RubyGems - chef - Versions diffs - 17.0.242-universal-mingw32 → 17.4.25-universal-mingw32 - Mend

chef 17.0.242-universal-mingw32 → 17.4.25-universal-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (254) hide show

checksums.yaml +4 -4
data/Gemfile +4 -14
data/Rakefile +2 -2
data/chef.gemspec +10 -20
data/lib/chef/action_collection.rb +6 -26
data/lib/chef/application/base.rb +15 -0
data/lib/chef/application.rb +4 -2
data/lib/chef/chef_fs/file_pattern.rb +2 -2
data/lib/chef/client.rb +7 -1
data/lib/chef/compliance/default_attributes.rb +5 -3
data/lib/chef/compliance/reporter/automate.rb +1 -1
data/lib/chef/compliance/runner.rb +17 -3
data/lib/chef/cookbook/cookbook_version_loader.rb +3 -3
data/lib/chef/cookbook/gem_installer.rb +5 -1
data/lib/chef/cookbook_version.rb +26 -4
data/lib/chef/data_collector/run_end_message.rb +1 -1
data/lib/chef/data_collector.rb +0 -1
data/lib/chef/deprecated.rb +14 -4
data/lib/chef/dsl/declare_resource.rb +5 -10
data/lib/chef/dsl/render_helpers.rb +44 -0
data/lib/chef/dsl/secret.rb +64 -0
data/lib/chef/dsl/toml.rb +116 -0
data/lib/chef/dsl/universal.rb +5 -0
data/lib/chef/dsl.rb +1 -0
data/lib/chef/event_dispatch/base.rb +2 -1
data/lib/chef/exceptions.rb +23 -0
data/lib/chef/formatters/doc.rb +2 -1
data/lib/chef/formatters/error_mapper.rb +2 -2
data/lib/chef/handler/slow_report.rb +66 -0
data/lib/chef/handler.rb +46 -8
data/lib/chef/json_compat.rb +1 -1
data/lib/chef/node.rb +21 -20
data/lib/chef/policy_builder/policyfile.rb +88 -45
data/lib/chef/provider/directory.rb +6 -6
data/lib/chef/provider/execute.rb +1 -1
data/lib/chef/provider/file.rb +2 -2
data/lib/chef/provider/group/dscl.rb +1 -1
data/lib/chef/provider/launchd.rb +6 -6
data/lib/chef/provider/link.rb +1 -1
data/lib/chef/provider/lwrp_base.rb +1 -1
data/lib/chef/provider/package/dnf/dnf_helper.py +11 -10
data/lib/chef/provider/package/dnf/python_helper.rb +9 -8
data/lib/chef/provider/package/habitat.rb +168 -0
data/lib/chef/provider/package/powershell.rb +5 -0
data/lib/chef/provider/package/yum/python_helper.rb +15 -10
data/lib/chef/provider/package/yum/yum_helper.py +46 -62
data/lib/chef/provider/package/yum.rb +1 -4
data/lib/chef/provider/registry_key.rb +1 -1
data/lib/chef/provider/service/systemd.rb +1 -1
data/lib/chef/provider/subversion.rb +4 -4
data/lib/chef/provider/support/yum_repo.erb +1 -1
data/lib/chef/provider/support/zypper_repo.erb +4 -2
data/lib/chef/provider/systemd_unit.rb +18 -17
data/lib/chef/provider/template/content.rb +1 -1
data/lib/chef/provider/user/mac.rb +3 -3
data/lib/chef/provider/windows_script.rb +1 -1
data/lib/chef/provider/yum_repository.rb +27 -43
data/lib/chef/provider/zypper_repository.rb +30 -34
data/lib/chef/provider.rb +26 -1
data/lib/chef/provider_resolver.rb +8 -2
data/lib/chef/providers.rb +1 -0
data/lib/chef/resource/alternatives.rb +5 -5
data/lib/chef/resource/apt_preference.rb +2 -2
data/lib/chef/resource/apt_repository.rb +2 -2
data/lib/chef/resource/apt_update.rb +4 -4
data/lib/chef/resource/build_essential.rb +1 -1
data/lib/chef/resource/chef_client_config.rb +10 -5
data/lib/chef/resource/chef_client_cron.rb +3 -3
data/lib/chef/resource/chef_client_launchd.rb +3 -3
data/lib/chef/resource/chef_client_scheduled_task.rb +15 -15
data/lib/chef/resource/chef_client_systemd_timer.rb +3 -3
data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
data/lib/chef/resource/chef_handler.rb +2 -2
data/lib/chef/resource/chef_sleep.rb +1 -1
data/lib/chef/resource/chef_vault_secret.rb +2 -2
data/lib/chef/resource/chocolatey_feature.rb +2 -2
data/lib/chef/resource/chocolatey_source.rb +1 -1
data/lib/chef/resource/cron/cron_d.rb +4 -6
data/lib/chef/resource/cron_access.rb +1 -1
data/lib/chef/resource/dmg_package.rb +1 -1
data/lib/chef/resource/dsc_resource.rb +1 -1
data/lib/chef/resource/execute.rb +5 -5
data/lib/chef/resource/gem_package.rb +2 -1
data/lib/chef/resource/group.rb +4 -4
data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
data/lib/chef/resource/habitat/habitat_package.rb +129 -0
data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
data/lib/chef/resource/habitat_config.rb +107 -0
data/lib/chef/resource/habitat_install.rb +247 -0
data/lib/chef/resource/habitat_service.rb +451 -0
data/lib/chef/resource/habitat_user_toml.rb +92 -0
data/lib/chef/resource/homebrew_cask.rb +18 -7
data/lib/chef/resource/homebrew_package.rb +1 -1
data/lib/chef/resource/homebrew_tap.rb +4 -3
data/lib/chef/resource/homebrew_update.rb +2 -2
data/lib/chef/resource/hostname.rb +49 -7
data/lib/chef/resource/inspec_waiver_file_entry.rb +156 -0
data/lib/chef/resource/kernel_module.rb +6 -6
data/lib/chef/resource/launchd.rb +3 -3
data/lib/chef/resource/locale.rb +1 -1
data/lib/chef/resource/lwrp_base.rb +18 -3
data/lib/chef/resource/macos_userdefaults.rb +2 -2
data/lib/chef/resource/ohai_hint.rb +2 -6
data/lib/chef/resource/openbsd_package.rb +17 -0
data/lib/chef/resource/openssl_dhparam.rb +1 -2
data/lib/chef/resource/openssl_ec_private_key.rb +1 -3
data/lib/chef/resource/openssl_ec_public_key.rb +1 -3
data/lib/chef/resource/openssl_rsa_private_key.rb +1 -3
data/lib/chef/resource/openssl_rsa_public_key.rb +1 -3
data/lib/chef/resource/openssl_x509_certificate.rb +1 -4
data/lib/chef/resource/openssl_x509_crl.rb +1 -3
data/lib/chef/resource/openssl_x509_request.rb +1 -3
data/lib/chef/resource/osx_profile.rb +3 -3
data/lib/chef/resource/plist.rb +1 -1
data/lib/chef/resource/powershell_package_source.rb +2 -4
data/lib/chef/resource/reboot.rb +38 -9
data/lib/chef/resource/remote_directory.rb +2 -2
data/lib/chef/resource/remote_file.rb +3 -3
data/lib/chef/resource/rhsm_errata.rb +0 -2
data/lib/chef/resource/rhsm_errata_level.rb +1 -5
data/lib/chef/resource/rhsm_repo.rb +15 -0
data/lib/chef/resource/rhsm_subscription.rb +5 -5
data/lib/chef/resource/ruby_block.rb +100 -0
data/lib/chef/resource/scm/subversion.rb +1 -1
data/lib/chef/resource/ssh_known_hosts_entry.rb +4 -7
data/lib/chef/resource/sudo.rb +2 -6
data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
data/lib/chef/resource/support/client.erb +8 -1
data/lib/chef/resource/support/sup.toml.erb +179 -0
data/lib/chef/resource/swap_file.rb +2 -6
data/lib/chef/resource/sysctl.rb +2 -2
data/lib/chef/resource/systemd_unit.rb +3 -3
data/lib/chef/resource/timezone.rb +1 -1
data/lib/chef/resource/user_ulimit.rb +2 -2
data/lib/chef/resource/windows_ad_join.rb +2 -2
data/lib/chef/resource/windows_audit_policy.rb +2 -2
data/lib/chef/resource/windows_auto_run.rb +2 -2
data/lib/chef/resource/windows_certificate.rb +1 -1
data/lib/chef/resource/windows_defender.rb +163 -0
data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
data/lib/chef/resource/windows_dfs_folder.rb +2 -2
data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
data/lib/chef/resource/windows_dns_record.rb +2 -2
data/lib/chef/resource/windows_dns_zone.rb +2 -2
data/lib/chef/resource/windows_env.rb +1 -1
data/lib/chef/resource/windows_feature.rb +3 -3
data/lib/chef/resource/windows_feature_dism.rb +3 -5
data/lib/chef/resource/windows_feature_powershell.rb +3 -3
data/lib/chef/resource/windows_firewall_profile.rb +2 -2
data/lib/chef/resource/windows_firewall_rule.rb +20 -6
data/lib/chef/resource/windows_font.rb +2 -2
data/lib/chef/resource/windows_pagefile.rb +104 -65
data/lib/chef/resource/windows_path.rb +4 -4
data/lib/chef/resource/windows_printer.rb +80 -61
data/lib/chef/resource/windows_printer_port.rb +48 -65
data/lib/chef/resource/windows_security_policy.rb +7 -4
data/lib/chef/resource/windows_share.rb +2 -2
data/lib/chef/resource/windows_shortcut.rb +1 -1
data/lib/chef/resource/windows_task.rb +2 -2
data/lib/chef/resource/windows_uac.rb +3 -5
data/lib/chef/resource/windows_update_settings.rb +259 -0
data/lib/chef/resource/windows_user_privilege.rb +2 -2
data/lib/chef/resource/windows_workgroup.rb +2 -2
data/lib/chef/resource/yum_package.rb +11 -15
data/lib/chef/resource/zypper_package.rb +4 -4
data/lib/chef/resource/zypper_repository.rb +28 -8
data/lib/chef/resource.rb +20 -25
data/lib/chef/resource_builder.rb +8 -2
data/lib/chef/resource_inspector.rb +6 -2
data/lib/chef/resource_reporter.rb +0 -1
data/lib/chef/resources.rb +13 -1
data/lib/chef/run_lock.rb +1 -1
data/lib/chef/runner.rb +1 -1
data/lib/chef/secret_fetcher/aws_secrets_manager.rb +65 -0
data/lib/chef/secret_fetcher/azure_key_vault.rb +78 -0
data/lib/chef/secret_fetcher/base.rb +76 -0
data/lib/chef/secret_fetcher/example.rb +46 -0
data/lib/chef/secret_fetcher.rb +55 -0
data/lib/chef/shell/ext.rb +3 -3
data/lib/chef/version.rb +1 -1
data/lib/chef/win32/api.rb +9 -2
data/spec/data/knife-home/.chef/plugins/knife/example_home_subcommand.rb +0 -0
data/spec/data/knife-site-subcommands/plugins/knife/example_subcommand.rb +0 -0
data/spec/data/knife_subcommand/test_explicit_category.rb +7 -0
data/spec/data/knife_subcommand/test_name_mapping.rb +4 -0
data/spec/data/knife_subcommand/test_yourself.rb +21 -0
data/spec/functional/mixin/from_file_spec.rb +1 -1
data/spec/functional/resource/dnf_package_spec.rb +857 -537
data/spec/functional/resource/group_spec.rb +1 -1
data/spec/functional/resource/link_spec.rb +1 -1
data/spec/functional/resource/remote_file_spec.rb +1 -1
data/spec/functional/resource/windows_env_spec.rb +2 -2
data/spec/functional/resource/windows_hostname_spec.rb +91 -0
data/spec/functional/resource/windows_pagefile_spec.rb +98 -0
data/spec/functional/resource/yum_package_spec.rb +495 -428
data/spec/integration/client/client_spec.rb +0 -20
data/spec/integration/compliance/compliance_spec.rb +1 -0
data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
data/spec/integration/recipes/resource_action_spec.rb +6 -6
data/spec/integration/recipes/unified_mode_spec.rb +70 -0
data/spec/spec_helper.rb +3 -0
data/spec/support/chef_helpers.rb +1 -1
data/spec/support/shared/functional/execute_resource.rb +1 -1
data/spec/support/shared/functional/knife.rb +37 -0
data/spec/support/shared/integration/knife_support.rb +192 -0
data/spec/support/shared/unit/knife_shared.rb +39 -0
data/spec/support/shared/unit/provider/file.rb +3 -9
data/spec/unit/chef_fs/file_system/repository/directory_spec.rb +1 -1
data/spec/unit/compliance/runner_spec.rb +46 -2
data/spec/unit/cookbook_version_spec.rb +52 -0
data/spec/unit/data_collector_spec.rb +47 -1
data/spec/unit/dsl/render_helpers_spec.rb +102 -0
data/spec/unit/dsl/secret_spec.rb +71 -0
data/spec/unit/handler_spec.rb +8 -2
data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
data/spec/unit/provider/apt_update_spec.rb +3 -1
data/spec/unit/provider/link_spec.rb +1 -1
data/spec/unit/provider/mount/aix_spec.rb +1 -1
data/spec/unit/provider/package/dnf/python_helper_spec.rb +1 -0
data/spec/unit/provider/package/powershell_spec.rb +74 -12
data/spec/unit/provider/package/yum/python_helper_spec.rb +1 -0
data/spec/unit/provider/service/systemd_service_spec.rb +2 -2
data/spec/unit/provider/systemd_unit_spec.rb +2 -2
data/spec/unit/provider/zypper_repository_spec.rb +3 -10
data/spec/unit/provider_spec.rb +23 -0
data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
data/spec/unit/resource/inspec_waiver_file_entry_spec.rb +80 -0
data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
data/spec/unit/resource/systemd_unit_spec.rb +1 -1
data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
data/spec/unit/resource/windows_defender_spec.rb +71 -0
data/spec/unit/resource/windows_firewall_rule_spec.rb +12 -7
data/spec/unit/resource/windows_pagefile_spec.rb +4 -9
data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
data/spec/unit/resource/zypper_repository_spec.rb +1 -1
data/spec/unit/resource_spec.rb +19 -8
data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +70 -0
data/spec/unit/secret_fetcher_spec.rb +82 -0
data/tasks/rspec.rb +4 -9
metadata +65 -161
data/lib/chef/provider/package/yum/simplejson/LICENSE.txt +0 -79
data/lib/chef/provider/package/yum/simplejson/__init__.py +0 -318
data/lib/chef/provider/package/yum/simplejson/__init__.pyc +0 -0
data/lib/chef/provider/package/yum/simplejson/decoder.py +0 -354
data/lib/chef/provider/package/yum/simplejson/decoder.pyc +0 -0
data/lib/chef/provider/package/yum/simplejson/encoder.py +0 -440
data/lib/chef/provider/package/yum/simplejson/encoder.pyc +0 -0
data/lib/chef/provider/package/yum/simplejson/scanner.py +0 -65
data/lib/chef/provider/package/yum/simplejson/scanner.pyc +0 -0
data/lib/chef/provider/package/yum/simplejson/tool.py +0 -37

data/lib/chef/resource/windows_defender.rb ADDED Viewed

@@ -0,0 +1,163 @@
+#
+# Copyright:: Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../resource"
+class Chef
+  class Resource
+    class WindowsDefender < Chef::Resource
+      unified_mode true
+      provides :windows_defender
+      description "Use the **windows_defender** resource to enable or disable the Microsoft Windows Defender service."
+      introduced "17.3"
+      examples <<~DOC
+      **Configure Windows Defender AV settings**:
+      ```ruby
+      windows_defender 'Configure Defender' do
+        realtime_protection true
+        intrusion_protection_system true
+        lock_ui true
+        scan_archives true
+        scan_scripts true
+        scan_email true
+        scan_removable_drives true
+        scan_network_files false
+        scan_mapped_drives false
+        action :enable
+      end
+      ```
+      **Disable Windows Defender AV**:
+      ```ruby
+      windows_defender 'Disable Defender' do
+        action :disable
+      end
+      ```
+      DOC
+      # DisableIOAVProtection
+      property :realtime_protection, [true, false],
+        default: true,
+        description: "Enable realtime scanning of downloaded files and attachments."
+      # DisableIntrusionPreventionSystem
+      property :intrusion_protection_system, [true, false],
+        default: true,
+        description: "Enable network protection against exploitation of known vulnerabilities."
+      # UILockdown
+      property :lock_ui, [true, false],
+        description: "Lock the UI to prevent users from changing Windows Defender settings.",
+        default: false
+      # DisableArchiveScanning
+      property :scan_archives, [true, false],
+        default: true,
+        description: "Scan file archives such as .zip or .gz archives."
+      # DisableScriptScanning
+      property :scan_scripts, [true, false],
+        default: false,
+        description: "Scan scripts in malware scans."
+      # DisableEmailScanning
+      property :scan_email, [true, false],
+        default: false,
+        description: "Scan e-mails for malware."
+      # DisableRemovableDriveScanning
+      property :scan_removable_drives, [true, false],
+        default: false,
+        description: "Scan content of removable drives."
+      # DisableScanningNetworkFiles
+      property :scan_network_files, [true, false],
+        default: false,
+        description: "Scan files on a network."
+      # DisableScanningMappedNetworkDrivesForFullScan
+      property :scan_mapped_drives, [true, false],
+        default: true,
+        description: "Scan files on mapped network drives."
+      load_current_value do
+        values = powershell_exec!("Get-MPpreference").result
+        lock_ui values["UILockdown"]
+        realtime_protection !values["DisableIOAVProtection"]
+        intrusion_protection_system !values["DisableIntrusionPreventionSystem"]
+        scan_archives !values["DisableArchiveScanning"]
+        scan_scripts !values["DisableScriptScanning"]
+        scan_email !values["DisableEmailScanning"]
+        scan_removable_drives !values["DisableRemovableDriveScanning"]
+        scan_network_files !values["DisableScanningNetworkFiles"]
+        scan_mapped_drives !values["DisableScanningMappedNetworkDrivesForFullScan"]
+      end
+      action :enable, description: "Enable and configure Windows Defender." do
+        windows_service "Windows Defender" do
+          service_name "WinDefend"
+          action %i{start enable}
+          startup_type :automatic
+        end
+        converge_if_changed do
+          powershell_exec!(set_mppreference_cmd)
+        end
+      end
+      action :disable, description: "Disable Windows Defender." do
+        windows_service "Windows Defender" do
+          service_name "WinDefend"
+          action %i{disable stop}
+        end
+      end
+      action_class do
+        require "chef/mixin/powershell_type_coercions"
+        include Chef::Mixin::PowershellTypeCoercions
+        PROPERTY_TO_PS_MAP = {
+          realtime_protection: "DisableIOAVProtection",
+          intrusion_protection_system: "DisableIntrusionPreventionSystem",
+          scan_archives: "DisableArchiveScanning",
+          scan_scripts: "DisableScriptScanning",
+          scan_email: "DisableEmailScanning",
+          scan_removable_drives: "DisableRemovableDriveScanning",
+          scan_network_files: "DisableScanningNetworkFiles",
+          scan_mapped_drives: "DisableScanningMappedNetworkDrivesForFullScan",
+        }.freeze
+        def set_mppreference_cmd
+          cmd = "Set-MpPreference -Force"
+          cmd << " -UILockdown #{type_coercion(new_resource.lock_ui)}"
+          # the values are the opposite in Set-MpPreference and our properties so we have to iterate
+          # over the list and negate the provided values so it makes sense with the cmdlet flag's expected value
+          PROPERTY_TO_PS_MAP.each do |prop, flag|
+            next if new_resource.send(prop).nil? || current_resource.send(prop) == new_resource.send(prop)
+            cmd << " -#{flag} #{type_coercion(!new_resource.send(prop))}"
+          end
+          cmd
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/windows_defender_exclusion.rb ADDED Viewed

@@ -0,0 +1,125 @@
+#
+# Copyright:: Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../resource"
+class Chef
+  class Resource
+    class WindowsDefenderExclusion < Chef::Resource
+      provides :windows_defender_exclusion
+      description "Use the **windows_defender_exclusion** resource to exclude paths, processes, or file types from Windows Defender realtime protection scanning."
+      introduced "17.3"
+      examples <<~DOC
+      **Add excluded items to Windows Defender scans**:
+      ```ruby
+      windows_defender_exclusion 'Add to things to be excluded from scanning' do
+        paths 'c:\\foo\\bar, d:\\bar\\baz'
+        extensions 'png, foo, ppt, doc'
+        process_paths 'c:\\windows\\system32'
+        action :add
+      end
+      ```
+      **Remove excluded items from Windows Defender scans**:
+      ```ruby
+      windows_defender_exclusion 'Remove things from the list to be excluded' do
+        process_paths 'c:\\windows\\system32'
+        action :remove
+      end
+      ```
+      DOC
+      unified_mode true
+      property :paths, [String, Array], default: [],
+        coerce: proc { |x| to_consistent_path_array(x) },
+        description: "File or directory paths to exclude from scanning."
+      property :extensions, [String, Array], default: [],
+        coerce: proc { |x| to_consistent_path_array(x) },
+        description: "File extensions to exclude from scanning."
+      property :process_paths, [String, Array], default: [],
+        coerce: proc { |x| to_consistent_path_array(x) },
+        description: "Paths to executables to exclude from scanning."
+      def to_consistent_path_array(x)
+        fixed = x.dup || []
+        fixed = fixed.split(/\s*,\s*/) if fixed.is_a?(String)
+        fixed.map!(&:downcase)
+        fixed.map! { |v| v.gsub(%r{/}, "\\") }
+        fixed
+      end
+      load_current_value do |new_resource|
+        Chef::Log.debug("Running 'Get-MpPreference | Select-Object ExclusionExtension,ExclusionPath,ExclusionProcess' to get Windows Defender State")
+        values = powershell_exec!("Get-MPpreference | Select-Object ExclusionExtension,ExclusionPath,ExclusionProcess").result
+        values.transform_values! { |x| Array(x) }
+        paths new_resource.paths & values["ExclusionPath"]
+        extensions new_resource.extensions & values["ExclusionExtension"]
+        process_paths new_resource.process_paths & values["ExclusionProcess"]
+      end
+      action :add, description: "Add an exclusion to Windows Defender." do
+        converge_if_changed do
+          powershell_exec!(add_cmd)
+        end
+      end
+      action :remove, description: "Remove an exclusion to Windows Defender." do
+        converge_if_changed do
+          powershell_exec!(remove_cmd)
+        end
+      end
+      action_class do
+        MAPPING = {
+          paths: "ExclusionPath",
+          extensions: "ExclusionExtension",
+          process_paths: "ExclusionProcess",
+        }.freeze
+        def add_cmd
+          cmd = "Add-MpPreference -Force"
+          MAPPING.each do |prop, flag|
+            to_add = new_resource.send(prop) - current_resource.send(prop)
+            cmd << " -#{flag} #{to_add.join(",")}" unless to_add.empty?
+          end
+          cmd
+        end
+        def remove_cmd
+          cmd = "Remove-MpPreference -Force"
+          MAPPING.each do |prop, flag|
+            to_add = new_resource.send(prop) & current_resource.send(prop)
+            cmd << " -#{flag} #{to_add.join(",")}" unless to_add.empty?
+          end
+          cmd
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/windows_dfs_folder.rb CHANGED Viewed

@@ -42,7 +42,7 @@ class Chef
       property :description, String,
         description: "Description for the share."
-      action :create, description: "Creates the folder in dfs namespace" do
+      action :create, description: "Creates the folder in dfs namespace." do
         raise "target_path is required for install" unless property_is_set?(:target_path)
         raise "description is required for install" unless property_is_set?(:description)
@@ -60,7 +60,7 @@ class Chef
         end
       end
-      action :delete, description: "Deletes the folder in the dfs namespace" do
+      action :delete, description: "Deletes the folder in the dfs namespace." do
         powershell_script "Delete DFS Namespace" do
           code <<-EOH
             Remove-DfsnFolder -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}\\#{new_resource.folder_path}' -Force

data/lib/chef/resource/windows_dfs_namespace.rb CHANGED Viewed

@@ -52,7 +52,7 @@ class Chef
         description: "The root from which to create the DFS tree. Defaults to C:\\DFSRoots.",
         default: 'C:\\DFSRoots'
-      action :create, description: "Creates the dfs namespace on the server" do
+      action :create, description: "Creates the dfs namespace on the server." do
         directory file_path do
           action :create
           recursive true
@@ -82,7 +82,7 @@ class Chef
         end
       end
-      action :delete, description: "Deletes a DFS Namespace including the directory on disk" do
+      action :delete, description: "Deletes a DFS Namespace including the directory on disk." do
         powershell_script "Delete DFS Namespace" do
           code <<-EOH
             Remove-DfsnRoot -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}' -Force

data/lib/chef/resource/windows_dns_record.rb CHANGED Viewed

@@ -49,7 +49,7 @@ class Chef
         default: "localhost",
         introduced: "16.3"
-      action :create, description: "Creates and updates the DNS entry" do
+      action :create, description: "Creates and updates the DNS entry." do
         windows_feature "RSAT-DNS-Server" do
           not_if new_resource.dns_server.casecmp?("localhost")
         end
@@ -59,7 +59,7 @@ class Chef
         run_dsc_resource "Present"
       end
-      action :delete, description: "Deletes a DNS entry" do
+      action :delete, description: "Deletes a DNS entry." do
         windows_feature "RSAT-DNS-Server" do
           not_if new_resource.dns_server.casecmp?("localhost")
         end

data/lib/chef/resource/windows_dns_zone.rb CHANGED Viewed

@@ -40,13 +40,13 @@ class Chef
         description: "The type of DNS server, Domain or Standalone.",
         default: "Domain", equal_to: %w{Domain Standalone}
-      action :create, description: "Creates and updates a DNS Zone" do
+      action :create, description: "Creates and updates a DNS Zone." do
         powershell_package "xDnsServer"
         run_dsc_resource "Present"
       end
-      action :delete, description: "Deletes a DNS Zone" do
+      action :delete, description: "Deletes a DNS Zone." do
         powershell_package "xDnsServer"
         run_dsc_resource "Absent"

data/lib/chef/resource/windows_env.rb CHANGED Viewed

@@ -186,7 +186,7 @@ class Chef
           if environment_variables && environment_variables.length > 0
             environment_variables.each do |env|
               @env_obj = env.wmi_ole_object
-              return @env_obj if @env_obj.username.split('\\').last.casecmp(new_resource.user) == 0
+              return @env_obj if @env_obj.username.split("\\").last.casecmp(new_resource.user) == 0
             end
           end
           @env_obj = nil

data/lib/chef/resource/windows_feature.rb CHANGED Viewed

@@ -108,15 +108,15 @@ class Chef
         default: 600,
         desired_state: false
-      action :install, description: "Install a Windows role / feature" do
+      action :install, description: "Install a Windows role or feature." do
         run_default_subresource :install
       end
-      action :remove, description: "Remove a Windows role / feature" do
+      action :remove, description: "Remove a Windows role or feature." do
         run_default_subresource :remove
       end
-      action :delete, description: "Remove a Windows role/feature from the image" do
+      action :delete, description: "Remove a Windows role or feature from the image." do
         run_default_subresource :delete
       end

data/lib/chef/resource/windows_feature_dism.rb CHANGED Viewed

@@ -65,9 +65,7 @@ class Chef
         x.map(&:downcase)
       end
-      action :install do
-        description "Install a Windows role/feature using DISM"
+      action :install, description: "Install a Windows role/feature using DISM." do
         reload_cached_dism_data unless node["dism_features_cache"]
         fail_if_unavailable # fail if the features don't exist
@@ -91,7 +89,7 @@ class Chef
         end
       end
-      action :remove, description: "Remove a Windows role / feature using DISM" do
+      action :remove, description: "Remove a Windows role or feature using DISM." do
         reload_cached_dism_data unless node["dism_features_cache"]
         logger.trace("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
@@ -106,7 +104,7 @@ class Chef
         end
       end
-      action :delete, description: "Remove a Windows role / feature from the image using DISM" do
+      action :delete, description: "Remove a Windows role or feature from the image using DISM." do
         reload_cached_dism_data unless node["dism_features_cache"]
         fail_if_unavailable # fail if the features don't exist

data/lib/chef/resource/windows_feature_powershell.rb CHANGED Viewed

@@ -87,7 +87,7 @@ class Chef
         x.map(&:downcase)
       end
-      action :install, description: "Install a Windows role / feature using PowerShell" do
+      action :install, description: "Install a Windows role or feature using PowerShell." do
         reload_cached_powershell_data unless node["powershell_features_cache"]
         fail_if_unavailable # fail if the features don't exist
         fail_if_removed # fail if the features are in removed state
@@ -108,7 +108,7 @@ class Chef
         end
       end
-      action :remove, description: "Remove a Windows role / feature using PowerShell" do
+      action :remove, description: "Remove a Windows role or feature using PowerShell." do
         reload_cached_powershell_data unless node["powershell_features_cache"]
         Chef::Log.debug("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
@@ -123,7 +123,7 @@ class Chef
         end
       end
-      action :delete, description: "Delete a Windows role / feature from the image using PowerShell" do
+      action :delete, description: "Delete a Windows role or feature from the image using PowerShell." do
         reload_cached_powershell_data unless node["powershell_features_cache"]
         fail_if_unavailable # fail if the features don't exist