chef 17.10.0 → 17.10.114

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ac04518e7a36c9f65ca1a131832704645b078bf0290708683d6dd5cfeb8975c
-  data.tar.gz: 339602296915ea1c25bd3581db776b7478f109a1a6b0e6b1b887113357ebf0c9
+  metadata.gz: b9a67538138af0d5f0ffb36bab93c72df9698f2d6e01da4eebb2a1892b445329
+  data.tar.gz: 10055191565a3bbfa6eab934cd2a3a55094a5e7f5736c382de854b6d67478124
 SHA512:
-  metadata.gz: 1abbcfb133838d1b902a033589f24529331dea60e4da3c6678c1e1e666c29601175671ca837e23ea7e0a02ed327a1b7a8be0ee9bf73a62cf9a994634bf909ff0
-  data.tar.gz: 4bae17edf6da41be96f21055a3d9d456b57c75e04f4faeb9155af8ee23d5d43a6f3c6952c06131473a3818e461c941ddeb482f92cf46c7e18553bbef1f4ebc9f
+  metadata.gz: 7685875558fbdbdac49f1e4f10c5c5522b0bbe2ae08568493f677d3ce0286299b847f3ae64a6b79e4cfdcae5b1548966314ac09ad68e44289b831137db72740c
+  data.tar.gz: 3859034bb19e28b6dee0eb1814213c7027057b567aba33eb728b77b4a1611853bbfb5bf312828f54049236b462d35f5d10a5ba175ad7cda4c54045639a85b6a8

data/Gemfile

@@ -15,19 +15,20 @@ else
   gem "chef-bin" # rubocop:disable Bundler/DuplicatedGem
 end
 
-gem "cheffish", "~> 17.0"
+gem "cheffish", "~> 17.0.0"
+
+gem "ast", "~> 2.4.2"
+gem "rubocop-ast", ">= 1.30.0"
 
 group(:omnibus_package) do
   gem "appbundler"
   gem "rb-readline"
-  gem "inspec-core-bin", "~> 4.24" # need to provide the binaries for inspec
+  gem "inspec-core-bin", "~> 5.22.36" # need to provide the binaries for inspec
   gem "chef-vault"
 end
 
 group(:omnibus_package, :pry) do
-  # Locked because pry-byebug is broken with 13+.
-  # some work is ongoing? https://github.com/deivid-rodriguez/pry-byebug/issues/343
-  gem "pry", "= 0.13.0"
+  gem "pry", ">= 0.14.1"
   # byebug does not install on freebsd on ruby 3.0
   gem "pry-byebug" unless RUBY_PLATFORM.match?(/freebsd/i)
   gem "pry-stack_explorer"

data/Rakefile

@@ -70,7 +70,7 @@ Bundler::GemHelper.install_tasks name: gemspec
 task :install do
   chef_bin_path = ::File.join(::File.dirname(__FILE__), "chef-bin")
   Dir.chdir(chef_bin_path) do
-    sh("rake install:force")
+    system "rake install:force"
   end
 end
 
@@ -80,7 +80,7 @@ namespace :install do
   task :local do
     chef_bin_path = ::File.join(::File.dirname(__FILE__), "chef-bin")
     Dir.chdir(chef_bin_path) do
-      sh("rake install:local")
+      system "rake install:local"
     end
   end
 end

data/chef-universal-mingw32.gemspec

@@ -11,10 +11,10 @@ gemspec.add_dependency "win32-mmap", "~> 0.4.1"
 gemspec.add_dependency "win32-mutex", "~> 0.4.2"
 gemspec.add_dependency "win32-process", "~> 0.9"
 gemspec.add_dependency "win32-service", ">= 2.1.5", "< 3.0"
-gemspec.add_dependency "wmi-lite", "~> 1.0"
 gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
+gemspec.add_dependency "win32-certstore", "~> 0.6.15"
+gemspec.add_dependency "wmi-lite", "~> 1.0"
 gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
-gemspec.add_dependency "win32-certstore", "~> 0.6.2"
 gemspec.add_dependency "chef-powershell", "~> 1.0.12" # 0.5+ required for specifying user vs. system store
 gemspec.extensions << "ext/win32-eventlog/Rakefile"
 gemspec.files += Dir.glob("{distro,ext}/**/*")

data/chef.gemspec

@@ -22,11 +22,11 @@ Gem::Specification.new do |s|
   s.email = "adam@chef.io"
   s.homepage = "https://www.chef.io"
 
-  s.required_ruby_version = ">= 2.6.0"
+  s.required_ruby_version = ">= 2.7.0"
 
   s.add_dependency "chef-config", "= #{Chef::VERSION}"
   s.add_dependency "chef-utils", "= #{Chef::VERSION}"
-  s.add_dependency "train-core", "~> 3.2", ">= 3.2.28" # 3.2.28 fixes sudo prompts. See https://github.com/chef/chef/pull/9635
+  s.add_dependency "train-core", "~> 3.10" # 3.2.28 fixes sudo prompts. See https://github.com/chef/chef/pull/9635
   s.add_dependency "train-winrm", ">= 0.2.5"
 
   s.add_dependency "license-acceptance", ">= 1.0.5", "< 3"
@@ -36,11 +36,11 @@ Gem::Specification.new do |s|
   s.add_dependency "mixlib-shellout", ">= 3.1.1", "< 4.0"
   s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
   s.add_dependency "ohai", "~> 17.0"
-  s.add_dependency "inspec-core", "~> 4.23"
+  s.add_dependency "inspec-core", "~> 5.22.36"
 
-  s.add_dependency "ffi", ">= 1.5.0"
-  s.add_dependency "ffi-yajl", "~> 2.2"
-  s.add_dependency "net-sftp", ">= 2.1.2", "< 4.0" # remote_file resource
+  s.add_dependency "ffi", "~> 1.15.5"
+  s.add_dependency "ffi-yajl", ">= 2.2", "< 4.0"
+  s.add_dependency "net-sftp", ">= 2.1.2", "< 5.0" # remote_file resource
   s.add_dependency "erubis", "~> 2.7" # template resource / cookbook syntax check
   s.add_dependency "diff-lcs", ">= 1.2.4", "!= 1.4.0", "< 1.6.0" # 1.4 breaks output. Used in lib/chef/util/diff
   s.add_dependency "ffi-libarchive", "~> 1.0", ">= 1.0.3" # archive_file resource

data/lib/chef/client.rb

@@ -326,12 +326,28 @@ class Chef
     def warn_if_eol
       require_relative "version"
 
+      # New Date format is YYYY-MM-DD or false
+      new_date = eol_override
+
       # We make a release every year so take the version you're on + 2006 and you get
-      # the year it goes EOL
-      eol_year = 2006 + Gem::Version.new(Chef::VERSION).segments.first
+      # the year it goes EOL. 1/8/2024 - EOL for Chef-17 is now November 1, 2024
+      # eol_year = 2006 + Gem::Version.new(Chef::VERSION).segments.first
+      eol_year = "2024"
+      cut_off_date = !!new_date ? Time.parse(new_date) : Time.new(eol_year, 11, 30)
+
+      return if Time.now < cut_off_date
 
-      if Time.now > Time.new(eol_year, 5, 01)
-        logger.warn("This release of #{ChefUtils::Dist::Infra::PRODUCT} became end of life (EOL) on May 1st #{eol_year}. Please update to a supported release to receive new features, bug fixes, and security updates.")
+      logger.warn("This release of #{ChefUtils::Dist::Infra::PRODUCT} became end of life (EOL) on #{cut_off_date.strftime("%b %d, %Y")}. Please update to a supported release to receive new features, bug fixes, and security updates.")
+    end
+
+    def eol_override
+      # If you want to override the existing EOL date, add a file in the root of Chef
+      # put a date in it in the form of YYYY-DD-MM.
+      override_file = "EOL_override"
+      if File.exist?(override_file)
+        File.read(File.expand_path(override_file)).strip
+      else
+        false
       end
     end
 

data/lib/chef/compliance/input_collection.rb

@@ -40,7 +40,7 @@ class Chef
       def from_file(filename, cookbook_name)
         new_input = Input.from_file(events, filename, cookbook_name)
         self << new_input
-        events.compliance_input_loaded(new_input)
+        events&.compliance_input_loaded(new_input)
       end
 
       # Add a input from a raw hash.  This input will be enabled by default.

data/lib/chef/compliance/profile_collection.rb

@@ -41,7 +41,7 @@ class Chef
       def from_file(path, cookbook_name)
         new_profile = Profile.from_file(events, path, cookbook_name)
         self << new_profile
-        events.compliance_profile_loaded(new_profile)
+        events&.compliance_profile_loaded(new_profile)
       end
 
       # @return [Boolean] if any of the profiles are enabled

data/lib/chef/compliance/waiver_collection.rb

@@ -40,7 +40,7 @@ class Chef
       def from_file(filename, cookbook_name)
         new_waiver = Waiver.from_file(events, filename, cookbook_name)
         self << new_waiver
-        events.compliance_waiver_loaded(new_waiver)
+        events&.compliance_waiver_loaded(new_waiver)
       end
 
       # Add a waiver from a raw hash.  This waiver will be enabled by default.

data/lib/chef/dsl/secret.rb

@@ -21,6 +21,118 @@ class Chef
   module DSL
     module Secret
 
+      #
+      # This allows you to set the default secret service that is used when
+      # fetching secrets.
+      #
+      # @example
+      #
+      #   default_secret_service :hashi_vault
+      #   val1 = secret(name: "test1", config: { region: "us-west-1" })
+      #
+      # @example
+      #
+      #   default_secret_service #=> nil
+      #   default_secret_service :hashi_vault
+      #   default_secret_service #=> :hashi_vault
+      #
+      # @param [Symbol] service default secret service to use when fetching secrets
+      # @return [Symbol, nil] default secret service to use when fetching secrets
+      #
+      def default_secret_service(service = nil)
+        return run_context.default_secret_service if service.nil?
+        raise Chef::Exceptions::Secret::InvalidFetcherService.new("Unsupported secret service: #{service.inspect}", Chef::SecretFetcher::SECRET_FETCHERS) unless Chef::SecretFetcher::SECRET_FETCHERS.include?(service)
+
+        run_context.default_secret_service = service
+      end
+
+      #
+      # This allows you to set the secret service for the scope of the block
+      # passed into this method.
+      #
+      # @example
+      #
+      #   with_secret_service :hashi_vault do
+      #     val1 = secret(name: "test1", config: { region: "us-west-1" })
+      #     val2 = secret(name: "test2", config: { region: "us-west-1" })
+      #   end
+      #
+      # @example Combine with #with_secret_config
+      #
+      #   with_secret_service :hashi_vault do
+      #     with_secret_config region: "us-west-1" do
+      #       val1 = secret(name: "test1")
+      #       val2 = secret(name: "test2")
+      #     end
+      #   end
+      #
+      # @param [Symbol] service The default secret service to use when fetching secrets
+      #
+      def with_secret_service(service)
+        raise ArgumentError, "You must pass a block to #with_secret_service" unless block_given?
+
+        begin
+          old_service = default_secret_service
+          # Use "public" API for input validation
+          default_secret_service(service)
+          yield
+        ensure
+          # Use "private" API so we can set back to nil
+          run_context.default_secret_service = old_service
+        end
+      end
+
+      #
+      # This allows you to set the default secret config that is used when
+      # fetching secrets.
+      #
+      # @example
+      #
+      #   default_secret_config region: "us-west-1"
+      #   val1 = secret(name: "test1", service: :hashi_vault)
+      #
+      # @example
+      #
+      #   default_secret_config #=> {}
+      #   default_secret_service region: "us-west-1"
+      #   default_secret_service #=> { region: "us-west-1" }
+      #
+      # @param [Hash<Symbol,Object>] config The default configuration options to apply when fetching secrets
+      # @return [Hash<Symbol,Object>]
+      #
+      def default_secret_config(**config)
+        return run_context.default_secret_config if config.empty?
+
+        run_context.default_secret_config = config
+      end
+
+      #
+      # This allows you to set the secret config for the scope of the block
+      # passed into this method.
+      #
+      # @example
+      #
+      #   with_secret_config region: "us-west-1" do
+      #     val1 = secret(name: "test1", service: :hashi_vault)
+      #     val2 = secret(name: "test2", service: :hashi_vault)
+      #   end
+      #
+      # @param [Hash<Symbol,Object>] config The default configuration options to use when fetching secrets
+      #
+      def with_secret_config(**config)
+        raise ArgumentError, "You must pass a block to #with_secret_config" unless block_given?
+
+        begin
+          old_config = default_secret_config
+          # Use "public" API for input validation
+          default_secret_config(**config)
+          yield
+        ensure
+          # Use "private" API so we can set back to nil
+          run_context.default_secret_config = old_config
+        end
+      end
+
       # Helper method which looks up a secret using the given service and configuration,
       # and returns the retrieved secret value.
       # This DSL providers a wrapper around [Chef::SecretFetcher]
@@ -49,11 +161,7 @@ class Chef
       #
       #   value = secret(name: "test1", service: :aws_secrets_manager, version: "v1", config: { region: "us-west-1" })
       #   log "My secret is #{value}"
-      def secret(name: nil, version: nil, service: nil, config: {})
-        Chef::Log.warn <<~EOM.gsub("\n", " ")
-          The secrets Chef Infra language helper is currently in beta. If you have feedback or you would
-          like to be part of the future design of this helper e-mail us at secrets_management_beta@progress.com"
-        EOM
+      def secret(name: nil, version: nil, service: default_secret_service, config: default_secret_config)
         sensitive(true) if is_a?(Chef::Resource)
         Chef::SecretFetcher.for_service(service, config, run_context).fetch(name, version)
       end

data/lib/chef/mixin/checksum.rb

@@ -31,6 +31,12 @@ class Chef
 
         checksum.slice(0, 6)
       end
+
+      def checksum_match?(ref_checksum, diff_checksum)
+        return false if ref_checksum.nil? || diff_checksum.nil?
+
+        ref_checksum.casecmp?(diff_checksum)
+      end
     end
   end
 end

data/lib/chef/mixin/homebrew_user.rb

@@ -57,18 +57,28 @@ class Chef
         @homebrew_owner_username
       end
 
+      def homebrew_bin_path(brew_bin_path = nil)
+        if brew_bin_path && ::File.exist?(brew_bin_path)
+          brew_bin_path
+        else
+          [which("brew"), "/opt/homebrew/bin/brew", "/usr/local/bin/brew", "/home/linuxbrew/.linuxbrew/bin/brew"].uniq.select do |x|
+            next if x == false
+
+            ::File.exist?(x) && ::File.executable?(x)
+          end.first || nil
+        end
+      end
+
       private
 
       def calculate_owner
-        default_brew_path = "/usr/local/bin/brew"
-        if ::File.exist?(default_brew_path)
+        brew_path = homebrew_bin_path
+        if brew_path
           # By default, this follows symlinks which is what we want
-          owner = ::File.stat(default_brew_path).uid
-        elsif (brew_path = shell_out("which brew").stdout.strip) && !brew_path.empty?
           owner = ::File.stat(brew_path).uid
         else
           raise Chef::Exceptions::CannotDetermineHomebrewOwner,
-            'Could not find the "brew" executable in /usr/local/bin or anywhere on the path.'
+            'Could not find the "brew" executable anywhere on the path.'
         end
 
         Chef::Log.debug "Found Homebrew owner #{Etc.getpwuid(owner).name}; executing `brew` commands as them"

data/lib/chef/mixin/properties.rb

@@ -274,6 +274,12 @@ class Chef
           result
         end
 
+        # This method returns list of sensitive properties
+        # @return [Array<Property>] All sensitive properties.
+        def sensitive_properties
+          properties.values.empty? ? [] : properties.values.select(&:sensitive?)
+        end
+
         # Returns the name of the name property.  Returns nil if there is no name property.
         #
         # @return [Symbol] the name property for this resource

data/lib/chef/node/attribute.rb

@@ -452,17 +452,34 @@ class Chef
       # method-style access to attributes (has to come after the prepended ImmutablizeHash)
 
       def read(*path)
-        merged_attributes.read(*path)
+        if path[0].nil?
+          Chef::Log.warn "Calling node.read() without any path argument is very slow, probably a bug, and should be avoided"
+          merged_attributes.read(*path) # re-merges everything, slow edge case
+        else
+          self[path[0]] unless path[0].nil? # force deep_merge_cache key construction if necessary
+          deep_merge_cache.read(*path)
+        end
       end
 
       alias :dig :read
 
       def read!(*path)
-        merged_attributes.read!(*path)
+        if path[0].nil?
+          Chef::Log.warn "Calling node.read!() without any path argument is very slow, probably a bug, and should be avoided"
+          merged_attributes.read!(*path) # re-merges everything, slow edge case
+        else
+          self[path[0]] unless path[0].nil? # force deep_merge_cache key construction if necessary
+          deep_merge_cache.read!(*path)
+        end
       end
 
       def exist?(*path)
-        merged_attributes.exist?(*path)
+        if path[0].nil?
+          true
+        else
+          self[path[0]] unless path[0].nil? # force deep_merge_cache key construction if necessary
+          deep_merge_cache.exist?(*path)
+        end
       end
 
       def write(level, *args, &block)

data/lib/chef/node/mixin/deep_merge_cache.rb

@@ -30,7 +30,7 @@ class Chef
           @merged_attributes = nil
           @combined_override = nil
           @combined_default = nil
-          @deep_merge_cache = {}
+          @deep_merge_cache = Chef::Node::ImmutableMash.new
         end
 
         # Invalidate a key in the deep_merge_cache.  If called with nil, or no arg, this will invalidate
@@ -39,9 +39,9 @@ class Chef
         # must invalidate the entire cache and re-deep-merge the entire node object.
         def reset_cache(path = nil)
           if path.nil?
-            deep_merge_cache.clear
+            deep_merge_cache.regular_clear
           else
-            deep_merge_cache.delete(path.to_s)
+            deep_merge_cache.regular_delete(path.to_s)
           end
         end
 
@@ -53,7 +53,7 @@ class Chef
                   deep_merge_cache[key.to_s]
                 else
                   # save all the work of computing node[key]
-                  deep_merge_cache[key.to_s] = merged_attributes(key)
+                  deep_merge_cache.internal_set(key.to_s, merged_attributes(key))
                 end
           ret = ret.call while ret.is_a?(::Chef::DelayedEvaluator)
           ret

data/lib/chef/provider/file.rb

@@ -336,7 +336,7 @@ class Chef
       end
 
       def do_validate_content
-        if new_resource.checksum && tempfile && ( new_resource.checksum != tempfile_checksum )
+        if new_resource.checksum && tempfile && !checksum_match?(new_resource.checksum, tempfile_checksum)
           raise Chef::Exceptions::ChecksumMismatch.new(short_cksum(new_resource.checksum), short_cksum(tempfile_checksum))
         end
 
@@ -450,7 +450,7 @@ class Chef
 
       def contents_changed?
         logger.trace "calculating checksum of #{tempfile.path} to compare with #{current_resource.checksum}"
-        tempfile_checksum != current_resource.checksum
+        !checksum_match?(tempfile_checksum, current_resource.checksum)
       end
 
       def tempfile

data/lib/chef/provider/package/chocolatey.rb

@@ -130,6 +130,21 @@ class Chef
         # install from, but like the rubygem provider's sources which are more like repos.
         def check_resource_semantics!; end
 
+        def self.get_choco_version
+          @get_choco_version ||= powershell_exec!("choco --version").result
+        end
+
+        # Choco V2 uses 'Search' for remote repositories and 'List' for local packages
+        def self.query_command
+          return "list" if get_choco_version.match?(/^1/)
+
+          "search"
+        end
+
+        def query_command
+          self.class.query_command
+        end
+
         private
 
         def version_compare(v1, v2)
@@ -225,7 +240,7 @@ class Chef
           package_name_array.each do |pkg|
             available_versions =
               begin
-                cmd = [ "list", "-r", pkg ]
+                cmd = [ query_command, "-r", pkg ]
                 cmd += common_options
                 cmd.push( new_resource.list_options ) if new_resource.list_options
 
@@ -242,6 +257,8 @@ class Chef
         # Installed packages in chocolatey as a Hash of names mapped to versions
         # (names are downcased for case-insensitive matching)
         #
+        # Beginning with Choco 2.0, "list" returns local packages only while "search" returns packages from external package sources
+        #
         # @return [Hash] name-to-version mapping of installed packages
         def installed_packages
           @installed_packages ||= Hash[*parse_list_output("list", "-l", "-r").flatten]

data/lib/chef/provider/package/powershell.rb

@@ -56,7 +56,7 @@ class Chef
           names.each_with_index do |name, index|
             cmd = powershell_exec(build_powershell_package_command("Install-Package '#{name}'", versions[index]), timeout: new_resource.timeout)
             next if cmd.nil?
-            raise Chef::Exceptions::PowershellCmdletException, "Failed to install package due to catalog signing error, use skip_publisher_check to force install" if /SkipPublisherCheck/.match?(cmd.error)
+            raise Chef::Exceptions::PowershellCmdletException, "Failed to install package due to catalog signing error, use skip_publisher_check to force install" if /SkipPublisherCheck/.match?(cmd.error!)
           end
         end
 

data/lib/chef/provider/package/windows.rb

@@ -38,7 +38,7 @@ class Chef
         def define_resource_requirements
           if new_resource.checksum
             requirements.assert(:install) do |a|
-              a.assertion { new_resource.checksum == checksum(source_location) }
+              a.assertion { checksum_match?(new_resource.checksum, checksum(source_location)) }
               a.failure_message Chef::Exceptions::Package, "Checksum on resource (#{short_cksum(new_resource.checksum)}) does not match checksum on content (#{short_cksum(source_location)})"
             end
           end

data/lib/chef/provider/package/zypper.rb

@@ -93,6 +93,11 @@ class Chef
           end
           current_version ||= latest_version if is_installed
           current_version
+        rescue Mixlib::ShellOut::ShellCommandFailed => e
+          # zypper returns a '104' code if info is called for a non-existent package
+          return nil if e.message =~ /'104'/
+
+          raise
         end
 
         def resolve_available_version(package_name, new_version)

data/lib/chef/provider/service/windows.rb

@@ -74,6 +74,7 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service
       current_resource.run_as_user(config_info.service_start_name)    if config_info.service_start_name
       current_resource.display_name(config_info.display_name)         if config_info.display_name
       current_resource.delayed_start(current_delayed_start)           if current_delayed_start
+      current_resource.description(config_info.description)           if new_resource.description
     end
 
     current_resource

data/lib/chef/provider/user.rb

@@ -117,7 +117,11 @@ class Chef
           new_val = new_resource.send(user_attrib)
           cur_val = current_resource.send(user_attrib)
           if !new_val.nil? && new_val.to_s != cur_val.to_s
-            @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
+            if user_attrib.to_s == "password" && new_resource.sensitive
+              @change_desc << "change #{user_attrib} from ******** to ********"
+            else
+              @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
+            end
           end
         end
 

data/lib/chef/resource/chef_client_config.rb

@@ -209,6 +209,10 @@ class Chef
         description: %q(An array of hashes that contain a report handler class and the arguments to pass to that class on initialization. The hash should include `class` and `argument` keys where `class` is a String and `argument` is an array of quoted String values. For example: `[{'class' => 'MyHandler', %w('"argument1"', '"argument2"')}]`),
         default: []
 
+      property :rubygems_url, [String, Array],
+        description: "The location to source rubygems. It can be set to a string or array of strings for URIs to set as rubygems sources. This allows individuals to setup an internal mirror of rubygems for “airgapped” environments.",
+        introduced: "17.11"
+
       property :exception_handlers, Array,
         description: %q(An array of hashes that contain a exception handler class and the arguments to pass to that class on initialization. The hash should include `class` and `argument` keys where `class` is a String and `argument` is an array of quoted String values. For example: `[{'class' => 'MyHandler', %w('"argument1"', '"argument2"')}]`),
         default: []
@@ -297,6 +301,7 @@ class Chef
             policy_group: new_resource.policy_group,
             policy_name: new_resource.policy_name,
             report_handlers: format_handler(new_resource.report_handlers),
+            rubygems_url: new_resource.rubygems_url,
             ssl_verify_mode: new_resource.ssl_verify_mode,
             start_handlers: format_handler(new_resource.start_handlers),
             additional_config: new_resource.additional_config,

data/lib/chef/resource/chef_client_systemd_timer.rb

@@ -177,7 +177,7 @@ class Chef
           }
 
           unit["Service"]["ConditionACPower"] = "true" unless new_resource.run_on_battery
-          unit["Service"]["CPUQuota"] = new_resource.cpu_quota if new_resource.cpu_quota
+          unit["Service"]["CPUQuota"] = "#{new_resource.cpu_quota}%" if new_resource.cpu_quota
           unit["Service"]["Environment"] = new_resource.environment.collect { |k, v| "\"#{k}=#{v}\"" } unless new_resource.environment.empty?
           unit
         end

data/lib/chef/resource/homebrew_cask.rb

@@ -46,25 +46,24 @@ class Chef
         default: true
 
       property :homebrew_path, String,
-        description: "The path to the homebrew binary.",
-        default: "/usr/local/bin/brew"
+        description: "The path to the homebrew binary."
 
       property :owner, [String, Integer],
         description: "The owner of the Homebrew installation.",
         default: lazy { find_homebrew_username },
-        default_description: "Calculated default username"\
+        default_description: "Calculated default username"
 
       action :install, description: "Install an application that is packaged as a Homebrew cask." do
         if new_resource.install_cask
           homebrew_tap "homebrew/cask" do
-            homebrew_path new_resource.homebrew_path
+            homebrew_path homebrew_bin_path(new_resource.homebrew_path)
             owner new_resource.owner
           end
         end
 
         unless casked?
           converge_by("install cask #{new_resource.cask_name} #{new_resource.options}") do
-            shell_out!("#{new_resource.homebrew_path} install --cask #{new_resource.cask_name} #{new_resource.options}",
+            shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} install --cask #{new_resource.cask_name} #{new_resource.options}",
               user: new_resource.owner,
               env:  { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
               cwd: ::Dir.home(new_resource.owner))
@@ -75,14 +74,14 @@ class Chef
       action :remove, description: "Remove an application that is packaged as a Homebrew cask." do
         if new_resource.install_cask
           homebrew_tap "homebrew/cask" do
-            homebrew_path new_resource.homebrew_path
+            homebrew_path homebrew_bin_path(new_resource.homebrew_path)
             owner new_resource.owner
           end
         end
 
         if casked?
           converge_by("uninstall cask #{new_resource.cask_name}") do
-            shell_out!("#{new_resource.homebrew_path} uninstall --cask #{new_resource.cask_name}",
+            shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} uninstall --cask #{new_resource.cask_name}",
               user: new_resource.owner,
               env:  { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
               cwd: ::Dir.home(new_resource.owner))
@@ -100,7 +99,7 @@ class Chef
         # @return [Boolean]
         def casked?
           unscoped_name = new_resource.cask_name.split("/").last
-          shell_out!("#{new_resource.homebrew_path} list --cask 2>/dev/null",
+          shell_out!("#{homebrew_bin_path(new_resource.homebrew_path)} list --cask 2>/dev/null",
             user: new_resource.owner,
             env:  { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
             cwd: ::Dir.home(new_resource.owner)).stdout.split.include?(unscoped_name)

data/lib/chef/resource/homebrew_package.rb

@@ -62,7 +62,7 @@ class Chef
       DOC
 
       property :homebrew_user, [ String, Integer ],
-        description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command.\n\n#{ChefUtils::Dist::Infra::PRODUCT}, by default, will attempt to execute a Homebrew command as the owner of the `/usr/local/bin/brew` executable. If that executable does not exist, #{ChefUtils::Dist::Infra::PRODUCT} will attempt to find the user by executing `which brew`. If that executable cannot be found, #{ChefUtils::Dist::Infra::PRODUCT} will print an error message: `Could not find the 'brew' executable in /usr/local/bin or anywhere on the path.`.\n\nSet this property to specify the Homebrew owner for situations where Chef Infra Client cannot automatically detect the correct owner.'"
+        description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command.\n\n#{ChefUtils::Dist::Infra::PRODUCT}, by default, will attempt to execute a Homebrew command as the owner of the `/usr/local/bin/brew` executable on x86_64 machines or `/opt/homebrew/bin/brew` executable on arm64 machines. If that executable does not exist, #{ChefUtils::Dist::Infra::PRODUCT} will attempt to find the user by executing `which brew`. If that executable cannot be found, #{ChefUtils::Dist::Infra::PRODUCT} will print an error message: `Could not find the 'brew' executable in /usr/local/bin, /opt/homebrew/bin, or anywhere on the path.`.\n\nSet this property to specify the Homebrew owner for situations where Chef Infra Client cannot automatically detect the correct owner.'"
 
     end
   end