chef 17.0.242-universal-mingw32 → 17.4.25-universal-mingw32

data/lib/chef/resource/windows_printer_port.rb

@@ -1,6 +1,7 @@
 #
 # Author:: Doug Ireton <doug@1strategy.com>
 # Copyright:: 2012-2018, Nordstrom, Inc.
+# Copyright:: Chef Software, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -68,14 +69,17 @@ class Chef
         }
 
       property :port_name, String,
-        description: "The port name."
+        description: "The port name.",
+        default: lazy { |x| "IP_#{x.ipv4_address}" },
+        default_description: "The resource block name or the ipv4_address prepended with IP_."
 
       property :port_number, Integer,
-        description: "The port number.",
+        description: "The TCP port number.",
         default: 9100
 
       property :port_description, String,
-        description: "The description of the port."
+        desired_state: false,
+        deprecated: true
 
       property :snmp_enabled, [TrueClass, FalseClass],
         description: "Determines if SNMP is enabled on the port.",
@@ -86,79 +90,58 @@ class Chef
         validation_message: "port_protocol must be either 1 for RAW or 2 for LPR!",
         default: 1, equal_to: [1, 2]
 
-      PORTS_REG_KEY = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\\'.freeze unless defined?(PORTS_REG_KEY)
-
-      # @todo Set @current_resource port properties from registry
       load_current_value do |new_resource|
-        name new_resource.name
-        ipv4_address new_resource.ipv4_address
-        port_name new_resource.port_name || "IP_#{new_resource.ipv4_address}"
-      end
-
-      action :create, description: "Create the printer port, if one doesn't already exist" do
-        description "Create the new printer port if it does not already exist."
-
-        if port_exists?
-          Chef::Log.info "#{@new_resource} already exists - nothing to do."
-        else
-          converge_by("Create #{@new_resource}") do
-            create_printer_port
-          end
-        end
-      end
+        port_data = powershell_exec(%Q{Get-WmiObject -Class Win32_TCPIPPrinterPort -Filter "Name='#{new_resource.port_name}'"}).result
 
-      action :delete, description: "Delete an existing printer port" do
-        description "Delete an existing printer port."
-
-        if port_exists?
-          converge_by("Delete #{@new_resource}") do
-            delete_printer_port
-          end
+        if port_data.empty?
+          current_value_does_not_exist!
         else
-          Chef::Log.info "#{@current_resource} doesn't exist - can't delete."
+          ipv4_address port_data["HostAddress"]
+          port_name port_data["Name"]
+          snmp_enabled port_data["SNMPEnabled"]
+          port_protocol port_data["Protocol"]
+          port_number port_data["PortNumber"]
         end
       end
 
-      action_class do
-        private
-
-        def port_exists?
-          name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
-          port_reg_key = PORTS_REG_KEY + name
-
-          logger.trace "Checking to see if this reg key exists: '#{port_reg_key}'"
-          registry_key_exists?(port_reg_key)
-        end
-
-        def create_printer_port
-          port_name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
-
-          # create the printer port using PowerShell
-          declare_resource(:powershell_script, "Creating printer port #{new_resource.port_name}") do
-            code <<-EOH
-
-              Set-WmiInstance -class Win32_TCPIPPrinterPort `
-                -EnableAllPrivileges `
-                -Argument @{ HostAddress = "#{new_resource.ipv4_address}";
-                            Name        = "#{port_name}";
-                            Description = "#{new_resource.port_description}";
-                            PortNumber  = "#{new_resource.port_number}";
-                            Protocol    = "#{new_resource.port_protocol}";
-                            SNMPEnabled = "$#{new_resource.snmp_enabled}";
-                          }
+      action :create, description: "Create or update the printer port." do
+        converge_if_changed do
+          if current_resource
+            # update the printer port using PowerShell
+            powershell_exec! <<-EOH
+            Get-WmiObject Win32_TCPIPPrinterPort -EnableAllPrivileges -filter "Name='#{new_resource.port_name}'" |
+            ForEach-Object{
+                 $_.HostAddress='#{new_resource.ipv4_address}'
+                 $_.PortNumber='#{new_resource.port_number}'
+                 $_.Protocol='#{new_resource.port_protocol}'
+                 $_.SNMPEnabled='$#{new_resource.snmp_enabled}'
+                 $_.Put()
+            }
+            EOH
+          else
+            # create the printer port using PowerShell
+            powershell_exec! <<-EOH
+            Set-WmiInstance -class Win32_TCPIPPrinterPort `
+              -EnableAllPrivileges `
+              -Argument @{ HostAddress = "#{new_resource.ipv4_address}";
+                          Name        = "#{new_resource.port_name}";
+                          PortNumber  = "#{new_resource.port_number}";
+                          Protocol    = "#{new_resource.port_protocol}";
+                          SNMPEnabled = "$#{new_resource.snmp_enabled}";
+                        }
             EOH
           end
-        end
 
-        def delete_printer_port
-          port_name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
+        end
+      end
 
-          declare_resource(:powershell_script, "Deleting printer port: #{new_resource.port_name}") do
-            code <<-EOH
-              $port = Get-WMIObject -class Win32_TCPIPPrinterPort -EnableAllPrivileges -Filter "name = '#{port_name}'"
-              $port.Delete()
-            EOH
+      action :delete, description: "Delete an existing printer port." do
+        if current_resource
+          converge_by("delete port #{new_resource.port_name}") do
+            powershell_exec!("Remove-PrinterPort -Name #{new_resource.port_name}")
           end
+        else
+          Chef::Log.info "#{new_resource.port_name} doesn't exist - can't delete."
         end
       end
     end

data/lib/chef/resource/windows_security_policy.rb

@@ -28,6 +28,7 @@ class Chef
 
       # The valid policy_names options found here
       # https://github.com/ChrisAWalker/cSecurityOptions under 'AccountSettings'
+      # This needs to be revisited - the list at the link above is non-exhaustive and is missing a couple of items
       policy_names = %w{LockoutDuration
                         MaximumPasswordAge
                         MinimumPasswordAge
@@ -36,6 +37,8 @@ class Chef
                         PasswordHistorySize
                         LockoutBadCount
                         ResetLockoutCount
+                        AuditPolicyChange
+                        LockoutDuration
                         RequireLogonToChangePassword
                         ForceLogoffWhenHourExpire
                         NewAdministratorName
@@ -87,8 +90,8 @@ class Chef
         current_state = load_security_options
 
         if new_resource.secoption == "ResetLockoutCount"
-          if new_resource.secvalue.to_i > 30
-            raise Chef::Exceptions::ValidationFailed, "The \"ResetLockoutCount\" value cannot be greater than 30 minutes"
+          if new_resource.secvalue.to_i > current_state["LockoutDuration"].to_i
+            raise Chef::Exceptions::ValidationFailed, "The \"ResetLockoutCount\" value cannot be greater than the value currently set for \"LockoutDuration\""
           end
         end
         if (new_resource.secoption == "ResetLockoutCount" || new_resource.secoption == "LockoutDuration") && current_state["LockoutBadCount"] == "0"
@@ -115,13 +118,13 @@ class Chef
             policy_line = "#{security_option} = \"#{security_value}\""
             file.write("[Unicode]\r\nUnicode=yes\r\n[System Access]\r\n#{policy_line}\r\n[Version]\r\nsignature=\"$CHICAGO$\"\r\nRevision=1\r\n")
             file.close
-            file_path = file.path.tr("/", '\\')
+            file_path = file.path.tr("/", "\\")
             cmd = "C:\\Windows\\System32\\secedit /configure /db C:\\windows\\security\\new.sdb /cfg #{file_path} /areas SECURITYPOLICY"
           else
             policy_line = "#{security_option} = #{security_value}"
             file.write("[Unicode]\r\nUnicode=yes\r\n[System Access]\r\n#{policy_line}\r\n[Version]\r\nsignature=\"$CHICAGO$\"\r\nRevision=1\r\n")
             file.close
-            file_path = file.path.tr("/", '\\')
+            file_path = file.path.tr("/", "\\")
             cmd = "C:\\Windows\\System32\\secedit /configure /db C:\\windows\\security\\new.sdb /cfg #{file_path} /areas SECURITYPOLICY"
           end
           shell_out!(cmd)

data/lib/chef/resource/windows_share.rb

@@ -192,7 +192,7 @@ class Chef
         name
       end
 
-      action :create, description: "Create or modify a Windows share" do
+      action :create, description: "Create or modify a Windows share." do
         # we do this here instead of requiring the property because :delete doesn't need path set
         raise "No path property set" unless new_resource.path
 
@@ -216,7 +216,7 @@ class Chef
         end
       end
 
-      action :delete, description: "Delete an existing Windows share" do
+      action :delete, description: "Delete an existing Windows share." do
         if current_resource.nil?
           Chef::Log.debug("#{new_resource.share_name} does not exist - nothing to do")
         else

data/lib/chef/resource/windows_shortcut.rb

@@ -69,7 +69,7 @@ class Chef
         iconlocation(link.IconLocation)
       end
 
-      action :create, description: "Create or modify a Windows shortcut" do
+      action :create, description: "Create or modify a Windows shortcut." do
         converge_if_changed do
           converge_by "creating shortcut #{new_resource.shortcut_name}" do
             link = WIN32OLE.new("WScript.Shell").CreateShortcut(new_resource.shortcut_name)

data/lib/chef/resource/windows_task.rb

@@ -49,7 +49,7 @@ class Chef
 
       **Create a scheduled task to run every 2 days**:
 
-      ``` ruby
+      ```ruby
       windows_task 'chef-client' do
         command 'chef-client'
         run_level :highest
@@ -549,7 +549,7 @@ class Chef
           if @current_resource.exists
             task.get_task(new_resource.task_name)
             @current_resource.task = task
-            pathed_task_name = new_resource.task_name.start_with?('\\') ? new_resource.task_name : "\\#{new_resource.task_name}"
+            pathed_task_name = new_resource.task_name.start_with?("\\") ? new_resource.task_name : "\\#{new_resource.task_name}"
             @current_resource.task_name(pathed_task_name)
           end
           @current_resource

data/lib/chef/resource/windows_uac.rb

@@ -29,7 +29,7 @@ class Chef
       examples <<~DOC
       **Disable UAC prompts for the admin**:
 
-      ``` ruby
+      ```ruby
       windows_uac 'Disable UAC prompts for the admin' do
         enable_uac true
         prompt_on_secure_desktop false
@@ -39,7 +39,7 @@ class Chef
 
       **Disable UAC entirely**:
 
-      ``` ruby
+      ```ruby
       windows_uac 'Disable UAC entirely' do
         enable_uac false
       end
@@ -72,9 +72,7 @@ class Chef
         equal_to: %i{auto_deny secure_prompt_for_creds prompt_for_creds},
         default: :prompt_for_creds
 
-      action :configure, description: "Configures UAC by setting registry keys at `HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System`" do
-        description 'Configures UAC by setting registry keys at \'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\''
-
+      action :configure, description: "Configures UAC by setting registry keys at `HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System`." do
         registry_key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' do
           values [{ name: "EnableLUA", type: :dword, data: bool_to_reg(new_resource.enable_uac) },
                   { name: "ValidateAdminCodeSignatures", type: :dword, data: bool_to_reg(new_resource.require_signed_binaries) },

data/lib/chef/resource/windows_update_settings.rb

@@ -0,0 +1,259 @@
+#
+# Author:: Sölvi Páll Ásgeirsson (<solvip@gmail.com>)
+# Author:: Richard Lavey (richard.lavey@calastone.com)
+# Author:: Tim Smith (tsmith@chef.io)
+#
+# Copyright:: 2014-2017, Sölvi Páll Ásgeirsson.
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+class Chef
+  class Resource
+    class WindowsUpdateSettings < Chef::Resource
+      unified_mode true
+
+      provides :windows_update_settings
+
+      description "Use the **windows_update_settings** resource to manage the various Windows Update patching options."
+      introduced "17.3"
+      examples <<~DOC
+      **Set Windows Update settings**:
+
+      ```ruby
+      windows_update_settings 'Settings to Configure Windows Nodes to automatically receive updates' do
+        disable_os_upgrades true
+        elevate_non_admins true
+        block_windows_update_website true
+        automatically_install_minor_updates true
+        scheduled_install_day 'Friday'
+        scheduled_install_hour 18
+        update_other_ms_products true
+        action :enable
+      end
+      ```
+      DOC
+
+      # required for the alias to pass validation
+      allowed_actions :set, :enable
+
+      DAYS = %W{Everyday Monday Tuesday Wednesday Thursday Friday Saturday Sunday}.freeze
+      UPDATE_OPTIONS = {
+                        notify: 2,
+                        download_and_notify: 3,
+                        download_and_schedule: 4,
+                        local_admin_decides: 5,
+                      }.freeze
+
+      # HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
+
+      property :disable_os_upgrades, [true, false], default: false, description: "Disable OS upgrades."
+      # options: 0 - let windows update update the os - false
+      #          1 - don't let windows update update the os - true
+
+      property :elevate_non_admins, [true, false], default: true, description: "Allow normal user accounts to temporarily be elevated to install patches."
+      # options: 0 - do not elevate a user to force an install - false
+      #          1 - do elevate the logged on user to install an update - true
+
+      property :add_to_target_wsus_group, [true, false], deprecated: "As of Chef Infra Client 17.3 the `add_to_target_wsus_group` property is no longer necessary."
+      # we set this registry value now automatically if the group name is set
+
+      property :target_wsus_group_name, String, description: "Add the node to a WSUS Target Group."
+      # options: --- a string representing the name of a target group you defined on your wsus server
+
+      property :wsus_server_url, String, description: "The URL of your WSUS server if you use one."
+      # options: --- a url for your internal update server in the form of https://my.updateserver.tld:4545 or whatever
+
+      property :wsus_status_server_url, String, deprecated: "As of Chef Infra Client 17.3 the `wsus_status_server_url` no longer needs to be set."
+      # this needs to be the same as wsus_server_url so we just set that value in both places now
+
+      # HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
+
+      property :block_windows_update_website, [true, false], default: false, description: "Block accessing the Windows Update website."
+      # options: 0 - allow access to the windows update website - false
+      #          1 - do not allow access to the windows update website - true
+
+      # HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
+
+      property :automatic_update_option, [Integer, Symbol], equal_to: UPDATE_OPTIONS.keys, coerce: proc { |x| UPDATE_OPTIONS.key(x) || x },
+                default: :download_and_schedule,
+                description: "Control what to do when updates are found. This allows you to notify, automatically download and notify to install, automatically download and schedule the install, or let the local admin decide what action to take."
+      # options: 2 - notify before download
+      #          3 - auto download and notify
+      #          4 - auto download and schedule - must also set day and time (below)
+      #          5 - allow the local admin to decide
+
+      property :automatically_install_minor_updates, [true, false], default: false, description: "Automatically install minor updates."
+      # options: 0 - do not automatically install minor updates - false
+      #          1 - of course, silently install them! - true
+
+      property :enable_detection_frequency, [true, false], default: false, description: "Used to override the OS default of how often to check for updates"
+      # do i want my nodes checking for updates at a time interval i chose?
+      # options: 0 - do not enable the option for a custom interval - false
+      #          1 - yeah, buddy, i want to set my own interval for checking for updates - true
+
+      property :custom_detection_frequency, Integer, default: 22, description: "If you decided to override the OS default detection frequency, specify your choice here. Valid choices are 0 - 22",
+      callbacks: {
+        "should be a valid detection frequency (0-22)" => lambda { |p|
+          p >= 0 && p <= 22
+        },
+      }
+      # a time period of between 0 and 22 hours to check for new updates
+      # this is a hex value - convert it from dec to hex
+
+      property :no_reboot_with_users_logged_on, [true, false], default: true, description: "Prevents the OS from rebooting while someone is on the console."
+      # options: 0 - user is notified of pending reboot in xx minutes - false/off
+      #          1 - user is notified of pending reboot but can defer - true/on
+
+      property :disable_automatic_updates, [true, false], default: false, description: "Disable Windows Update."
+      # options: 0 - enable automatic updates to the local system - false
+      #          1 - disable automatic updates - true
+
+      property :scheduled_install_day, String, equal_to: DAYS, default: DAYS.first, description: "A day of the week to tell Windows when to install updates."
+      # options: Everyday - install every day
+      #          Sunday - Saturday day of the week to install, 1 == sunday
+
+      property :scheduled_install_hour, Integer, description: "If you chose a scheduled day to install, then choose an hour on that day for you installation",
+                callbacks: {
+                  "should be a valid hour in a 24 hour clock" => lambda { |p|
+                    p > 0 && p < 25
+                  },
+                }
+      # options: --- 2-digit number representing an hour of the day, uses a 24-hour clock, 12 == noon, 24 == midnight
+
+      property :update_other_ms_products, [true, false], default: true, description: "Allows for other Microsoft products to get updates too"
+      # options: 0 - do not allow wu to update other apps - remove key from hive - false/off
+      #          1 - please update all my stuff! - true/on
+
+      # \AU\AllowMUUpdateService dword: 1
+
+      property :custom_wsus_server, [true, false], deprecated: "As of Chef Infra Client 17.3 the `custom_wsus_server` no longer needs to be setup when specifying a WSUS endpoint."
+      # not necessary as we set this registry value automatically if a URL is set
+
+      action :set, description: "Set Windows Update settings." do
+        actual_day = convert_day(new_resource.scheduled_install_day)
+
+        registry_key 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate' do
+          recursive true
+          values [{
+            name: "DisableOSUpgrade",
+            type: :dword,
+            data: new_resource.disable_os_upgrades ? 1 : 0,
+          },
+          {
+            name: "ElevateNonAdmins",
+            type: :dword,
+            data: new_resource.elevate_non_admins ? 1 : 0,
+          },
+          {
+            name: "TargetGroupEnabled",
+            type: :dword,
+            data: new_resource.target_wsus_group_name ? 1 : 0,
+          },
+          {
+            name: "TargetGroup",
+            type: :string,
+            data: new_resource.target_wsus_group_name,
+          },
+          {
+            name: "WUServer",
+            type: :string,
+            data: new_resource.wsus_server_url,
+          },
+          {
+            name: "WUStatusServer",
+            type: :string,
+            data: new_resource.wsus_server_url, # status server and server need to be the same. Why? Ask Microsoft
+          }]
+          action :create
+        end
+
+        registry_key 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer' do
+          recursive true
+          values [{
+            name: "NoWindowsUpdate",
+            type: :dword,
+            data: new_resource.block_windows_update_website ? 1 : 0,
+          }]
+          action :create
+        end
+
+        registry_key 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU' do
+          recursive true
+          values [{
+            name: "AUOptions",
+            type: :dword,
+            data: UPDATE_OPTIONS[new_resource.automatic_update_option],
+          },
+          {
+            name: "AutoInstallMinorUpdates",
+            type: :dword,
+            data: new_resource.automatically_install_minor_updates ? 1 : 0,
+          },
+          {
+            name: "DetectionFrequencyEnabled",
+            type: :dword,
+            data: new_resource.enable_detection_frequency ? 1 : 0,
+          },
+          {
+            name: "DetectionFrequency",
+            type: :dword,
+            data: new_resource.custom_detection_frequency,
+          },
+          {
+            name: "NoAutoRebootWithLoggedOnUsers",
+            type: :dword,
+            data: new_resource.no_reboot_with_users_logged_on ? 1 : 0,
+          },
+          {
+            name: "NoAutoUpdate",
+            type: :dword,
+            data: new_resource.disable_automatic_updates ? 1 : 0,
+          },
+          {
+            name: "ScheduledInstallDay",
+            type: :dword,
+            data: actual_day,
+          },
+          {
+            name: "ScheduledInstallTime",
+            type: :dword,
+            data: new_resource.scheduled_install_hour,
+          },
+          {
+            name: "AllowMUUpdateService",
+            type: :dword,
+            data: new_resource.update_other_ms_products ? 1 : 0,
+          },
+          {
+            name: "UseWUServer",
+            type: :dword,
+            data: new_resource.wsus_server_url ? 1 : 0, # if we have a URL set then want to turn on WSUS functionality
+          }]
+          action :create
+        end
+      end
+
+      action_class do
+        def convert_day(day)
+          DAYS.index(day)
+        end
+
+        # support the old name as well
+        alias_method :action_enable, :action_set
+      end
+    end
+  end
+end