chef 17.1.35-universal-mingw32 → 17.4.38-universal-mingw32
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +6 -4
- data/chef.gemspec +1 -0
- data/lib/chef/action_collection.rb +6 -26
- data/lib/chef/application/base.rb +15 -0
- data/lib/chef/application.rb +4 -2
- data/lib/chef/client.rb +7 -1
- data/lib/chef/compliance/default_attributes.rb +5 -3
- data/lib/chef/compliance/reporter/automate.rb +1 -1
- data/lib/chef/compliance/runner.rb +16 -2
- data/lib/chef/cookbook_version.rb +26 -4
- data/lib/chef/data_collector/run_end_message.rb +1 -1
- data/lib/chef/data_collector.rb +0 -1
- data/lib/chef/deprecated.rb +14 -4
- data/lib/chef/dsl/render_helpers.rb +44 -0
- data/lib/chef/dsl/secret.rb +64 -0
- data/lib/chef/dsl/toml.rb +116 -0
- data/lib/chef/dsl/universal.rb +5 -0
- data/lib/chef/dsl.rb +1 -0
- data/lib/chef/event_dispatch/base.rb +2 -1
- data/lib/chef/exceptions.rb +23 -0
- data/lib/chef/formatters/doc.rb +14 -13
- data/lib/chef/formatters/error_mapper.rb +2 -2
- data/lib/chef/formatters/minimal.rb +6 -5
- data/lib/chef/handler/slow_report.rb +66 -0
- data/lib/chef/handler.rb +46 -8
- data/lib/chef/http.rb +5 -5
- data/lib/chef/json_compat.rb +1 -1
- data/lib/chef/node.rb +20 -19
- data/lib/chef/policy_builder/policyfile.rb +88 -45
- data/lib/chef/provider/execute.rb +1 -1
- data/lib/chef/provider/file.rb +2 -2
- data/lib/chef/provider/group/dscl.rb +1 -1
- data/lib/chef/provider/launchd.rb +6 -6
- data/lib/chef/provider/lwrp_base.rb +1 -1
- data/lib/chef/provider/package/habitat.rb +168 -0
- data/lib/chef/provider/package/powershell.rb +5 -0
- data/lib/chef/provider/subversion.rb +4 -4
- data/lib/chef/provider/support/yum_repo.erb +1 -1
- data/lib/chef/provider/support/zypper_repo.erb +4 -2
- data/lib/chef/provider/systemd_unit.rb +17 -16
- data/lib/chef/provider/user/mac.rb +3 -3
- data/lib/chef/provider/yum_repository.rb +27 -43
- data/lib/chef/provider/zypper_repository.rb +30 -34
- data/lib/chef/provider.rb +26 -1
- data/lib/chef/provider_resolver.rb +8 -2
- data/lib/chef/providers.rb +1 -0
- data/lib/chef/resource/alternatives.rb +5 -5
- data/lib/chef/resource/apt_preference.rb +2 -2
- data/lib/chef/resource/apt_repository.rb +2 -2
- data/lib/chef/resource/apt_update.rb +4 -4
- data/lib/chef/resource/build_essential.rb +1 -1
- data/lib/chef/resource/chef_client_config.rb +10 -5
- data/lib/chef/resource/chef_client_cron.rb +3 -3
- data/lib/chef/resource/chef_client_launchd.rb +3 -3
- data/lib/chef/resource/chef_client_scheduled_task.rb +15 -15
- data/lib/chef/resource/chef_client_systemd_timer.rb +3 -3
- data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
- data/lib/chef/resource/chef_handler.rb +2 -2
- data/lib/chef/resource/chef_sleep.rb +1 -1
- data/lib/chef/resource/chef_vault_secret.rb +2 -2
- data/lib/chef/resource/chocolatey_feature.rb +2 -2
- data/lib/chef/resource/chocolatey_source.rb +1 -1
- data/lib/chef/resource/cron/cron_d.rb +4 -6
- data/lib/chef/resource/cron_access.rb +1 -1
- data/lib/chef/resource/dmg_package.rb +1 -1
- data/lib/chef/resource/dsc_resource.rb +1 -1
- data/lib/chef/resource/execute.rb +5 -5
- data/lib/chef/resource/gem_package.rb +2 -1
- data/lib/chef/resource/group.rb +4 -4
- data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
- data/lib/chef/resource/habitat/habitat_package.rb +129 -0
- data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
- data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
- data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
- data/lib/chef/resource/habitat_config.rb +107 -0
- data/lib/chef/resource/habitat_install.rb +247 -0
- data/lib/chef/resource/habitat_service.rb +451 -0
- data/lib/chef/resource/habitat_user_toml.rb +92 -0
- data/lib/chef/resource/homebrew_cask.rb +18 -7
- data/lib/chef/resource/homebrew_package.rb +1 -1
- data/lib/chef/resource/homebrew_tap.rb +4 -3
- data/lib/chef/resource/homebrew_update.rb +2 -2
- data/lib/chef/resource/hostname.rb +49 -7
- data/lib/chef/resource/inspec_waiver_file_entry.rb +8 -7
- data/lib/chef/resource/kernel_module.rb +6 -6
- data/lib/chef/resource/launchd.rb +3 -3
- data/lib/chef/resource/locale.rb +1 -1
- data/lib/chef/resource/lwrp_base.rb +1 -1
- data/lib/chef/resource/macos_userdefaults.rb +2 -2
- data/lib/chef/resource/ohai_hint.rb +2 -6
- data/lib/chef/resource/openbsd_package.rb +17 -0
- data/lib/chef/resource/openssl_dhparam.rb +1 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +1 -3
- data/lib/chef/resource/openssl_ec_public_key.rb +1 -3
- data/lib/chef/resource/openssl_rsa_private_key.rb +1 -3
- data/lib/chef/resource/openssl_rsa_public_key.rb +1 -3
- data/lib/chef/resource/openssl_x509_certificate.rb +1 -4
- data/lib/chef/resource/openssl_x509_crl.rb +1 -3
- data/lib/chef/resource/openssl_x509_request.rb +1 -3
- data/lib/chef/resource/osx_profile.rb +3 -3
- data/lib/chef/resource/plist.rb +1 -1
- data/lib/chef/resource/powershell_package_source.rb +2 -4
- data/lib/chef/resource/reboot.rb +38 -9
- data/lib/chef/resource/remote_directory.rb +2 -2
- data/lib/chef/resource/remote_file.rb +1 -1
- data/lib/chef/resource/rhsm_errata.rb +0 -2
- data/lib/chef/resource/rhsm_errata_level.rb +1 -5
- data/lib/chef/resource/rhsm_repo.rb +15 -0
- data/lib/chef/resource/rhsm_subscription.rb +5 -5
- data/lib/chef/resource/ruby_block.rb +100 -0
- data/lib/chef/resource/scm/subversion.rb +1 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +4 -7
- data/lib/chef/resource/sudo.rb +2 -6
- data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
- data/lib/chef/resource/support/client.erb +8 -1
- data/lib/chef/resource/support/sup.toml.erb +179 -0
- data/lib/chef/resource/swap_file.rb +2 -6
- data/lib/chef/resource/sysctl.rb +2 -2
- data/lib/chef/resource/systemd_unit.rb +3 -3
- data/lib/chef/resource/timezone.rb +1 -1
- data/lib/chef/resource/user_ulimit.rb +2 -2
- data/lib/chef/resource/windows_ad_join.rb +2 -2
- data/lib/chef/resource/windows_audit_policy.rb +2 -2
- data/lib/chef/resource/windows_auto_run.rb +2 -2
- data/lib/chef/resource/windows_certificate.rb +1 -1
- data/lib/chef/resource/windows_defender.rb +163 -0
- data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
- data/lib/chef/resource/windows_dfs_folder.rb +2 -2
- data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
- data/lib/chef/resource/windows_dns_record.rb +2 -2
- data/lib/chef/resource/windows_dns_zone.rb +2 -2
- data/lib/chef/resource/windows_feature.rb +3 -3
- data/lib/chef/resource/windows_feature_dism.rb +3 -5
- data/lib/chef/resource/windows_feature_powershell.rb +3 -3
- data/lib/chef/resource/windows_firewall_profile.rb +2 -2
- data/lib/chef/resource/windows_firewall_rule.rb +20 -6
- data/lib/chef/resource/windows_font.rb +1 -1
- data/lib/chef/resource/windows_pagefile.rb +103 -64
- data/lib/chef/resource/windows_path.rb +2 -2
- data/lib/chef/resource/windows_printer.rb +80 -61
- data/lib/chef/resource/windows_printer_port.rb +48 -65
- data/lib/chef/resource/windows_security_policy.rb +2 -2
- data/lib/chef/resource/windows_share.rb +2 -2
- data/lib/chef/resource/windows_shortcut.rb +1 -1
- data/lib/chef/resource/windows_task.rb +1 -1
- data/lib/chef/resource/windows_uac.rb +3 -5
- data/lib/chef/resource/windows_update_settings.rb +259 -0
- data/lib/chef/resource/windows_user_privilege.rb +2 -2
- data/lib/chef/resource/windows_workgroup.rb +2 -2
- data/lib/chef/resource/yum_package.rb +11 -15
- data/lib/chef/resource/zypper_package.rb +4 -4
- data/lib/chef/resource/zypper_repository.rb +28 -8
- data/lib/chef/resource.rb +13 -17
- data/lib/chef/resource_inspector.rb +6 -2
- data/lib/chef/resource_reporter.rb +0 -1
- data/lib/chef/resources.rb +12 -1
- data/lib/chef/secret_fetcher/aws_secrets_manager.rb +65 -0
- data/lib/chef/secret_fetcher/azure_key_vault.rb +78 -0
- data/lib/chef/secret_fetcher/base.rb +76 -0
- data/lib/chef/secret_fetcher/example.rb +46 -0
- data/lib/chef/secret_fetcher.rb +55 -0
- data/lib/chef/version.rb +1 -1
- data/spec/functional/mixin/from_file_spec.rb +1 -1
- data/spec/functional/resource/windows_hostname_spec.rb +91 -0
- data/spec/functional/resource/windows_pagefile_spec.rb +98 -0
- data/spec/integration/compliance/compliance_spec.rb +1 -0
- data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
- data/spec/integration/recipes/resource_action_spec.rb +6 -6
- data/spec/support/shared/unit/provider/file.rb +2 -8
- data/spec/unit/compliance/runner_spec.rb +46 -2
- data/spec/unit/cookbook_version_spec.rb +52 -0
- data/spec/unit/data_collector_spec.rb +47 -1
- data/spec/unit/dsl/render_helpers_spec.rb +102 -0
- data/spec/unit/dsl/secret_spec.rb +71 -0
- data/spec/unit/formatters/doc_spec.rb +1 -1
- data/spec/unit/handler_spec.rb +8 -2
- data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
- data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
- data/spec/unit/provider/apt_update_spec.rb +3 -1
- data/spec/unit/provider/mount/aix_spec.rb +1 -1
- data/spec/unit/provider/package/powershell_spec.rb +74 -12
- data/spec/unit/provider/zypper_repository_spec.rb +3 -10
- data/spec/unit/provider_spec.rb +23 -0
- data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
- data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
- data/spec/unit/resource/systemd_unit_spec.rb +1 -1
- data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
- data/spec/unit/resource/windows_defender_spec.rb +71 -0
- data/spec/unit/resource/windows_firewall_rule_spec.rb +12 -7
- data/spec/unit/resource/windows_pagefile_spec.rb +4 -9
- data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
- data/spec/unit/resource/zypper_repository_spec.rb +1 -1
- data/spec/unit/resource_spec.rb +19 -8
- data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
- data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +70 -0
- data/spec/unit/secret_fetcher_spec.rb +82 -0
- metadata +55 -7
@@ -0,0 +1,125 @@
|
|
1
|
+
#
|
2
|
+
# Copyright:: Chef Software, Inc.
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
#
|
16
|
+
|
17
|
+
require_relative "../resource"
|
18
|
+
|
19
|
+
class Chef
|
20
|
+
class Resource
|
21
|
+
class WindowsDefenderExclusion < Chef::Resource
|
22
|
+
|
23
|
+
provides :windows_defender_exclusion
|
24
|
+
|
25
|
+
description "Use the **windows_defender_exclusion** resource to exclude paths, processes, or file types from Windows Defender realtime protection scanning."
|
26
|
+
introduced "17.3"
|
27
|
+
examples <<~DOC
|
28
|
+
**Add excluded items to Windows Defender scans**:
|
29
|
+
|
30
|
+
```ruby
|
31
|
+
windows_defender_exclusion 'Add to things to be excluded from scanning' do
|
32
|
+
paths 'c:\\foo\\bar, d:\\bar\\baz'
|
33
|
+
extensions 'png, foo, ppt, doc'
|
34
|
+
process_paths 'c:\\windows\\system32'
|
35
|
+
action :add
|
36
|
+
end
|
37
|
+
```
|
38
|
+
|
39
|
+
**Remove excluded items from Windows Defender scans**:
|
40
|
+
|
41
|
+
```ruby
|
42
|
+
windows_defender_exclusion 'Remove things from the list to be excluded' do
|
43
|
+
process_paths 'c:\\windows\\system32'
|
44
|
+
action :remove
|
45
|
+
end
|
46
|
+
```
|
47
|
+
DOC
|
48
|
+
unified_mode true
|
49
|
+
|
50
|
+
property :paths, [String, Array], default: [],
|
51
|
+
coerce: proc { |x| to_consistent_path_array(x) },
|
52
|
+
description: "File or directory paths to exclude from scanning."
|
53
|
+
|
54
|
+
property :extensions, [String, Array], default: [],
|
55
|
+
coerce: proc { |x| to_consistent_path_array(x) },
|
56
|
+
description: "File extensions to exclude from scanning."
|
57
|
+
|
58
|
+
property :process_paths, [String, Array], default: [],
|
59
|
+
coerce: proc { |x| to_consistent_path_array(x) },
|
60
|
+
description: "Paths to executables to exclude from scanning."
|
61
|
+
|
62
|
+
def to_consistent_path_array(x)
|
63
|
+
fixed = x.dup || []
|
64
|
+
fixed = fixed.split(/\s*,\s*/) if fixed.is_a?(String)
|
65
|
+
fixed.map!(&:downcase)
|
66
|
+
fixed.map! { |v| v.gsub(%r{/}, "\\") }
|
67
|
+
fixed
|
68
|
+
end
|
69
|
+
|
70
|
+
load_current_value do |new_resource|
|
71
|
+
Chef::Log.debug("Running 'Get-MpPreference | Select-Object ExclusionExtension,ExclusionPath,ExclusionProcess' to get Windows Defender State")
|
72
|
+
|
73
|
+
values = powershell_exec!("Get-MPpreference | Select-Object ExclusionExtension,ExclusionPath,ExclusionProcess").result
|
74
|
+
|
75
|
+
values.transform_values! { |x| Array(x) }
|
76
|
+
|
77
|
+
paths new_resource.paths & values["ExclusionPath"]
|
78
|
+
extensions new_resource.extensions & values["ExclusionExtension"]
|
79
|
+
process_paths new_resource.process_paths & values["ExclusionProcess"]
|
80
|
+
end
|
81
|
+
|
82
|
+
action :add, description: "Add an exclusion to Windows Defender." do
|
83
|
+
converge_if_changed do
|
84
|
+
powershell_exec!(add_cmd)
|
85
|
+
end
|
86
|
+
end
|
87
|
+
|
88
|
+
action :remove, description: "Remove an exclusion to Windows Defender." do
|
89
|
+
converge_if_changed do
|
90
|
+
powershell_exec!(remove_cmd)
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
action_class do
|
95
|
+
MAPPING = {
|
96
|
+
paths: "ExclusionPath",
|
97
|
+
extensions: "ExclusionExtension",
|
98
|
+
process_paths: "ExclusionProcess",
|
99
|
+
}.freeze
|
100
|
+
|
101
|
+
def add_cmd
|
102
|
+
cmd = "Add-MpPreference -Force"
|
103
|
+
|
104
|
+
MAPPING.each do |prop, flag|
|
105
|
+
to_add = new_resource.send(prop) - current_resource.send(prop)
|
106
|
+
cmd << " -#{flag} #{to_add.join(",")}" unless to_add.empty?
|
107
|
+
end
|
108
|
+
|
109
|
+
cmd
|
110
|
+
end
|
111
|
+
|
112
|
+
def remove_cmd
|
113
|
+
cmd = "Remove-MpPreference -Force"
|
114
|
+
|
115
|
+
MAPPING.each do |prop, flag|
|
116
|
+
to_add = new_resource.send(prop) & current_resource.send(prop)
|
117
|
+
cmd << " -#{flag} #{to_add.join(",")}" unless to_add.empty?
|
118
|
+
end
|
119
|
+
|
120
|
+
cmd
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
@@ -42,7 +42,7 @@ class Chef
|
|
42
42
|
property :description, String,
|
43
43
|
description: "Description for the share."
|
44
44
|
|
45
|
-
action :create, description: "Creates the folder in dfs namespace" do
|
45
|
+
action :create, description: "Creates the folder in dfs namespace." do
|
46
46
|
raise "target_path is required for install" unless property_is_set?(:target_path)
|
47
47
|
raise "description is required for install" unless property_is_set?(:description)
|
48
48
|
|
@@ -60,7 +60,7 @@ class Chef
|
|
60
60
|
end
|
61
61
|
end
|
62
62
|
|
63
|
-
action :delete, description: "Deletes the folder in the dfs namespace" do
|
63
|
+
action :delete, description: "Deletes the folder in the dfs namespace." do
|
64
64
|
powershell_script "Delete DFS Namespace" do
|
65
65
|
code <<-EOH
|
66
66
|
Remove-DfsnFolder -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}\\#{new_resource.folder_path}' -Force
|
@@ -52,7 +52,7 @@ class Chef
|
|
52
52
|
description: "The root from which to create the DFS tree. Defaults to C:\\DFSRoots.",
|
53
53
|
default: 'C:\\DFSRoots'
|
54
54
|
|
55
|
-
action :create, description: "Creates the dfs namespace on the server" do
|
55
|
+
action :create, description: "Creates the dfs namespace on the server." do
|
56
56
|
directory file_path do
|
57
57
|
action :create
|
58
58
|
recursive true
|
@@ -82,7 +82,7 @@ class Chef
|
|
82
82
|
end
|
83
83
|
end
|
84
84
|
|
85
|
-
action :delete, description: "Deletes a DFS Namespace including the directory on disk" do
|
85
|
+
action :delete, description: "Deletes a DFS Namespace including the directory on disk." do
|
86
86
|
powershell_script "Delete DFS Namespace" do
|
87
87
|
code <<-EOH
|
88
88
|
Remove-DfsnRoot -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}' -Force
|
@@ -49,7 +49,7 @@ class Chef
|
|
49
49
|
default: "localhost",
|
50
50
|
introduced: "16.3"
|
51
51
|
|
52
|
-
action :create, description: "Creates and updates the DNS entry" do
|
52
|
+
action :create, description: "Creates and updates the DNS entry." do
|
53
53
|
windows_feature "RSAT-DNS-Server" do
|
54
54
|
not_if new_resource.dns_server.casecmp?("localhost")
|
55
55
|
end
|
@@ -59,7 +59,7 @@ class Chef
|
|
59
59
|
run_dsc_resource "Present"
|
60
60
|
end
|
61
61
|
|
62
|
-
action :delete, description: "Deletes a DNS entry" do
|
62
|
+
action :delete, description: "Deletes a DNS entry." do
|
63
63
|
windows_feature "RSAT-DNS-Server" do
|
64
64
|
not_if new_resource.dns_server.casecmp?("localhost")
|
65
65
|
end
|
@@ -40,13 +40,13 @@ class Chef
|
|
40
40
|
description: "The type of DNS server, Domain or Standalone.",
|
41
41
|
default: "Domain", equal_to: %w{Domain Standalone}
|
42
42
|
|
43
|
-
action :create, description: "Creates and updates a DNS Zone" do
|
43
|
+
action :create, description: "Creates and updates a DNS Zone." do
|
44
44
|
powershell_package "xDnsServer"
|
45
45
|
|
46
46
|
run_dsc_resource "Present"
|
47
47
|
end
|
48
48
|
|
49
|
-
action :delete, description: "Deletes a DNS Zone" do
|
49
|
+
action :delete, description: "Deletes a DNS Zone." do
|
50
50
|
powershell_package "xDnsServer"
|
51
51
|
|
52
52
|
run_dsc_resource "Absent"
|
@@ -108,15 +108,15 @@ class Chef
|
|
108
108
|
default: 600,
|
109
109
|
desired_state: false
|
110
110
|
|
111
|
-
action :install, description: "Install a Windows role
|
111
|
+
action :install, description: "Install a Windows role or feature." do
|
112
112
|
run_default_subresource :install
|
113
113
|
end
|
114
114
|
|
115
|
-
action :remove, description: "Remove a Windows role
|
115
|
+
action :remove, description: "Remove a Windows role or feature." do
|
116
116
|
run_default_subresource :remove
|
117
117
|
end
|
118
118
|
|
119
|
-
action :delete, description: "Remove a Windows role
|
119
|
+
action :delete, description: "Remove a Windows role or feature from the image." do
|
120
120
|
run_default_subresource :delete
|
121
121
|
end
|
122
122
|
|
@@ -65,9 +65,7 @@ class Chef
|
|
65
65
|
x.map(&:downcase)
|
66
66
|
end
|
67
67
|
|
68
|
-
action :install do
|
69
|
-
description "Install a Windows role/feature using DISM"
|
70
|
-
|
68
|
+
action :install, description: "Install a Windows role/feature using DISM." do
|
71
69
|
reload_cached_dism_data unless node["dism_features_cache"]
|
72
70
|
fail_if_unavailable # fail if the features don't exist
|
73
71
|
|
@@ -91,7 +89,7 @@ class Chef
|
|
91
89
|
end
|
92
90
|
end
|
93
91
|
|
94
|
-
action :remove, description: "Remove a Windows role
|
92
|
+
action :remove, description: "Remove a Windows role or feature using DISM." do
|
95
93
|
reload_cached_dism_data unless node["dism_features_cache"]
|
96
94
|
|
97
95
|
logger.trace("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
|
@@ -106,7 +104,7 @@ class Chef
|
|
106
104
|
end
|
107
105
|
end
|
108
106
|
|
109
|
-
action :delete, description: "Remove a Windows role
|
107
|
+
action :delete, description: "Remove a Windows role or feature from the image using DISM." do
|
110
108
|
reload_cached_dism_data unless node["dism_features_cache"]
|
111
109
|
|
112
110
|
fail_if_unavailable # fail if the features don't exist
|
@@ -87,7 +87,7 @@ class Chef
|
|
87
87
|
x.map(&:downcase)
|
88
88
|
end
|
89
89
|
|
90
|
-
action :install, description: "Install a Windows role
|
90
|
+
action :install, description: "Install a Windows role or feature using PowerShell." do
|
91
91
|
reload_cached_powershell_data unless node["powershell_features_cache"]
|
92
92
|
fail_if_unavailable # fail if the features don't exist
|
93
93
|
fail_if_removed # fail if the features are in removed state
|
@@ -108,7 +108,7 @@ class Chef
|
|
108
108
|
end
|
109
109
|
end
|
110
110
|
|
111
|
-
action :remove, description: "Remove a Windows role
|
111
|
+
action :remove, description: "Remove a Windows role or feature using PowerShell." do
|
112
112
|
reload_cached_powershell_data unless node["powershell_features_cache"]
|
113
113
|
|
114
114
|
Chef::Log.debug("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
|
@@ -123,7 +123,7 @@ class Chef
|
|
123
123
|
end
|
124
124
|
end
|
125
125
|
|
126
|
-
action :delete, description: "Delete a Windows role
|
126
|
+
action :delete, description: "Delete a Windows role or feature from the image using PowerShell." do
|
127
127
|
reload_cached_powershell_data unless node["powershell_features_cache"]
|
128
128
|
|
129
129
|
fail_if_unavailable # fail if the features don't exist
|
@@ -121,7 +121,7 @@ class Chef
|
|
121
121
|
end
|
122
122
|
end
|
123
123
|
|
124
|
-
action :enable, description: "Enable and optionally configure a Windows Firewall profile" do
|
124
|
+
action :enable, description: "Enable and optionally configure a Windows Firewall profile." do
|
125
125
|
converge_if_changed :default_inbound_action, :default_outbound_action, :allow_inbound_rules, :allow_local_firewall_rules,
|
126
126
|
:allow_local_ipsec_rules, :allow_user_apps, :allow_user_ports, :allow_unicast_response, :display_notification do
|
127
127
|
fw_cmd = firewall_command(new_resource.profile)
|
@@ -135,7 +135,7 @@ class Chef
|
|
135
135
|
end
|
136
136
|
end
|
137
137
|
|
138
|
-
action :disable, description: "Disable a Windows Firewall profile" do
|
138
|
+
action :disable, description: "Disable a Windows Firewall profile." do
|
139
139
|
if firewall_enabled?(new_resource.profile)
|
140
140
|
converge_by "Disable the #{new_resource.profile} Firewall Profile" do
|
141
141
|
cmd = "Set-NetFirewallProfile -Profile #{new_resource.profile} -Enabled \"False\""
|
@@ -39,6 +39,19 @@ class Chef
|
|
39
39
|
end
|
40
40
|
```
|
41
41
|
|
42
|
+
**Configuring multiple remote-address ports on a rule**:
|
43
|
+
|
44
|
+
```ruby
|
45
|
+
windows_firewall_rule 'MyRule' do
|
46
|
+
description 'Testing out remote address arrays'
|
47
|
+
enabled false
|
48
|
+
local_port 1434
|
49
|
+
remote_address %w(10.17.3.101 172.7.7.53)
|
50
|
+
protocol 'TCP'
|
51
|
+
action :create
|
52
|
+
end
|
53
|
+
```
|
54
|
+
|
42
55
|
**Allow protocol ICMPv6 with ICMP Type**:
|
43
56
|
|
44
57
|
```ruby
|
@@ -97,8 +110,9 @@ class Chef
|
|
97
110
|
coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) },
|
98
111
|
description: "The local port the firewall rule applies to."
|
99
112
|
|
100
|
-
property :remote_address, String,
|
101
|
-
|
113
|
+
property :remote_address, [String, Array],
|
114
|
+
coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) },
|
115
|
+
description: "The remote address(es) the firewall rule applies to."
|
102
116
|
|
103
117
|
property :remote_port, [String, Integer, Array],
|
104
118
|
# split various formats of comma separated lists and provide a sorted array of strings to match PS output
|
@@ -172,7 +186,7 @@ class Chef
|
|
172
186
|
group state["group"]
|
173
187
|
local_address state["local_address"]
|
174
188
|
local_port Array(state["local_port"]).sort
|
175
|
-
remote_address state["remote_address"]
|
189
|
+
remote_address Array(state["remote_address"]).sort
|
176
190
|
remote_port Array(state["remote_port"]).sort
|
177
191
|
direction state["direction"]
|
178
192
|
protocol state["protocol"]
|
@@ -185,7 +199,7 @@ class Chef
|
|
185
199
|
enabled state["enabled"]
|
186
200
|
end
|
187
201
|
|
188
|
-
action :create, description: "Create a Windows firewall entry" do
|
202
|
+
action :create, description: "Create a Windows firewall entry." do
|
189
203
|
if current_resource
|
190
204
|
converge_if_changed :rule_name, :description, :displayname, :local_address, :local_port, :remote_address,
|
191
205
|
:remote_port, :direction, :protocol, :icmp_type, :firewall_action, :profile, :program, :service,
|
@@ -206,7 +220,7 @@ class Chef
|
|
206
220
|
end
|
207
221
|
end
|
208
222
|
|
209
|
-
action :delete, description: "Delete an existing Windows firewall entry" do
|
223
|
+
action :delete, description: "Delete an existing Windows firewall entry." do
|
210
224
|
if current_resource
|
211
225
|
converge_by("delete firewall rule #{new_resource.rule_name}") do
|
212
226
|
powershell_exec!("Remove-NetFirewallRule -Name '#{new_resource.rule_name}'")
|
@@ -227,7 +241,7 @@ class Chef
|
|
227
241
|
cmd << " -Description '#{new_resource.description}'" if new_resource.description
|
228
242
|
cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address
|
229
243
|
cmd << " -LocalPort '#{new_resource.local_port.join("', '")}'" if new_resource.local_port
|
230
|
-
cmd << " -RemoteAddress '#{new_resource.remote_address}'" if new_resource.remote_address
|
244
|
+
cmd << " -RemoteAddress '#{new_resource.remote_address.join("', '")}'" if new_resource.remote_address
|
231
245
|
cmd << " -RemotePort '#{new_resource.remote_port.join("', '")}'" if new_resource.remote_port
|
232
246
|
cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction
|
233
247
|
cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol
|
@@ -45,7 +45,7 @@ class Chef
|
|
45
45
|
description: "A local filesystem path or URI that is used to source the font file.",
|
46
46
|
coerce: proc { |x| /^.:.*/.match?(x) ? x.tr("\\", "/").gsub("//", "/") : x }
|
47
47
|
|
48
|
-
action :install, description: "Install a font to the system fonts directory" do
|
48
|
+
action :install, description: "Install a font to the system fonts directory." do
|
49
49
|
if font_exists?
|
50
50
|
logger.debug("Not installing font: #{new_resource.font_name} as font already installed.")
|
51
51
|
else
|
@@ -39,16 +39,26 @@ class Chef
|
|
39
39
|
|
40
40
|
```ruby
|
41
41
|
windows_pagefile 'Delete the pagefile' do
|
42
|
-
path 'C
|
42
|
+
path 'C'
|
43
43
|
action :delete
|
44
44
|
end
|
45
45
|
```
|
46
46
|
|
47
|
+
**Switch to system managed pagefiles**:
|
48
|
+
|
49
|
+
```ruby
|
50
|
+
windows_pagefile 'Change the pagefile to System Managed' do
|
51
|
+
path 'E:\'
|
52
|
+
system_managed true
|
53
|
+
action :set
|
54
|
+
end
|
55
|
+
```
|
56
|
+
|
47
57
|
**Create a pagefile with an initial and maximum size**:
|
48
58
|
|
49
59
|
```ruby
|
50
|
-
windows_pagefile 'create the pagefile' do
|
51
|
-
path '
|
60
|
+
windows_pagefile 'create the pagefile with these sizes' do
|
61
|
+
path 'f:\'
|
52
62
|
initial_size 100
|
53
63
|
maximum_size 200
|
54
64
|
end
|
@@ -64,8 +74,7 @@ class Chef
|
|
64
74
|
description: "Configures whether the system manages the pagefile size."
|
65
75
|
|
66
76
|
property :automatic_managed, [TrueClass, FalseClass],
|
67
|
-
description: "Enable automatic management of pagefile initial and maximum size. Setting this to true ignores `initial_size` and `maximum_size` properties."
|
68
|
-
default: false
|
77
|
+
description: "Enable automatic management of pagefile initial and maximum size. Setting this to true ignores `initial_size` and `maximum_size` properties."
|
69
78
|
|
70
79
|
property :initial_size, Integer,
|
71
80
|
description: "Initial size of the pagefile in megabytes."
|
@@ -73,23 +82,26 @@ class Chef
|
|
73
82
|
property :maximum_size, Integer,
|
74
83
|
description: "Maximum size of the pagefile in megabytes."
|
75
84
|
|
76
|
-
action :set, description: "Configures the default pagefile, creating if it doesn't exist" do
|
77
|
-
pagefile = new_resource.path
|
78
|
-
initial_size = new_resource.initial_size
|
79
|
-
maximum_size = new_resource.maximum_size
|
80
|
-
system_managed = new_resource.system_managed
|
85
|
+
action :set, description: "Configures the default pagefile, creating if it doesn't exist." do
|
81
86
|
automatic_managed = new_resource.automatic_managed
|
82
87
|
|
83
88
|
if automatic_managed
|
84
89
|
set_automatic_managed unless automatic_managed?
|
85
|
-
|
90
|
+
elsif automatic_managed == false
|
86
91
|
unset_automatic_managed if automatic_managed?
|
92
|
+
else
|
93
|
+
pagefile = clarify_pagefile_name
|
94
|
+
initial_size = new_resource.initial_size
|
95
|
+
maximum_size = new_resource.maximum_size
|
96
|
+
system_managed = new_resource.system_managed
|
87
97
|
|
88
|
-
#
|
89
|
-
|
90
|
-
|
91
|
-
|
98
|
+
# the method below is designed to raise an exception if the drive you are trying to create a pagefile for doesn't exist.
|
99
|
+
# PowerShell will happily let you create a pagefile called h:\pagefile.sys even though you don't have an H:\ drive.
|
100
|
+
|
101
|
+
pagefile_drive_exist?(pagefile)
|
102
|
+
create(pagefile) unless exists?(pagefile)
|
92
103
|
|
104
|
+
if (initial_size && maximum_size) || system_managed
|
93
105
|
if system_managed
|
94
106
|
set_system_managed(pagefile) unless max_and_min_set?(pagefile, 0, 0)
|
95
107
|
else
|
@@ -101,21 +113,33 @@ class Chef
|
|
101
113
|
end
|
102
114
|
end
|
103
115
|
|
104
|
-
action :delete, description: "Deletes the specified pagefile" do
|
105
|
-
|
106
|
-
delete(
|
116
|
+
action :delete, description: "Deletes the specified pagefile." do
|
117
|
+
pagefile = clarify_pagefile_name
|
118
|
+
delete(pagefile) if exists?(pagefile)
|
107
119
|
end
|
108
120
|
|
109
121
|
action_class do
|
110
122
|
private
|
111
123
|
|
112
|
-
#
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
124
|
+
# We are adding support for a number of possibilities for how users will express the drive and location they want the pagefile written to.
|
125
|
+
def clarify_pagefile_name
|
126
|
+
case new_resource.path
|
127
|
+
# user enters C, C:, C:\, C:\\
|
128
|
+
when /^[a-zA-Z]/
|
129
|
+
new_resource.path[0] + ":\\pagefile.sys"
|
130
|
+
# user enters C:\pagefile.sys OR c:\foo\bar\pagefile.sys as the path
|
131
|
+
when /^[a-zA-Z]:.*.sys/
|
132
|
+
new_resource.path
|
133
|
+
else
|
134
|
+
raise "#{new_resource.path} does not match the format DRIVE:\\path\\pagefile.sys for pagefiles. Example: C:\\pagefile.sys"
|
135
|
+
end
|
136
|
+
end
|
117
137
|
|
118
|
-
|
138
|
+
# raise an exception if the target drive location is invalid
|
139
|
+
def pagefile_drive_exist?(pagefile)
|
140
|
+
if ::Dir.exist?(pagefile[0] + ":\\") == false
|
141
|
+
raise "You are trying to create a pagefile on a drive that does not exist!"
|
142
|
+
end
|
119
143
|
end
|
120
144
|
|
121
145
|
# See if the pagefile exists
|
@@ -124,9 +148,11 @@ class Chef
|
|
124
148
|
# @return [Boolean]
|
125
149
|
def exists?(pagefile)
|
126
150
|
@exists ||= begin
|
127
|
-
logger.trace("Checking if #{pagefile} exists by running:
|
128
|
-
cmd =
|
129
|
-
cmd
|
151
|
+
logger.trace("Checking if #{pagefile} exists by running: Get-CimInstance Win32_PagefileSetting | Where-Object { $_.name -eq $($pagefile)} ")
|
152
|
+
cmd = "$page_file_name = '#{pagefile}';"
|
153
|
+
cmd << "$pagefile = Get-CimInstance Win32_PagefileSetting | Where-Object { $_.name -eq $($page_file_name)};"
|
154
|
+
cmd << "if ([string]::IsNullOrEmpty($pagefile)) { return $false } else { return $true }"
|
155
|
+
powershell_exec!(cmd).result
|
130
156
|
end
|
131
157
|
end
|
132
158
|
|
@@ -137,11 +163,14 @@ class Chef
|
|
137
163
|
# @param [String] max the minimum size of the pagefile
|
138
164
|
# @return [Boolean]
|
139
165
|
def max_and_min_set?(pagefile, min, max)
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
166
|
+
logger.trace("Checking if #{pagefile} has max and initial disk size values set")
|
167
|
+
cmd = "$page_file = '#{pagefile}';"
|
168
|
+
cmd << "$driveLetter = $page_file.split(':')[0];"
|
169
|
+
cmd << "$page_file_settings = Get-CimInstance -ClassName Win32_PageFileSetting -Filter \"SettingID='pagefile.sys @ $($driveLetter):'\" -Property * -ErrorAction Stop;"
|
170
|
+
cmd << "if ($page_file_settings.InitialSize -eq #{min} -and $page_file_settings.MaximumSize -eq #{max})"
|
171
|
+
cmd << "{ return $true }"
|
172
|
+
cmd << "else { return $false }"
|
173
|
+
powershell_exec!(cmd).result
|
145
174
|
end
|
146
175
|
|
147
176
|
# create a pagefile
|
@@ -149,9 +178,10 @@ class Chef
|
|
149
178
|
# @param [String] pagefile path to the pagefile
|
150
179
|
def create(pagefile)
|
151
180
|
converge_by("create pagefile #{pagefile}") do
|
152
|
-
logger.trace("Running
|
153
|
-
|
154
|
-
|
181
|
+
logger.trace("Running New-CimInstance -ClassName Win32_PageFileSetting to create new pagefile : #{pagefile}")
|
182
|
+
powershell_exec! <<~ELM
|
183
|
+
New-CimInstance -ClassName Win32_PageFileSetting -Property @{Name = "#{pagefile}"}
|
184
|
+
ELM
|
155
185
|
end
|
156
186
|
end
|
157
187
|
|
@@ -160,9 +190,13 @@ class Chef
|
|
160
190
|
# @param [String] pagefile path to the pagefile
|
161
191
|
def delete(pagefile)
|
162
192
|
converge_by("remove pagefile #{pagefile}") do
|
163
|
-
logger.trace("Running
|
164
|
-
|
165
|
-
|
193
|
+
logger.trace("Running Remove-CimInstance for pagefile : #{pagefile}")
|
194
|
+
powershell_exec! <<~EOL
|
195
|
+
$page_file = "#{pagefile}"
|
196
|
+
$driveLetter = $page_file.split(':')[0]
|
197
|
+
$PageFile = (Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop)
|
198
|
+
$null = ($PageFile | Remove-CimInstance -ErrorAction SilentlyContinue)
|
199
|
+
EOL
|
166
200
|
end
|
167
201
|
end
|
168
202
|
|
@@ -172,26 +206,31 @@ class Chef
|
|
172
206
|
def automatic_managed?
|
173
207
|
@automatic_managed ||= begin
|
174
208
|
logger.trace("Checking if pagefiles are automatically managed")
|
175
|
-
cmd =
|
176
|
-
cmd
|
209
|
+
cmd = "$sys = Get-CimInstance Win32_ComputerSystem -Property *;"
|
210
|
+
cmd << "return $sys.AutomaticManagedPagefile"
|
211
|
+
powershell_exec!(cmd).result
|
177
212
|
end
|
178
213
|
end
|
179
214
|
|
180
215
|
# turn on automatic management of all pagefiles by Windows
|
181
216
|
def set_automatic_managed
|
182
|
-
converge_by("
|
183
|
-
logger.trace("Running
|
184
|
-
|
185
|
-
|
217
|
+
converge_by("Set pagefile to Automatic Managed") do
|
218
|
+
logger.trace("Running Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$true} -PassThru")
|
219
|
+
powershell_exec! <<~EOH
|
220
|
+
$sys = Get-CimInstance Win32_ComputerSystem -Property *
|
221
|
+
Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$true} -PassThru
|
222
|
+
EOH
|
186
223
|
end
|
187
224
|
end
|
188
225
|
|
189
226
|
# turn off automatic management of all pagefiles by Windows
|
190
227
|
def unset_automatic_managed
|
191
|
-
converge_by("
|
192
|
-
logger.trace("Running
|
193
|
-
|
194
|
-
|
228
|
+
converge_by("Turn off Automatically Managed on pagefiles") do
|
229
|
+
logger.trace("Running Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$false} -PassThru")
|
230
|
+
powershell_exec! <<~EOH
|
231
|
+
$sys = Get-CimInstance Win32_ComputerSystem -Property *
|
232
|
+
Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$false} -PassThru
|
233
|
+
EOH
|
195
234
|
end
|
196
235
|
end
|
197
236
|
|
@@ -202,9 +241,14 @@ class Chef
|
|
202
241
|
# @param [String] max the minimum size of the pagefile
|
203
242
|
def set_custom_size(pagefile, min, max)
|
204
243
|
converge_by("set #{pagefile} to InitialSize=#{min} & MaximumSize=#{max}") do
|
205
|
-
logger.trace("
|
206
|
-
|
207
|
-
|
244
|
+
logger.trace("Set-CimInstance -Property @{InitialSize = #{min} MaximumSize = #{max}")
|
245
|
+
powershell_exec! <<~EOD
|
246
|
+
$page_file = "#{pagefile}"
|
247
|
+
$driveLetter = $page_file.split(':')[0]
|
248
|
+
Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop | Set-CimInstance -Property @{
|
249
|
+
InitialSize = #{min}
|
250
|
+
MaximumSize = #{max}}
|
251
|
+
EOD
|
208
252
|
end
|
209
253
|
end
|
210
254
|
|
@@ -213,21 +257,16 @@ class Chef
|
|
213
257
|
# @param [String] pagefile path to the pagefile
|
214
258
|
def set_system_managed(pagefile)
|
215
259
|
converge_by("set #{pagefile} to System Managed") do
|
216
|
-
logger.trace("Running
|
217
|
-
|
218
|
-
|
260
|
+
logger.trace("Running ")
|
261
|
+
powershell_exec! <<~EOM
|
262
|
+
$page_file = "#{pagefile}"
|
263
|
+
$driveLetter = $page_file.split(':')[0]
|
264
|
+
Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop | Set-CimInstance -Property @{
|
265
|
+
InitialSize = 0
|
266
|
+
MaximumSize = 0}
|
267
|
+
EOM
|
219
268
|
end
|
220
269
|
end
|
221
|
-
|
222
|
-
def get_setting_id(pagefile)
|
223
|
-
split_path = pagefile.split("\\")
|
224
|
-
"#{split_path[1]} @ #{split_path[0]}"
|
225
|
-
end
|
226
|
-
|
227
|
-
# raise if there's an error on stderr on a shellout
|
228
|
-
def check_for_errors(stderr)
|
229
|
-
raise stderr.chomp unless stderr.empty?
|
230
|
-
end
|
231
270
|
end
|
232
271
|
end
|
233
272
|
end
|