@ class Chef
         description: "Determines whether or not Windows should be reboot after changing the hostname, as this is required for the change to take effect.",
         default: true
 
+      property :domain_user, String,
+        description: "A domain account specified in the form of DOMAIN\\user used when renaming a domain-joined device",
+        introduced: "17.2"
+
+      property :domain_password, String,
+        description: "The password to accompany the domain_user parameter",
+        sensitive: true,
+        introduced: "17.2"
+
       action_class do
         def append_replacing_matching_lines(path, regex, string)
           text = IO.read(path).split("\n")
@@ -103,7 +130,11 @@ class Chef
         end
       end
 
-      action :set, description: "Sets the node's hostname" do
+      def is_domain_joined?
+        powershell_exec!("(Get-CIMInstance -Class Win32_ComputerSystem).PartofDomain").result
+      end
+
+      action :set, description: "Sets the node's hostname." do
         if !windows?
           ohai "reload hostname" do
             plugin "hostname"
@@ -243,13 +274,24 @@ class Chef
           end
 
           unless Socket.gethostbyname(Socket.gethostname).first == new_resource.hostname
-            converge_by "set hostname to #{new_resource.hostname}" do
-              powershell_exec! <<~EOH
-                $sysInfo = Get-WmiObject -Class Win32_ComputerSystem
-                $sysInfo.Rename("#{new_resource.hostname}")
-              EOH
+            if is_domain_joined?
+              if new_resource.domain_user.nil? || new_resource.domain_password.nil?
+                raise "The `domain_user` and `domain_password` properties are required to change the hostname of a domain-connected Windows system."
+              else
+                converge_by "set hostname to #{new_resource.hostname}" do
+                  powershell_exec! <<~EOH
+                    $user = #{new_resource.domain_user}
+                    $secure_password = #{new_resource.domain_password} | Convertto-SecureString -AsPlainText -Force
+                    $Credentials = New-Object System.Management.Automation.PSCredential -Argumentlist ($user, $secure_password)
+                    Rename-Computer -NewName #{new_resource.hostname} -DomainCredential $Credentials
+                  EOH
+                end
+              end
+            else
+              converge_by "set hostname to #{new_resource.hostname}" do
+                powershell_exec!("Rename-Computer -NewName #{new_resource.hostname}")
+              end
             end
-
             # reboot because $windows
             reboot "setting hostname" do
               reason "#{ChefUtils::Dist::Infra::PRODUCT} updated system hostname"

data/lib/chef/resource/inspec_waiver_file_entry.rb

@@ -0,0 +1,156 @@
+#
+# Author:: Davin Taddeo (<davin@chef.io>)
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+autoload :YAML, "yaml"
+require "date"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
+
+class Chef
+  class Resource
+    class InspecWaiverFileEntry < Chef::Resource
+      provides :inspec_waiver_file_entry
+      unified_mode true
+
+      description "Use the **inspec_waiver_file_entry** resource to add or remove entries from an InSpec waiver file. This can be used in conjunction with the Compliance Phase."
+      introduced "17.1"
+      examples <<~DOC
+      **Add an InSpec waiver entry to a given waiver file**:
+
+      ```ruby
+        inspec_waiver_file_entry 'Add waiver entry for control' do
+          file_path 'C:\\chef\\inspec_waiver_file.yml'
+          control 'my_inspec_control_01'
+          run_test false
+          justification "The subject of this control is not managed by #{ChefUtils::Dist::Infra::PRODUCT} on the systems in policy group \#{node['policy_group']}"
+          expiration '2022-01-01'
+          action :add
+        end
+      ```
+
+      **Add an InSpec waiver entry to a given waiver file using the 'name' property to identify the control**:
+
+      ```ruby
+        inspec_waiver_file_entry 'my_inspec_control_01' do
+          justification "The subject of this control is not managed by #{ChefUtils::Dist::Infra::PRODUCT} on the systems in policy group \#{node['policy_group']}"
+          action :add
+        end
+      ```
+
+      **Remove an InSpec waiver entry to a given waiver file**:
+
+      ```ruby
+        inspec_waiver_file_entry "my_inspec_control_01" do
+          action :remove
+        end
+      ```
+      DOC
+
+      property :control, String,
+        name_property: true,
+        description: "The name of the control being added or removed to the waiver file"
+
+      property :file_path, String,
+        required: true,
+        description: "The path to the waiver file being modified",
+        default: "#{ChefConfig::Config.etc_chef_dir}/inspec_waivers.yml",
+        default_description: "`/etc/chef/inspec_waivers.yml` on Linux/Unix and `C:\\chef\\inspec_waivers.yml` on Windows"
+
+      property :expiration, String,
+        description: "The expiration date of the given waiver - provided in YYYY-MM-DD format",
+        callbacks: {
+          "Expiration date should be a valid calendar date and match the following format: YYYY-MM-DD" => proc { |e|
+            re = Regexp.new('\d{4}-\d{2}-\d{2}$').freeze
+            if re.match?(e)
+              Date.valid_date?(*e.split("-").map(&:to_i))
+            else
+              e.nil?
+            end
+          },
+        }
+
+      property :run_test, [true, false],
+        description: "If present and `true`, the control will run and be reported, but failures in it won’t make the overall run fail. If absent or `false`, the control will not be run."
+
+      property :justification, String,
+        description: "Can be any text you want and might include a reason for the waiver as well as who signed off on the waiver."
+
+      property :backup, [false, Integer],
+        description: "The number of backups to be kept in `/var/chef/backup` (for UNIX- and Linux-based platforms) or `C:/chef/backup` (for the Microsoft Windows platform). Set to `false` to prevent backups from being kept.",
+        default: false
+
+      action :add do
+        if new_resource.justification.nil? || new_resource.justification == ""
+          raise Chef::Exceptions::ValidationFailed, "Entries in the InSpec waiver file must have a justification given, this parameter must have a value."
+        end
+
+        filename = new_resource.file_path
+        waiver_hash = load_waiver_file_to_hash(filename)
+        control_hash = {}
+        control_hash["expiration_date"] = new_resource.expiration.to_s unless new_resource.expiration.nil?
+        control_hash["run"] = new_resource.run_test unless new_resource.run_test.nil?
+        control_hash["justification"] = new_resource.justification.to_s
+
+        unless waiver_hash[new_resource.control] == control_hash
+          waiver_hash[new_resource.control] = control_hash
+          waiver_hash = waiver_hash.sort.to_h
+
+          file "Update Waiver File #{new_resource.file_path} to update waiver for control #{new_resource.control}" do
+            path new_resource.file_path
+            content ::YAML.dump(waiver_hash)
+            backup new_resource.backup
+            action :create
+          end
+        end
+      end
+
+      action :remove do
+        filename = new_resource.file_path
+        waiver_hash = load_waiver_file_to_hash(filename)
+        if waiver_hash.key?(new_resource.control)
+          waiver_hash.delete(new_resource.control)
+          waiver_hash = waiver_hash.sort.to_h
+          file "Update Waiver File #{new_resource.file_path} to remove waiver for control #{new_resource.control}" do
+            path new_resource.file_path
+            content ::YAML.dump(waiver_hash)
+            backup new_resource.backup
+            action :create
+          end
+        end
+      end
+
+      action_class do
+        def load_waiver_file_to_hash(file_name)
+          if file_name =~ %r{(/|C:\\).*(.yaml|.yml)}i
+            if ::File.exist?(file_name)
+              hash = ::YAML.load_file(file_name)
+              if hash == false || hash.nil? || hash == ""
+                {}
+              else
+                ::YAML.load_file(file_name)
+              end
+            else
+              {}
+            end
+          else
+            raise "Waiver files needs to be a YAML file which should have a .yaml or .yml extension -\"#{file_name}\" does not have an appropriate extension"
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/kernel_module.rb

@@ -93,7 +93,7 @@ class Chef
         description: "The modprobe.d directory.",
         default: "/etc/modprobe.d"
 
-      action :install, description: "Load kernel module, and ensure it loads on reboot" do
+      action :install, description: "Load kernel module, and ensure it loads on reboot." do
         with_run_context :root do
           find_resource(:execute, "update initramfs") do
             command initramfs_command
@@ -121,7 +121,7 @@ class Chef
         end
       end
 
-      action :uninstall, description: "Unload a kernel module and remove module config, so it doesn't load on reboot" do
+      action :uninstall, description: "Unload a kernel module and remove module config, so it doesn't load on reboot." do
         with_run_context :root do
           find_resource(:execute, "update initramfs") do
             command initramfs_command
@@ -146,7 +146,7 @@ class Chef
         action_unload
       end
 
-      action :blacklist, description: "Blacklist a kernel module" do
+      action :blacklist, description: "Blacklist a kernel module." do
         with_run_context :root do
           find_resource(:execute, "update initramfs") do
             command initramfs_command
@@ -162,7 +162,7 @@ class Chef
         action_unload
       end
 
-      action :disable, description: "Disable a kernel module" do
+      action :disable, description: "Disable a kernel module. **New in Chef Infra Client 15.2.**" do
         with_run_context :root do
           find_resource(:execute, "update initramfs") do
             command initramfs_command
@@ -178,7 +178,7 @@ class Chef
         action_unload
       end
 
-      action :load, description: "Load a kernel module" do
+      action :load, description: "Load a kernel module." do
         unless module_loaded?
           converge_by("load kernel module #{new_resource.modname}") do
             shell_out!("modprobe #{new_resource.modname}")
@@ -186,7 +186,7 @@ class Chef
         end
       end
 
-      action :unload, description: "Unload kernel module" do
+      action :unload, description: "Unload kernel module." do
         if module_loaded?
           converge_by("unload kernel module #{new_resource.modname}") do
             shell_out!("modprobe -r #{new_resource.modname}")

data/lib/chef/resource/launchd.rb

@@ -36,7 +36,7 @@ class Chef
 
       property :backup, [Integer, FalseClass],
         desired_state: false,
-        description: "The number of backups to be kept in /var/chef/backup. Set to false to prevent backups from being kept."
+        description: "The number of backups to be kept in `/var/chef/backup`. Set to `false` to prevent backups from being kept."
 
       property :cookbook, String,
         desired_state: false,
@@ -197,10 +197,10 @@ class Chef
         description: "The intended purpose of the job: `Adaptive`, `Background`, `Interactive`, or `Standard`."
 
       property :program, String,
-        description: "The first argument of execvp, typically the file name associated with the file to be executed. This value must be specified if program_arguments is not specified, and vice-versa."
+        description: "The first argument of `execvp`, typically the file name associated with the file to be executed. This value must be specified if `program_arguments` is not specified, and vice-versa."
 
       property :program_arguments, Array,
-        description: "The second argument of execvp. If program is not specified, this property must be specified and will be handled as if it were the first argument."
+        description: "The second argument of `execvp`. If program is not specified, this property must be specified and will be handled as if it were the first argument."
 
       property :queue_directories, Array,
         description: "An array of non-empty directories which, if any are modified, will cause a job to be started."

data/lib/chef/resource/locale.rb

@@ -97,7 +97,7 @@ class Chef
         powershell_exec("Get-WinSystemLocale").result["Name"]
       end
 
-      action :update, description: "Update the system's locale" do
+      action :update, description: "Update the system's locale." do
         converge_if_changed do
           set_system_locale
         end

data/lib/chef/resource/lwrp_base.rb

@@ -26,6 +26,7 @@ require_relative "../exceptions"
 require_relative "../mixin/convert_to_class_name"
 require_relative "../mixin/from_file"
 require_relative "../mixin/params_validate" # for DelayedEvaluator
+require_relative "../version"
 
 class Chef
   class Resource
@@ -36,7 +37,7 @@ class Chef
     class LWRPBase < Resource
 
       # Class methods
-      class <<self
+      class << self
 
         include Chef::Mixin::ConvertToClassName
         include Chef::Mixin::FromFile
@@ -53,8 +54,8 @@ class Chef
           resource_class.run_context = run_context
           resource_class.class_from_file(filename)
 
-          unless resource_class.unified_mode
-            Chef.deprecated :unified_mode, "The #{resource_name} resource in the #{cookbook_name} cookbook should declare `unified_mode true`"
+          if !resource_class.unified_mode && !deprecated_class(resource_class)
+            Chef.deprecated :unified_mode, "The #{resource_class.resource_name} resource in the #{cookbook_name} cookbook should declare `unified_mode true`", filename
           end
 
           # Make a useful string for the class (rather than <Class:312894723894>)
@@ -121,6 +122,20 @@ class Chef
 
           superclass.respond_to?(m) ? superclass.send(m) : default
         end
+
+        # Return true if the resource has been deprecated on this version.
+        #
+        # XXX: for now we only look at chef_version_for_provides, reversing the
+        # resource node_map to determine if the resource provides anything which is
+        # wired up is difficult.
+        #
+        def deprecated_class(resource_class)
+          if resource_class.chef_version_for_provides && Chef::VERSION !~ resource_class.chef_version_for_provides
+            return true
+          end
+
+          false
+        end
       end
     end
   end