chef 17.1.35-universal-mingw32 → 17.4.38-universal-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (198) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +6 -4
  3. data/chef.gemspec +1 -0
  4. data/lib/chef/action_collection.rb +6 -26
  5. data/lib/chef/application/base.rb +15 -0
  6. data/lib/chef/application.rb +4 -2
  7. data/lib/chef/client.rb +7 -1
  8. data/lib/chef/compliance/default_attributes.rb +5 -3
  9. data/lib/chef/compliance/reporter/automate.rb +1 -1
  10. data/lib/chef/compliance/runner.rb +16 -2
  11. data/lib/chef/cookbook_version.rb +26 -4
  12. data/lib/chef/data_collector/run_end_message.rb +1 -1
  13. data/lib/chef/data_collector.rb +0 -1
  14. data/lib/chef/deprecated.rb +14 -4
  15. data/lib/chef/dsl/render_helpers.rb +44 -0
  16. data/lib/chef/dsl/secret.rb +64 -0
  17. data/lib/chef/dsl/toml.rb +116 -0
  18. data/lib/chef/dsl/universal.rb +5 -0
  19. data/lib/chef/dsl.rb +1 -0
  20. data/lib/chef/event_dispatch/base.rb +2 -1
  21. data/lib/chef/exceptions.rb +23 -0
  22. data/lib/chef/formatters/doc.rb +14 -13
  23. data/lib/chef/formatters/error_mapper.rb +2 -2
  24. data/lib/chef/formatters/minimal.rb +6 -5
  25. data/lib/chef/handler/slow_report.rb +66 -0
  26. data/lib/chef/handler.rb +46 -8
  27. data/lib/chef/http.rb +5 -5
  28. data/lib/chef/json_compat.rb +1 -1
  29. data/lib/chef/node.rb +20 -19
  30. data/lib/chef/policy_builder/policyfile.rb +88 -45
  31. data/lib/chef/provider/execute.rb +1 -1
  32. data/lib/chef/provider/file.rb +2 -2
  33. data/lib/chef/provider/group/dscl.rb +1 -1
  34. data/lib/chef/provider/launchd.rb +6 -6
  35. data/lib/chef/provider/lwrp_base.rb +1 -1
  36. data/lib/chef/provider/package/habitat.rb +168 -0
  37. data/lib/chef/provider/package/powershell.rb +5 -0
  38. data/lib/chef/provider/subversion.rb +4 -4
  39. data/lib/chef/provider/support/yum_repo.erb +1 -1
  40. data/lib/chef/provider/support/zypper_repo.erb +4 -2
  41. data/lib/chef/provider/systemd_unit.rb +17 -16
  42. data/lib/chef/provider/user/mac.rb +3 -3
  43. data/lib/chef/provider/yum_repository.rb +27 -43
  44. data/lib/chef/provider/zypper_repository.rb +30 -34
  45. data/lib/chef/provider.rb +26 -1
  46. data/lib/chef/provider_resolver.rb +8 -2
  47. data/lib/chef/providers.rb +1 -0
  48. data/lib/chef/resource/alternatives.rb +5 -5
  49. data/lib/chef/resource/apt_preference.rb +2 -2
  50. data/lib/chef/resource/apt_repository.rb +2 -2
  51. data/lib/chef/resource/apt_update.rb +4 -4
  52. data/lib/chef/resource/build_essential.rb +1 -1
  53. data/lib/chef/resource/chef_client_config.rb +10 -5
  54. data/lib/chef/resource/chef_client_cron.rb +3 -3
  55. data/lib/chef/resource/chef_client_launchd.rb +3 -3
  56. data/lib/chef/resource/chef_client_scheduled_task.rb +15 -15
  57. data/lib/chef/resource/chef_client_systemd_timer.rb +3 -3
  58. data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
  59. data/lib/chef/resource/chef_handler.rb +2 -2
  60. data/lib/chef/resource/chef_sleep.rb +1 -1
  61. data/lib/chef/resource/chef_vault_secret.rb +2 -2
  62. data/lib/chef/resource/chocolatey_feature.rb +2 -2
  63. data/lib/chef/resource/chocolatey_source.rb +1 -1
  64. data/lib/chef/resource/cron/cron_d.rb +4 -6
  65. data/lib/chef/resource/cron_access.rb +1 -1
  66. data/lib/chef/resource/dmg_package.rb +1 -1
  67. data/lib/chef/resource/dsc_resource.rb +1 -1
  68. data/lib/chef/resource/execute.rb +5 -5
  69. data/lib/chef/resource/gem_package.rb +2 -1
  70. data/lib/chef/resource/group.rb +4 -4
  71. data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
  72. data/lib/chef/resource/habitat/habitat_package.rb +129 -0
  73. data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
  74. data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
  75. data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
  76. data/lib/chef/resource/habitat_config.rb +107 -0
  77. data/lib/chef/resource/habitat_install.rb +247 -0
  78. data/lib/chef/resource/habitat_service.rb +451 -0
  79. data/lib/chef/resource/habitat_user_toml.rb +92 -0
  80. data/lib/chef/resource/homebrew_cask.rb +18 -7
  81. data/lib/chef/resource/homebrew_package.rb +1 -1
  82. data/lib/chef/resource/homebrew_tap.rb +4 -3
  83. data/lib/chef/resource/homebrew_update.rb +2 -2
  84. data/lib/chef/resource/hostname.rb +49 -7
  85. data/lib/chef/resource/inspec_waiver_file_entry.rb +8 -7
  86. data/lib/chef/resource/kernel_module.rb +6 -6
  87. data/lib/chef/resource/launchd.rb +3 -3
  88. data/lib/chef/resource/locale.rb +1 -1
  89. data/lib/chef/resource/lwrp_base.rb +1 -1
  90. data/lib/chef/resource/macos_userdefaults.rb +2 -2
  91. data/lib/chef/resource/ohai_hint.rb +2 -6
  92. data/lib/chef/resource/openbsd_package.rb +17 -0
  93. data/lib/chef/resource/openssl_dhparam.rb +1 -2
  94. data/lib/chef/resource/openssl_ec_private_key.rb +1 -3
  95. data/lib/chef/resource/openssl_ec_public_key.rb +1 -3
  96. data/lib/chef/resource/openssl_rsa_private_key.rb +1 -3
  97. data/lib/chef/resource/openssl_rsa_public_key.rb +1 -3
  98. data/lib/chef/resource/openssl_x509_certificate.rb +1 -4
  99. data/lib/chef/resource/openssl_x509_crl.rb +1 -3
  100. data/lib/chef/resource/openssl_x509_request.rb +1 -3
  101. data/lib/chef/resource/osx_profile.rb +3 -3
  102. data/lib/chef/resource/plist.rb +1 -1
  103. data/lib/chef/resource/powershell_package_source.rb +2 -4
  104. data/lib/chef/resource/reboot.rb +38 -9
  105. data/lib/chef/resource/remote_directory.rb +2 -2
  106. data/lib/chef/resource/remote_file.rb +1 -1
  107. data/lib/chef/resource/rhsm_errata.rb +0 -2
  108. data/lib/chef/resource/rhsm_errata_level.rb +1 -5
  109. data/lib/chef/resource/rhsm_repo.rb +15 -0
  110. data/lib/chef/resource/rhsm_subscription.rb +5 -5
  111. data/lib/chef/resource/ruby_block.rb +100 -0
  112. data/lib/chef/resource/scm/subversion.rb +1 -1
  113. data/lib/chef/resource/ssh_known_hosts_entry.rb +4 -7
  114. data/lib/chef/resource/sudo.rb +2 -6
  115. data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
  116. data/lib/chef/resource/support/client.erb +8 -1
  117. data/lib/chef/resource/support/sup.toml.erb +179 -0
  118. data/lib/chef/resource/swap_file.rb +2 -6
  119. data/lib/chef/resource/sysctl.rb +2 -2
  120. data/lib/chef/resource/systemd_unit.rb +3 -3
  121. data/lib/chef/resource/timezone.rb +1 -1
  122. data/lib/chef/resource/user_ulimit.rb +2 -2
  123. data/lib/chef/resource/windows_ad_join.rb +2 -2
  124. data/lib/chef/resource/windows_audit_policy.rb +2 -2
  125. data/lib/chef/resource/windows_auto_run.rb +2 -2
  126. data/lib/chef/resource/windows_certificate.rb +1 -1
  127. data/lib/chef/resource/windows_defender.rb +163 -0
  128. data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
  129. data/lib/chef/resource/windows_dfs_folder.rb +2 -2
  130. data/lib/chef/resource/windows_dfs_namespace.rb +2 -2
  131. data/lib/chef/resource/windows_dns_record.rb +2 -2
  132. data/lib/chef/resource/windows_dns_zone.rb +2 -2
  133. data/lib/chef/resource/windows_feature.rb +3 -3
  134. data/lib/chef/resource/windows_feature_dism.rb +3 -5
  135. data/lib/chef/resource/windows_feature_powershell.rb +3 -3
  136. data/lib/chef/resource/windows_firewall_profile.rb +2 -2
  137. data/lib/chef/resource/windows_firewall_rule.rb +20 -6
  138. data/lib/chef/resource/windows_font.rb +1 -1
  139. data/lib/chef/resource/windows_pagefile.rb +103 -64
  140. data/lib/chef/resource/windows_path.rb +2 -2
  141. data/lib/chef/resource/windows_printer.rb +80 -61
  142. data/lib/chef/resource/windows_printer_port.rb +48 -65
  143. data/lib/chef/resource/windows_security_policy.rb +2 -2
  144. data/lib/chef/resource/windows_share.rb +2 -2
  145. data/lib/chef/resource/windows_shortcut.rb +1 -1
  146. data/lib/chef/resource/windows_task.rb +1 -1
  147. data/lib/chef/resource/windows_uac.rb +3 -5
  148. data/lib/chef/resource/windows_update_settings.rb +259 -0
  149. data/lib/chef/resource/windows_user_privilege.rb +2 -2
  150. data/lib/chef/resource/windows_workgroup.rb +2 -2
  151. data/lib/chef/resource/yum_package.rb +11 -15
  152. data/lib/chef/resource/zypper_package.rb +4 -4
  153. data/lib/chef/resource/zypper_repository.rb +28 -8
  154. data/lib/chef/resource.rb +13 -17
  155. data/lib/chef/resource_inspector.rb +6 -2
  156. data/lib/chef/resource_reporter.rb +0 -1
  157. data/lib/chef/resources.rb +12 -1
  158. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +65 -0
  159. data/lib/chef/secret_fetcher/azure_key_vault.rb +78 -0
  160. data/lib/chef/secret_fetcher/base.rb +76 -0
  161. data/lib/chef/secret_fetcher/example.rb +46 -0
  162. data/lib/chef/secret_fetcher.rb +55 -0
  163. data/lib/chef/version.rb +1 -1
  164. data/spec/functional/mixin/from_file_spec.rb +1 -1
  165. data/spec/functional/resource/windows_hostname_spec.rb +91 -0
  166. data/spec/functional/resource/windows_pagefile_spec.rb +98 -0
  167. data/spec/integration/compliance/compliance_spec.rb +1 -0
  168. data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
  169. data/spec/integration/recipes/resource_action_spec.rb +6 -6
  170. data/spec/support/shared/unit/provider/file.rb +2 -8
  171. data/spec/unit/compliance/runner_spec.rb +46 -2
  172. data/spec/unit/cookbook_version_spec.rb +52 -0
  173. data/spec/unit/data_collector_spec.rb +47 -1
  174. data/spec/unit/dsl/render_helpers_spec.rb +102 -0
  175. data/spec/unit/dsl/secret_spec.rb +71 -0
  176. data/spec/unit/formatters/doc_spec.rb +1 -1
  177. data/spec/unit/handler_spec.rb +8 -2
  178. data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
  179. data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
  180. data/spec/unit/provider/apt_update_spec.rb +3 -1
  181. data/spec/unit/provider/mount/aix_spec.rb +1 -1
  182. data/spec/unit/provider/package/powershell_spec.rb +74 -12
  183. data/spec/unit/provider/zypper_repository_spec.rb +3 -10
  184. data/spec/unit/provider_spec.rb +23 -0
  185. data/spec/unit/resource/homebrew_cask_spec.rb +29 -11
  186. data/spec/unit/resource/rhsm_subscription_spec.rb +50 -3
  187. data/spec/unit/resource/systemd_unit_spec.rb +1 -1
  188. data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
  189. data/spec/unit/resource/windows_defender_spec.rb +71 -0
  190. data/spec/unit/resource/windows_firewall_rule_spec.rb +12 -7
  191. data/spec/unit/resource/windows_pagefile_spec.rb +4 -9
  192. data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
  193. data/spec/unit/resource/zypper_repository_spec.rb +1 -1
  194. data/spec/unit/resource_spec.rb +19 -8
  195. data/spec/unit/secret_fetcher/aws_secrets_manager_spec.rb +70 -0
  196. data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +70 -0
  197. data/spec/unit/secret_fetcher_spec.rb +82 -0
  198. metadata +55 -7
@@ -0,0 +1,125 @@
1
+ #
2
+ # Copyright:: Chef Software, Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+ #
16
+
17
+ require_relative "../resource"
18
+
19
+ class Chef
20
+ class Resource
21
+ class WindowsDefenderExclusion < Chef::Resource
22
+
23
+ provides :windows_defender_exclusion
24
+
25
+ description "Use the **windows_defender_exclusion** resource to exclude paths, processes, or file types from Windows Defender realtime protection scanning."
26
+ introduced "17.3"
27
+ examples <<~DOC
28
+ **Add excluded items to Windows Defender scans**:
29
+
30
+ ```ruby
31
+ windows_defender_exclusion 'Add to things to be excluded from scanning' do
32
+ paths 'c:\\foo\\bar, d:\\bar\\baz'
33
+ extensions 'png, foo, ppt, doc'
34
+ process_paths 'c:\\windows\\system32'
35
+ action :add
36
+ end
37
+ ```
38
+
39
+ **Remove excluded items from Windows Defender scans**:
40
+
41
+ ```ruby
42
+ windows_defender_exclusion 'Remove things from the list to be excluded' do
43
+ process_paths 'c:\\windows\\system32'
44
+ action :remove
45
+ end
46
+ ```
47
+ DOC
48
+ unified_mode true
49
+
50
+ property :paths, [String, Array], default: [],
51
+ coerce: proc { |x| to_consistent_path_array(x) },
52
+ description: "File or directory paths to exclude from scanning."
53
+
54
+ property :extensions, [String, Array], default: [],
55
+ coerce: proc { |x| to_consistent_path_array(x) },
56
+ description: "File extensions to exclude from scanning."
57
+
58
+ property :process_paths, [String, Array], default: [],
59
+ coerce: proc { |x| to_consistent_path_array(x) },
60
+ description: "Paths to executables to exclude from scanning."
61
+
62
+ def to_consistent_path_array(x)
63
+ fixed = x.dup || []
64
+ fixed = fixed.split(/\s*,\s*/) if fixed.is_a?(String)
65
+ fixed.map!(&:downcase)
66
+ fixed.map! { |v| v.gsub(%r{/}, "\\") }
67
+ fixed
68
+ end
69
+
70
+ load_current_value do |new_resource|
71
+ Chef::Log.debug("Running 'Get-MpPreference | Select-Object ExclusionExtension,ExclusionPath,ExclusionProcess' to get Windows Defender State")
72
+
73
+ values = powershell_exec!("Get-MPpreference | Select-Object ExclusionExtension,ExclusionPath,ExclusionProcess").result
74
+
75
+ values.transform_values! { |x| Array(x) }
76
+
77
+ paths new_resource.paths & values["ExclusionPath"]
78
+ extensions new_resource.extensions & values["ExclusionExtension"]
79
+ process_paths new_resource.process_paths & values["ExclusionProcess"]
80
+ end
81
+
82
+ action :add, description: "Add an exclusion to Windows Defender." do
83
+ converge_if_changed do
84
+ powershell_exec!(add_cmd)
85
+ end
86
+ end
87
+
88
+ action :remove, description: "Remove an exclusion to Windows Defender." do
89
+ converge_if_changed do
90
+ powershell_exec!(remove_cmd)
91
+ end
92
+ end
93
+
94
+ action_class do
95
+ MAPPING = {
96
+ paths: "ExclusionPath",
97
+ extensions: "ExclusionExtension",
98
+ process_paths: "ExclusionProcess",
99
+ }.freeze
100
+
101
+ def add_cmd
102
+ cmd = "Add-MpPreference -Force"
103
+
104
+ MAPPING.each do |prop, flag|
105
+ to_add = new_resource.send(prop) - current_resource.send(prop)
106
+ cmd << " -#{flag} #{to_add.join(",")}" unless to_add.empty?
107
+ end
108
+
109
+ cmd
110
+ end
111
+
112
+ def remove_cmd
113
+ cmd = "Remove-MpPreference -Force"
114
+
115
+ MAPPING.each do |prop, flag|
116
+ to_add = new_resource.send(prop) & current_resource.send(prop)
117
+ cmd << " -#{flag} #{to_add.join(",")}" unless to_add.empty?
118
+ end
119
+
120
+ cmd
121
+ end
122
+ end
123
+ end
124
+ end
125
+ end
@@ -42,7 +42,7 @@ class Chef
42
42
  property :description, String,
43
43
  description: "Description for the share."
44
44
 
45
- action :create, description: "Creates the folder in dfs namespace" do
45
+ action :create, description: "Creates the folder in dfs namespace." do
46
46
  raise "target_path is required for install" unless property_is_set?(:target_path)
47
47
  raise "description is required for install" unless property_is_set?(:description)
48
48
 
@@ -60,7 +60,7 @@ class Chef
60
60
  end
61
61
  end
62
62
 
63
- action :delete, description: "Deletes the folder in the dfs namespace" do
63
+ action :delete, description: "Deletes the folder in the dfs namespace." do
64
64
  powershell_script "Delete DFS Namespace" do
65
65
  code <<-EOH
66
66
  Remove-DfsnFolder -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}\\#{new_resource.folder_path}' -Force
@@ -52,7 +52,7 @@ class Chef
52
52
  description: "The root from which to create the DFS tree. Defaults to C:\\DFSRoots.",
53
53
  default: 'C:\\DFSRoots'
54
54
 
55
- action :create, description: "Creates the dfs namespace on the server" do
55
+ action :create, description: "Creates the dfs namespace on the server." do
56
56
  directory file_path do
57
57
  action :create
58
58
  recursive true
@@ -82,7 +82,7 @@ class Chef
82
82
  end
83
83
  end
84
84
 
85
- action :delete, description: "Deletes a DFS Namespace including the directory on disk" do
85
+ action :delete, description: "Deletes a DFS Namespace including the directory on disk." do
86
86
  powershell_script "Delete DFS Namespace" do
87
87
  code <<-EOH
88
88
  Remove-DfsnRoot -Path '\\\\#{ENV["COMPUTERNAME"]}\\#{new_resource.namespace_name}' -Force
@@ -49,7 +49,7 @@ class Chef
49
49
  default: "localhost",
50
50
  introduced: "16.3"
51
51
 
52
- action :create, description: "Creates and updates the DNS entry" do
52
+ action :create, description: "Creates and updates the DNS entry." do
53
53
  windows_feature "RSAT-DNS-Server" do
54
54
  not_if new_resource.dns_server.casecmp?("localhost")
55
55
  end
@@ -59,7 +59,7 @@ class Chef
59
59
  run_dsc_resource "Present"
60
60
  end
61
61
 
62
- action :delete, description: "Deletes a DNS entry" do
62
+ action :delete, description: "Deletes a DNS entry." do
63
63
  windows_feature "RSAT-DNS-Server" do
64
64
  not_if new_resource.dns_server.casecmp?("localhost")
65
65
  end
@@ -40,13 +40,13 @@ class Chef
40
40
  description: "The type of DNS server, Domain or Standalone.",
41
41
  default: "Domain", equal_to: %w{Domain Standalone}
42
42
 
43
- action :create, description: "Creates and updates a DNS Zone" do
43
+ action :create, description: "Creates and updates a DNS Zone." do
44
44
  powershell_package "xDnsServer"
45
45
 
46
46
  run_dsc_resource "Present"
47
47
  end
48
48
 
49
- action :delete, description: "Deletes a DNS Zone" do
49
+ action :delete, description: "Deletes a DNS Zone." do
50
50
  powershell_package "xDnsServer"
51
51
 
52
52
  run_dsc_resource "Absent"
@@ -108,15 +108,15 @@ class Chef
108
108
  default: 600,
109
109
  desired_state: false
110
110
 
111
- action :install, description: "Install a Windows role / feature" do
111
+ action :install, description: "Install a Windows role or feature." do
112
112
  run_default_subresource :install
113
113
  end
114
114
 
115
- action :remove, description: "Remove a Windows role / feature" do
115
+ action :remove, description: "Remove a Windows role or feature." do
116
116
  run_default_subresource :remove
117
117
  end
118
118
 
119
- action :delete, description: "Remove a Windows role/feature from the image" do
119
+ action :delete, description: "Remove a Windows role or feature from the image." do
120
120
  run_default_subresource :delete
121
121
  end
122
122
 
@@ -65,9 +65,7 @@ class Chef
65
65
  x.map(&:downcase)
66
66
  end
67
67
 
68
- action :install do
69
- description "Install a Windows role/feature using DISM"
70
-
68
+ action :install, description: "Install a Windows role/feature using DISM." do
71
69
  reload_cached_dism_data unless node["dism_features_cache"]
72
70
  fail_if_unavailable # fail if the features don't exist
73
71
 
@@ -91,7 +89,7 @@ class Chef
91
89
  end
92
90
  end
93
91
 
94
- action :remove, description: "Remove a Windows role / feature using DISM" do
92
+ action :remove, description: "Remove a Windows role or feature using DISM." do
95
93
  reload_cached_dism_data unless node["dism_features_cache"]
96
94
 
97
95
  logger.trace("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
@@ -106,7 +104,7 @@ class Chef
106
104
  end
107
105
  end
108
106
 
109
- action :delete, description: "Remove a Windows role / feature from the image using DISM" do
107
+ action :delete, description: "Remove a Windows role or feature from the image using DISM." do
110
108
  reload_cached_dism_data unless node["dism_features_cache"]
111
109
 
112
110
  fail_if_unavailable # fail if the features don't exist
@@ -87,7 +87,7 @@ class Chef
87
87
  x.map(&:downcase)
88
88
  end
89
89
 
90
- action :install, description: "Install a Windows role / feature using PowerShell" do
90
+ action :install, description: "Install a Windows role or feature using PowerShell." do
91
91
  reload_cached_powershell_data unless node["powershell_features_cache"]
92
92
  fail_if_unavailable # fail if the features don't exist
93
93
  fail_if_removed # fail if the features are in removed state
@@ -108,7 +108,7 @@ class Chef
108
108
  end
109
109
  end
110
110
 
111
- action :remove, description: "Remove a Windows role / feature using PowerShell" do
111
+ action :remove, description: "Remove a Windows role or feature using PowerShell." do
112
112
  reload_cached_powershell_data unless node["powershell_features_cache"]
113
113
 
114
114
  Chef::Log.debug("Windows features needing removal: #{features_to_remove.empty? ? "none" : features_to_remove.join(",")}")
@@ -123,7 +123,7 @@ class Chef
123
123
  end
124
124
  end
125
125
 
126
- action :delete, description: "Delete a Windows role / feature from the image using PowerShell" do
126
+ action :delete, description: "Delete a Windows role or feature from the image using PowerShell." do
127
127
  reload_cached_powershell_data unless node["powershell_features_cache"]
128
128
 
129
129
  fail_if_unavailable # fail if the features don't exist
@@ -121,7 +121,7 @@ class Chef
121
121
  end
122
122
  end
123
123
 
124
- action :enable, description: "Enable and optionally configure a Windows Firewall profile" do
124
+ action :enable, description: "Enable and optionally configure a Windows Firewall profile." do
125
125
  converge_if_changed :default_inbound_action, :default_outbound_action, :allow_inbound_rules, :allow_local_firewall_rules,
126
126
  :allow_local_ipsec_rules, :allow_user_apps, :allow_user_ports, :allow_unicast_response, :display_notification do
127
127
  fw_cmd = firewall_command(new_resource.profile)
@@ -135,7 +135,7 @@ class Chef
135
135
  end
136
136
  end
137
137
 
138
- action :disable, description: "Disable a Windows Firewall profile" do
138
+ action :disable, description: "Disable a Windows Firewall profile." do
139
139
  if firewall_enabled?(new_resource.profile)
140
140
  converge_by "Disable the #{new_resource.profile} Firewall Profile" do
141
141
  cmd = "Set-NetFirewallProfile -Profile #{new_resource.profile} -Enabled \"False\""
@@ -39,6 +39,19 @@ class Chef
39
39
  end
40
40
  ```
41
41
 
42
+ **Configuring multiple remote-address ports on a rule**:
43
+
44
+ ```ruby
45
+ windows_firewall_rule 'MyRule' do
46
+ description 'Testing out remote address arrays'
47
+ enabled false
48
+ local_port 1434
49
+ remote_address %w(10.17.3.101 172.7.7.53)
50
+ protocol 'TCP'
51
+ action :create
52
+ end
53
+ ```
54
+
42
55
  **Allow protocol ICMPv6 with ICMP Type**:
43
56
 
44
57
  ```ruby
@@ -97,8 +110,9 @@ class Chef
97
110
  coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) },
98
111
  description: "The local port the firewall rule applies to."
99
112
 
100
- property :remote_address, String,
101
- description: "The remote address the firewall rule applies to."
113
+ property :remote_address, [String, Array],
114
+ coerce: proc { |d| d.is_a?(String) ? d.split(/\s*,\s*/).sort : Array(d).sort.map(&:to_s) },
115
+ description: "The remote address(es) the firewall rule applies to."
102
116
 
103
117
  property :remote_port, [String, Integer, Array],
104
118
  # split various formats of comma separated lists and provide a sorted array of strings to match PS output
@@ -172,7 +186,7 @@ class Chef
172
186
  group state["group"]
173
187
  local_address state["local_address"]
174
188
  local_port Array(state["local_port"]).sort
175
- remote_address state["remote_address"]
189
+ remote_address Array(state["remote_address"]).sort
176
190
  remote_port Array(state["remote_port"]).sort
177
191
  direction state["direction"]
178
192
  protocol state["protocol"]
@@ -185,7 +199,7 @@ class Chef
185
199
  enabled state["enabled"]
186
200
  end
187
201
 
188
- action :create, description: "Create a Windows firewall entry" do
202
+ action :create, description: "Create a Windows firewall entry." do
189
203
  if current_resource
190
204
  converge_if_changed :rule_name, :description, :displayname, :local_address, :local_port, :remote_address,
191
205
  :remote_port, :direction, :protocol, :icmp_type, :firewall_action, :profile, :program, :service,
@@ -206,7 +220,7 @@ class Chef
206
220
  end
207
221
  end
208
222
 
209
- action :delete, description: "Delete an existing Windows firewall entry" do
223
+ action :delete, description: "Delete an existing Windows firewall entry." do
210
224
  if current_resource
211
225
  converge_by("delete firewall rule #{new_resource.rule_name}") do
212
226
  powershell_exec!("Remove-NetFirewallRule -Name '#{new_resource.rule_name}'")
@@ -227,7 +241,7 @@ class Chef
227
241
  cmd << " -Description '#{new_resource.description}'" if new_resource.description
228
242
  cmd << " -LocalAddress '#{new_resource.local_address}'" if new_resource.local_address
229
243
  cmd << " -LocalPort '#{new_resource.local_port.join("', '")}'" if new_resource.local_port
230
- cmd << " -RemoteAddress '#{new_resource.remote_address}'" if new_resource.remote_address
244
+ cmd << " -RemoteAddress '#{new_resource.remote_address.join("', '")}'" if new_resource.remote_address
231
245
  cmd << " -RemotePort '#{new_resource.remote_port.join("', '")}'" if new_resource.remote_port
232
246
  cmd << " -Direction '#{new_resource.direction}'" if new_resource.direction
233
247
  cmd << " -Protocol '#{new_resource.protocol}'" if new_resource.protocol
@@ -45,7 +45,7 @@ class Chef
45
45
  description: "A local filesystem path or URI that is used to source the font file.",
46
46
  coerce: proc { |x| /^.:.*/.match?(x) ? x.tr("\\", "/").gsub("//", "/") : x }
47
47
 
48
- action :install, description: "Install a font to the system fonts directory" do
48
+ action :install, description: "Install a font to the system fonts directory." do
49
49
  if font_exists?
50
50
  logger.debug("Not installing font: #{new_resource.font_name} as font already installed.")
51
51
  else
@@ -39,16 +39,26 @@ class Chef
39
39
 
40
40
  ```ruby
41
41
  windows_pagefile 'Delete the pagefile' do
42
- path 'C:\pagefile.sys'
42
+ path 'C'
43
43
  action :delete
44
44
  end
45
45
  ```
46
46
 
47
+ **Switch to system managed pagefiles**:
48
+
49
+ ```ruby
50
+ windows_pagefile 'Change the pagefile to System Managed' do
51
+ path 'E:\'
52
+ system_managed true
53
+ action :set
54
+ end
55
+ ```
56
+
47
57
  **Create a pagefile with an initial and maximum size**:
48
58
 
49
59
  ```ruby
50
- windows_pagefile 'create the pagefile' do
51
- path 'C:\pagefile.sys'
60
+ windows_pagefile 'create the pagefile with these sizes' do
61
+ path 'f:\'
52
62
  initial_size 100
53
63
  maximum_size 200
54
64
  end
@@ -64,8 +74,7 @@ class Chef
64
74
  description: "Configures whether the system manages the pagefile size."
65
75
 
66
76
  property :automatic_managed, [TrueClass, FalseClass],
67
- description: "Enable automatic management of pagefile initial and maximum size. Setting this to true ignores `initial_size` and `maximum_size` properties.",
68
- default: false
77
+ description: "Enable automatic management of pagefile initial and maximum size. Setting this to true ignores `initial_size` and `maximum_size` properties."
69
78
 
70
79
  property :initial_size, Integer,
71
80
  description: "Initial size of the pagefile in megabytes."
@@ -73,23 +82,26 @@ class Chef
73
82
  property :maximum_size, Integer,
74
83
  description: "Maximum size of the pagefile in megabytes."
75
84
 
76
- action :set, description: "Configures the default pagefile, creating if it doesn't exist" do
77
- pagefile = new_resource.path
78
- initial_size = new_resource.initial_size
79
- maximum_size = new_resource.maximum_size
80
- system_managed = new_resource.system_managed
85
+ action :set, description: "Configures the default pagefile, creating if it doesn't exist." do
81
86
  automatic_managed = new_resource.automatic_managed
82
87
 
83
88
  if automatic_managed
84
89
  set_automatic_managed unless automatic_managed?
85
- else
90
+ elsif automatic_managed == false
86
91
  unset_automatic_managed if automatic_managed?
92
+ else
93
+ pagefile = clarify_pagefile_name
94
+ initial_size = new_resource.initial_size
95
+ maximum_size = new_resource.maximum_size
96
+ system_managed = new_resource.system_managed
87
97
 
88
- # Check that the resource is not just trying to unset automatic managed, if it is do nothing more
89
- if (initial_size && maximum_size) || system_managed
90
- validate_name
91
- create(pagefile) unless exists?(pagefile)
98
+ # the method below is designed to raise an exception if the drive you are trying to create a pagefile for doesn't exist.
99
+ # PowerShell will happily let you create a pagefile called h:\pagefile.sys even though you don't have an H:\ drive.
100
+
101
+ pagefile_drive_exist?(pagefile)
102
+ create(pagefile) unless exists?(pagefile)
92
103
 
104
+ if (initial_size && maximum_size) || system_managed
93
105
  if system_managed
94
106
  set_system_managed(pagefile) unless max_and_min_set?(pagefile, 0, 0)
95
107
  else
@@ -101,21 +113,33 @@ class Chef
101
113
  end
102
114
  end
103
115
 
104
- action :delete, description: "Deletes the specified pagefile" do
105
- validate_name
106
- delete(new_resource.path) if exists?(new_resource.path)
116
+ action :delete, description: "Deletes the specified pagefile." do
117
+ pagefile = clarify_pagefile_name
118
+ delete(pagefile) if exists?(pagefile)
107
119
  end
108
120
 
109
121
  action_class do
110
122
  private
111
123
 
112
- # make sure the provided name property matches the appropriate format
113
- # we do this here and not in the property itself because if automatic_managed
114
- # is set then this validation is not necessary / doesn't make sense at all
115
- def validate_name
116
- return if /^.:.*.sys/.match?(new_resource.path)
124
+ # We are adding support for a number of possibilities for how users will express the drive and location they want the pagefile written to.
125
+ def clarify_pagefile_name
126
+ case new_resource.path
127
+ # user enters C, C:, C:\, C:\\
128
+ when /^[a-zA-Z]/
129
+ new_resource.path[0] + ":\\pagefile.sys"
130
+ # user enters C:\pagefile.sys OR c:\foo\bar\pagefile.sys as the path
131
+ when /^[a-zA-Z]:.*.sys/
132
+ new_resource.path
133
+ else
134
+ raise "#{new_resource.path} does not match the format DRIVE:\\path\\pagefile.sys for pagefiles. Example: C:\\pagefile.sys"
135
+ end
136
+ end
117
137
 
118
- raise "#{new_resource.path} does not match the format DRIVE:\\path\\file.sys for pagefiles. Example: C:\\pagefile.sys"
138
+ # raise an exception if the target drive location is invalid
139
+ def pagefile_drive_exist?(pagefile)
140
+ if ::Dir.exist?(pagefile[0] + ":\\") == false
141
+ raise "You are trying to create a pagefile on a drive that does not exist!"
142
+ end
119
143
  end
120
144
 
121
145
  # See if the pagefile exists
@@ -124,9 +148,11 @@ class Chef
124
148
  # @return [Boolean]
125
149
  def exists?(pagefile)
126
150
  @exists ||= begin
127
- logger.trace("Checking if #{pagefile} exists by running: wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list")
128
- cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list", returns: [0])
129
- cmd.stderr.empty? && (cmd.stdout =~ /SettingID=#{get_setting_id(pagefile)}/i)
151
+ logger.trace("Checking if #{pagefile} exists by running: Get-CimInstance Win32_PagefileSetting | Where-Object { $_.name -eq $($pagefile)} ")
152
+ cmd = "$page_file_name = '#{pagefile}';"
153
+ cmd << "$pagefile = Get-CimInstance Win32_PagefileSetting | Where-Object { $_.name -eq $($page_file_name)};"
154
+ cmd << "if ([string]::IsNullOrEmpty($pagefile)) { return $false } else { return $true }"
155
+ powershell_exec!(cmd).result
130
156
  end
131
157
  end
132
158
 
@@ -137,11 +163,14 @@ class Chef
137
163
  # @param [String] max the minimum size of the pagefile
138
164
  # @return [Boolean]
139
165
  def max_and_min_set?(pagefile, min, max)
140
- @max_and_min_set ||= begin
141
- logger.trace("Checking if #{pagefile} min: #{min} and max #{max} are set")
142
- cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list", returns: [0])
143
- cmd.stderr.empty? && (cmd.stdout =~ /InitialSize=#{min}/i) && (cmd.stdout =~ /MaximumSize=#{max}/i)
144
- end
166
+ logger.trace("Checking if #{pagefile} has max and initial disk size values set")
167
+ cmd = "$page_file = '#{pagefile}';"
168
+ cmd << "$driveLetter = $page_file.split(':')[0];"
169
+ cmd << "$page_file_settings = Get-CimInstance -ClassName Win32_PageFileSetting -Filter \"SettingID='pagefile.sys @ $($driveLetter):'\" -Property * -ErrorAction Stop;"
170
+ cmd << "if ($page_file_settings.InitialSize -eq #{min} -and $page_file_settings.MaximumSize -eq #{max})"
171
+ cmd << "{ return $true }"
172
+ cmd << "else { return $false }"
173
+ powershell_exec!(cmd).result
145
174
  end
146
175
 
147
176
  # create a pagefile
@@ -149,9 +178,10 @@ class Chef
149
178
  # @param [String] pagefile path to the pagefile
150
179
  def create(pagefile)
151
180
  converge_by("create pagefile #{pagefile}") do
152
- logger.trace("Running wmic.exe pagefileset create name=\"#{pagefile}\"")
153
- cmd = shell_out("wmic.exe pagefileset create name=\"#{pagefile}\"")
154
- check_for_errors(cmd.stderr)
181
+ logger.trace("Running New-CimInstance -ClassName Win32_PageFileSetting to create new pagefile : #{pagefile}")
182
+ powershell_exec! <<~ELM
183
+ New-CimInstance -ClassName Win32_PageFileSetting -Property @{Name = "#{pagefile}"}
184
+ ELM
155
185
  end
156
186
  end
157
187
 
@@ -160,9 +190,13 @@ class Chef
160
190
  # @param [String] pagefile path to the pagefile
161
191
  def delete(pagefile)
162
192
  converge_by("remove pagefile #{pagefile}") do
163
- logger.trace("Running wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" delete")
164
- cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" delete")
165
- check_for_errors(cmd.stderr)
193
+ logger.trace("Running Remove-CimInstance for pagefile : #{pagefile}")
194
+ powershell_exec! <<~EOL
195
+ $page_file = "#{pagefile}"
196
+ $driveLetter = $page_file.split(':')[0]
197
+ $PageFile = (Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop)
198
+ $null = ($PageFile | Remove-CimInstance -ErrorAction SilentlyContinue)
199
+ EOL
166
200
  end
167
201
  end
168
202
 
@@ -172,26 +206,31 @@ class Chef
172
206
  def automatic_managed?
173
207
  @automatic_managed ||= begin
174
208
  logger.trace("Checking if pagefiles are automatically managed")
175
- cmd = shell_out("wmic.exe computersystem where name=\"%computername%\" get AutomaticManagedPagefile /format:list")
176
- cmd.stderr.empty? && (cmd.stdout =~ /AutomaticManagedPagefile=TRUE/i)
209
+ cmd = "$sys = Get-CimInstance Win32_ComputerSystem -Property *;"
210
+ cmd << "return $sys.AutomaticManagedPagefile"
211
+ powershell_exec!(cmd).result
177
212
  end
178
213
  end
179
214
 
180
215
  # turn on automatic management of all pagefiles by Windows
181
216
  def set_automatic_managed
182
- converge_by("set pagefile to Automatic Managed") do
183
- logger.trace("Running wmic.exe computersystem where name=\"%computername%\" set AutomaticManagedPagefile=True")
184
- cmd = shell_out("wmic.exe computersystem where name=\"%computername%\" set AutomaticManagedPagefile=True")
185
- check_for_errors(cmd.stderr)
217
+ converge_by("Set pagefile to Automatic Managed") do
218
+ logger.trace("Running Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$true} -PassThru")
219
+ powershell_exec! <<~EOH
220
+ $sys = Get-CimInstance Win32_ComputerSystem -Property *
221
+ Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$true} -PassThru
222
+ EOH
186
223
  end
187
224
  end
188
225
 
189
226
  # turn off automatic management of all pagefiles by Windows
190
227
  def unset_automatic_managed
191
- converge_by("set pagefile to User Managed") do
192
- logger.trace("Running wmic.exe computersystem where name=\"%computername%\" set AutomaticManagedPagefile=False")
193
- cmd = shell_out("wmic.exe computersystem where name=\"%computername%\" set AutomaticManagedPagefile=False")
194
- check_for_errors(cmd.stderr)
228
+ converge_by("Turn off Automatically Managed on pagefiles") do
229
+ logger.trace("Running Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$false} -PassThru")
230
+ powershell_exec! <<~EOH
231
+ $sys = Get-CimInstance Win32_ComputerSystem -Property *
232
+ Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$false} -PassThru
233
+ EOH
195
234
  end
196
235
  end
197
236
 
@@ -202,9 +241,14 @@ class Chef
202
241
  # @param [String] max the minimum size of the pagefile
203
242
  def set_custom_size(pagefile, min, max)
204
243
  converge_by("set #{pagefile} to InitialSize=#{min} & MaximumSize=#{max}") do
205
- logger.trace("Running wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=#{min},MaximumSize=#{max}")
206
- cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=#{min},MaximumSize=#{max}", returns: [0])
207
- check_for_errors(cmd.stderr)
244
+ logger.trace("Set-CimInstance -Property @{InitialSize = #{min} MaximumSize = #{max}")
245
+ powershell_exec! <<~EOD
246
+ $page_file = "#{pagefile}"
247
+ $driveLetter = $page_file.split(':')[0]
248
+ Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop | Set-CimInstance -Property @{
249
+ InitialSize = #{min}
250
+ MaximumSize = #{max}}
251
+ EOD
208
252
  end
209
253
  end
210
254
 
@@ -213,21 +257,16 @@ class Chef
213
257
  # @param [String] pagefile path to the pagefile
214
258
  def set_system_managed(pagefile)
215
259
  converge_by("set #{pagefile} to System Managed") do
216
- logger.trace("Running wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=0,MaximumSize=0")
217
- cmd = shell_out("wmic.exe pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=0,MaximumSize=0", returns: [0])
218
- check_for_errors(cmd.stderr)
260
+ logger.trace("Running ")
261
+ powershell_exec! <<~EOM
262
+ $page_file = "#{pagefile}"
263
+ $driveLetter = $page_file.split(':')[0]
264
+ Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop | Set-CimInstance -Property @{
265
+ InitialSize = 0
266
+ MaximumSize = 0}
267
+ EOM
219
268
  end
220
269
  end
221
-
222
- def get_setting_id(pagefile)
223
- split_path = pagefile.split("\\")
224
- "#{split_path[1]} @ #{split_path[0]}"
225
- end
226
-
227
- # raise if there's an error on stderr on a shellout
228
- def check_for_errors(stderr)
229
- raise stderr.chomp unless stderr.empty?
230
- end
231
270
  end
232
271
  end
233
272
  end