chef 17.10.163 → 18.0.169
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +19 -20
- data/README.md +7 -7
- data/Rakefile +3 -22
- data/{chef-universal-mingw32.gemspec → chef-universal-mingw-ucrt.gemspec} +8 -7
- data/chef.gemspec +17 -15
- data/lib/chef/api_client_v1.rb +9 -1
- data/lib/chef/application/exit_code.rb +3 -3
- data/lib/chef/client.rb +182 -0
- data/lib/chef/compliance/input.rb +1 -1
- data/lib/chef/compliance/profile.rb +1 -1
- data/lib/chef/compliance/profile_collection.rb +0 -1
- data/lib/chef/compliance/waiver.rb +1 -1
- data/lib/chef/cookbook/syntax_check.rb +2 -2
- data/lib/chef/dsl/reader_helpers.rb +1 -1
- data/lib/chef/dsl/rest_resource.rb +77 -0
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +8 -0
- data/lib/chef/http/authenticator.rb +170 -3
- data/lib/chef/http/ssl_policies.rb +4 -4
- data/lib/chef/mixin/checksum.rb +0 -6
- data/lib/chef/mixin/homebrew_user.rb +5 -15
- data/lib/chef/mixin/openssl_helper.rb +13 -17
- data/lib/chef/mixin/powershell_exec.rb +5 -28
- data/lib/chef/node/mixin/immutablize_array.rb +1 -0
- data/lib/chef/property.rb +5 -3
- data/lib/chef/provider/cron.rb +1 -5
- data/lib/chef/provider/file.rb +2 -2
- data/lib/chef/provider/group/windows.rb +1 -1
- data/lib/chef/provider/http_request.rb +11 -9
- data/lib/chef/provider/mount/linux.rb +5 -0
- data/lib/chef/provider/mount/mount.rb +8 -0
- data/lib/chef/provider/mount/windows.rb +1 -1
- data/lib/chef/provider/package/chocolatey.rb +1 -14
- data/lib/chef/provider/package/rubygems.rb +1 -1
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
- data/lib/chef/provider/package/windows.rb +1 -1
- data/lib/chef/provider/package/yum/yum_helper.py +14 -2
- data/lib/chef/provider/package/zypper/version.rb +60 -0
- data/lib/chef/provider/package/zypper.rb +47 -8
- data/lib/chef/provider/service/windows.rb +1 -1
- data/lib/chef/provider/user/aix.rb +5 -0
- data/lib/chef/provider/user/linux.rb +29 -0
- data/lib/chef/provider/user/mac.rb +1 -1
- data/lib/chef/provider/user.rb +46 -14
- data/lib/chef/provider.rb +1 -1
- data/lib/chef/recipe.rb +1 -1
- data/lib/chef/resource/_rest_resource.rb +389 -0
- data/lib/chef/resource/alternatives.rb +0 -1
- data/lib/chef/resource/apt_package.rb +0 -1
- data/lib/chef/resource/apt_preference.rb +0 -1
- data/lib/chef/resource/apt_repository.rb +0 -1
- data/lib/chef/resource/apt_update.rb +0 -1
- data/lib/chef/resource/archive_file.rb +0 -1
- data/lib/chef/resource/bash.rb +0 -1
- data/lib/chef/resource/batch.rb +0 -1
- data/lib/chef/resource/bff_package.rb +0 -1
- data/lib/chef/resource/breakpoint.rb +0 -1
- data/lib/chef/resource/build_essential.rb +0 -1
- data/lib/chef/resource/cab_package.rb +0 -1
- data/lib/chef/resource/chef_client_config.rb +14 -18
- data/lib/chef/resource/chef_client_cron.rb +1 -2
- data/lib/chef/resource/chef_client_launchd.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +3 -3
- data/lib/chef/resource/chef_client_systemd_timer.rb +1 -2
- data/lib/chef/resource/chef_client_trusted_certificate.rb +0 -1
- data/lib/chef/resource/chef_gem.rb +0 -1
- data/lib/chef/resource/chef_handler.rb +0 -1
- data/lib/chef/resource/chef_sleep.rb +1 -3
- data/lib/chef/resource/chef_vault_secret.rb +0 -1
- data/lib/chef/resource/chocolatey_config.rb +0 -1
- data/lib/chef/resource/chocolatey_feature.rb +0 -1
- data/lib/chef/resource/chocolatey_package.rb +0 -1
- data/lib/chef/resource/chocolatey_source.rb +0 -1
- data/lib/chef/resource/cookbook_file.rb +0 -1
- data/lib/chef/resource/cron/_cron_shared.rb +0 -1
- data/lib/chef/resource/cron/cron.rb +0 -1
- data/lib/chef/resource/cron/cron_d.rb +15 -1
- data/lib/chef/resource/cron_access.rb +0 -1
- data/lib/chef/resource/csh.rb +0 -1
- data/lib/chef/resource/directory.rb +0 -1
- data/lib/chef/resource/dmg_package.rb +0 -1
- data/lib/chef/resource/dnf_package.rb +0 -1
- data/lib/chef/resource/dpkg_package.rb +0 -1
- data/lib/chef/resource/dsc_resource.rb +0 -1
- data/lib/chef/resource/dsc_script.rb +0 -1
- data/lib/chef/resource/execute.rb +0 -1
- data/lib/chef/resource/file.rb +0 -1
- data/lib/chef/resource/freebsd_package.rb +0 -1
- data/lib/chef/resource/gem_package.rb +0 -1
- data/lib/chef/resource/group.rb +25 -2
- data/lib/chef/resource/habitat/habitat_package.rb +0 -1
- data/lib/chef/resource/habitat/habitat_sup.rb +6 -7
- data/lib/chef/resource/habitat/habitat_sup_windows.rb +1 -1
- data/lib/chef/resource/habitat_config.rb +0 -1
- data/lib/chef/resource/habitat_install.rb +0 -1
- data/lib/chef/resource/habitat_service.rb +0 -1
- data/lib/chef/resource/habitat_user_toml.rb +0 -1
- data/lib/chef/resource/homebrew_cask.rb +8 -8
- data/lib/chef/resource/homebrew_package.rb +1 -2
- data/lib/chef/resource/homebrew_tap.rb +5 -6
- data/lib/chef/resource/homebrew_update.rb +0 -2
- data/lib/chef/resource/hostname.rb +0 -1
- data/lib/chef/resource/http_request.rb +0 -1
- data/lib/chef/resource/ifconfig.rb +0 -1
- data/lib/chef/resource/inspec_input.rb +0 -1
- data/lib/chef/resource/inspec_waiver.rb +0 -1
- data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -3
- data/lib/chef/resource/ips_package.rb +0 -1
- data/lib/chef/resource/kernel_module.rb +0 -1
- data/lib/chef/resource/ksh.rb +0 -1
- data/lib/chef/resource/launchd.rb +0 -1
- data/lib/chef/resource/link.rb +0 -1
- data/lib/chef/resource/locale.rb +2 -6
- data/lib/chef/resource/log.rb +0 -1
- data/lib/chef/resource/lwrp_base.rb +0 -4
- data/lib/chef/resource/macos_userdefaults.rb +5 -10
- data/lib/chef/resource/macosx_service.rb +0 -1
- data/lib/chef/resource/macports_package.rb +0 -1
- data/lib/chef/resource/mdadm.rb +0 -1
- data/lib/chef/resource/mount.rb +0 -1
- data/lib/chef/resource/msu_package.rb +0 -1
- data/lib/chef/resource/notify_group.rb +0 -2
- data/lib/chef/resource/ohai.rb +0 -1
- data/lib/chef/resource/ohai_hint.rb +0 -1
- data/lib/chef/resource/openbsd_package.rb +0 -1
- data/lib/chef/resource/openssl_dhparam.rb +0 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +0 -2
- data/lib/chef/resource/openssl_ec_public_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_public_key.rb +0 -2
- data/lib/chef/resource/openssl_x509_certificate.rb +0 -2
- data/lib/chef/resource/openssl_x509_crl.rb +0 -2
- data/lib/chef/resource/openssl_x509_request.rb +0 -2
- data/lib/chef/resource/osx_profile.rb +0 -1
- data/lib/chef/resource/package.rb +0 -1
- data/lib/chef/resource/pacman_package.rb +0 -1
- data/lib/chef/resource/paludis_package.rb +0 -1
- data/lib/chef/resource/perl.rb +0 -1
- data/lib/chef/resource/plist.rb +7 -3
- data/lib/chef/resource/portage_package.rb +0 -1
- data/lib/chef/resource/powershell_package.rb +0 -1
- data/lib/chef/resource/powershell_package_source.rb +0 -1
- data/lib/chef/resource/powershell_script.rb +0 -1
- data/lib/chef/resource/python.rb +0 -1
- data/lib/chef/resource/reboot.rb +0 -1
- data/lib/chef/resource/registry_key.rb +0 -1
- data/lib/chef/resource/remote_directory.rb +0 -1
- data/lib/chef/resource/remote_file.rb +0 -1
- data/lib/chef/resource/rhsm_errata.rb +0 -1
- data/lib/chef/resource/rhsm_errata_level.rb +0 -1
- data/lib/chef/resource/rhsm_register.rb +0 -3
- data/lib/chef/resource/rhsm_repo.rb +0 -1
- data/lib/chef/resource/rhsm_subscription.rb +0 -1
- data/lib/chef/resource/route.rb +0 -1
- data/lib/chef/resource/rpm_package.rb +0 -1
- data/lib/chef/resource/ruby.rb +0 -1
- data/lib/chef/resource/ruby_block.rb +0 -1
- data/lib/chef/resource/scm/_scm.rb +0 -2
- data/lib/chef/resource/scm/git.rb +0 -2
- data/lib/chef/resource/scm/subversion.rb +0 -2
- data/lib/chef/resource/script.rb +0 -1
- data/lib/chef/resource/selinux/common_helpers.rb +47 -0
- data/lib/chef/resource/selinux/selinux_debian.erb +18 -0
- data/lib/chef/resource/selinux/selinux_default.erb +15 -0
- data/lib/chef/resource/selinux_boolean.rb +101 -0
- data/lib/chef/resource/selinux_fcontext.rb +160 -0
- data/lib/chef/resource/selinux_install.rb +107 -0
- data/lib/chef/resource/selinux_module.rb +143 -0
- data/lib/chef/resource/selinux_permissive.rb +64 -0
- data/lib/chef/resource/selinux_port.rb +118 -0
- data/lib/chef/resource/selinux_state.rb +166 -0
- data/lib/chef/resource/service.rb +0 -1
- data/lib/chef/resource/smartos_package.rb +0 -1
- data/lib/chef/resource/snap_package.rb +0 -1
- data/lib/chef/resource/solaris_package.rb +0 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +0 -1
- data/lib/chef/resource/sudo.rb +0 -1
- data/lib/chef/resource/support/client.erb +5 -6
- data/lib/chef/resource/swap_file.rb +0 -1
- data/lib/chef/resource/sysctl.rb +1 -2
- data/lib/chef/resource/systemd_unit.rb +0 -1
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +0 -1
- data/lib/chef/resource/user/aix_user.rb +0 -1
- data/lib/chef/resource/user/linux_user.rb +0 -1
- data/lib/chef/resource/user/mac_user.rb +0 -1
- data/lib/chef/resource/user/pw_user.rb +0 -1
- data/lib/chef/resource/user/solaris_user.rb +0 -1
- data/lib/chef/resource/user/windows_user.rb +0 -1
- data/lib/chef/resource/user.rb +10 -1
- data/lib/chef/resource/user_ulimit.rb +0 -1
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +0 -1
- data/lib/chef/resource/windows_ad_join.rb +0 -2
- data/lib/chef/resource/windows_audit_policy.rb +0 -2
- data/lib/chef/resource/windows_auto_run.rb +0 -1
- data/lib/chef/resource/windows_defender.rb +0 -1
- data/lib/chef/resource/windows_defender_exclusion.rb +0 -1
- data/lib/chef/resource/windows_dfs_folder.rb +0 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
- data/lib/chef/resource/windows_dfs_server.rb +0 -1
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +0 -1
- data/lib/chef/resource/windows_feature.rb +0 -1
- data/lib/chef/resource/windows_feature_dism.rb +0 -1
- data/lib/chef/resource/windows_feature_powershell.rb +0 -1
- data/lib/chef/resource/windows_firewall_profile.rb +0 -2
- data/lib/chef/resource/windows_firewall_rule.rb +0 -1
- data/lib/chef/resource/windows_font.rb +2 -3
- data/lib/chef/resource/windows_package.rb +0 -1
- data/lib/chef/resource/windows_pagefile.rb +0 -2
- data/lib/chef/resource/windows_path.rb +0 -1
- data/lib/chef/resource/windows_printer.rb +0 -1
- data/lib/chef/resource/windows_printer_port.rb +0 -1
- data/lib/chef/resource/windows_script.rb +0 -2
- data/lib/chef/resource/windows_security_policy.rb +0 -1
- data/lib/chef/resource/windows_service.rb +0 -1
- data/lib/chef/resource/windows_share.rb +0 -1
- data/lib/chef/resource/windows_shortcut.rb +1 -2
- data/lib/chef/resource/windows_task.rb +0 -1
- data/lib/chef/resource/windows_uac.rb +0 -1
- data/lib/chef/resource/windows_update_settings.rb +0 -1
- data/lib/chef/resource/windows_user_privilege.rb +0 -1
- data/lib/chef/resource/windows_workgroup.rb +0 -1
- data/lib/chef/resource/yum_package.rb +0 -1
- data/lib/chef/resource/yum_repository.rb +0 -1
- data/lib/chef/resource/zypper_package.rb +0 -1
- data/lib/chef/resource/zypper_repository.rb +0 -1
- data/lib/chef/resource.rb +12 -5
- data/lib/chef/resources.rb +7 -0
- data/lib/chef/run_context.rb +3 -3
- data/lib/chef/secret_fetcher/azure_key_vault.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/handle.rb +6 -7
- data/lib/chef/win32/registry.rb +7 -3
- data/spec/data/rubygems.org/sexp_processor-info +2 -1
- data/spec/data/trusted_certs/example.crt +20 -29
- data/spec/data/trusted_certs/example_no_cn.crt +34 -30
- data/spec/data/trusted_certs/opscode.pem +54 -33
- data/spec/functional/resource/chocolatey_package_spec.rb +20 -32
- data/spec/functional/resource/dsc_script_spec.rb +1 -1
- data/spec/functional/resource/group_spec.rb +26 -42
- data/spec/functional/resource/link_spec.rb +8 -8
- data/spec/functional/resource/macos_userdefaults_spec.rb +4 -4
- data/spec/functional/resource/plist_spec.rb +25 -0
- data/spec/functional/resource/user/linux_user_spec.rb +127 -0
- data/spec/functional/resource/windows_certificate_spec.rb +1 -26
- data/spec/functional/resource/windows_font_spec.rb +12 -9
- data/spec/functional/resource/yum_package_spec.rb +1 -17
- data/spec/functional/resource/zypper_package_spec.rb +12 -10
- data/spec/functional/shell_spec.rb +1 -2
- data/spec/functional/version_spec.rb +1 -1
- data/spec/functional/win32/registry_spec.rb +0 -3
- data/spec/integration/client/client_spec.rb +82 -3
- data/spec/integration/client/exit_code_spec.rb +1 -1
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +1 -1
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/remote_directory.rb +1 -1
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +2 -1
- data/spec/integration/solo/solo_spec.rb +2 -2
- data/spec/spec_helper.rb +1 -5
- data/spec/support/platform_helpers.rb +0 -4
- data/spec/support/ruby_installer.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +2 -2
- data/spec/unit/application/client_spec.rb +0 -10
- data/spec/unit/client_spec.rb +70 -2
- data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +1 -1
- data/spec/unit/cookbook/syntax_check_spec.rb +3 -0
- data/spec/unit/http/authenticator_spec.rb +68 -0
- data/spec/unit/mixin/checksum_spec.rb +0 -28
- data/spec/unit/mixin/homebrew_user_spec.rb +7 -30
- data/spec/unit/mixin/openssl_helper_spec.rb +1 -1
- data/spec/unit/mixin/powershell_exec_spec.rb +5 -5
- data/spec/unit/platform/query_helpers_spec.rb +2 -17
- data/spec/unit/provider/cron_spec.rb +0 -34
- data/spec/unit/provider/http_request_spec.rb +60 -72
- data/spec/unit/provider/mount/linux_spec.rb +10 -0
- data/spec/unit/provider/package/chocolatey_spec.rb +3 -20
- data/spec/unit/provider/package/rubygems_spec.rb +1 -1
- data/spec/unit/provider/package/zypper_spec.rb +32 -0
- data/spec/unit/provider/user/linux_spec.rb +51 -11
- data/spec/unit/provider/user_spec.rb +24 -6
- data/spec/unit/resource/archive_file_spec.rb +1 -1
- data/spec/unit/resource/chef_client_cron_spec.rb +5 -0
- data/spec/unit/resource/chef_client_launchd_spec.rb +5 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +5 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +2 -2
- data/spec/unit/resource/cron_d_spec.rb +37 -1
- data/spec/unit/resource/macos_user_defaults_spec.rb +4 -4
- data/spec/unit/resource/rest_resource_spec.rb +381 -0
- data/spec/unit/resource/selinux_boolean_spec.rb +92 -0
- data/spec/unit/resource/selinux_fcontext_spec.rb +65 -0
- data/spec/unit/resource/selinux_install_spec.rb +60 -0
- data/spec/unit/resource/selinux_module_spec.rb +55 -0
- data/spec/unit/resource/selinux_permissive_spec.rb +39 -0
- data/spec/unit/resource/selinux_port_spec.rb +42 -0
- data/spec/unit/resource/selinux_state_spec.rb +46 -0
- data/spec/unit/resource/sysctl_spec.rb +2 -2
- data/spec/unit/resource/user/linux_user_spec.rb +42 -0
- data/spec/unit/resource_spec.rb +8 -2
- data/spec/unit/util/dsc/local_configuration_manager_spec.rb +1 -1
- data/tasks/rspec.rb +1 -1
- metadata +106 -55
- data/spec/functional/assets/yumrepo-empty/repodata/01a3b-filelists.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/401dc-filelists.xml.gz +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/5dc1e-primary.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/6bf96-other.xml.gz +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/7c365-other.sqlite.bz2 +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/dabe2-primary.xml.gz +0 -0
- data/spec/functional/assets/yumrepo-empty/repodata/repomd.xml +0 -55
- data/spec/integration/client/fips_spec.rb +0 -29
- data/spec/integration/client/open_ssl_spec.rb +0 -20
- /data/spec/functional/assets/chocolatey_feed/{test-A.1.0.0.nupkg → test-A.1.0.nupkg} +0 -0
- /data/spec/functional/assets/chocolatey_feed/{test-A.1.5.0.nupkg → test-A.1.5.nupkg} +0 -0
- /data/spec/functional/assets/chocolatey_feed/{test-A.2.0.0.nupkg → test-A.2.0.nupkg} +0 -0
- /data/spec/functional/assets/chocolatey_feed/{test-B.1.0.0.nupkg → test-B.1.0.nupkg} +0 -0
- /data/spec/functional/assets/yumrepo/repodata/{01a3b-filelists.sqlite.bz2 → 4632d67cb92636e7575d911c24f0e04d3505a944e97c483abe0c3e73a7c62d33-filelists.sqlite.bz2} +0 -0
- /data/spec/functional/assets/yumrepo/repodata/{6bf96-other.xml.gz → 74599b793e54d877323837d2d81a1c3c594c44e4335f9528234bb490f7b9b439-other.xml.gz} +0 -0
- /data/spec/functional/assets/yumrepo/repodata/{5dc1e-primary.sqlite.bz2 → a845d418f919d2115ab95a56b2c76f6825ad0d0bede49181a55c04f58995d057-primary.sqlite.bz2} +0 -0
- /data/spec/functional/assets/yumrepo/repodata/{7c365-other.sqlite.bz2 → af9b7cf9ef23bd7b43068d74a460f3b5d06753d638e58e4a0c9edc35bfb9cdc4-other.sqlite.bz2} +0 -0
- /data/spec/functional/assets/yumrepo/repodata/{401dc-filelists.xml.gz → bdb4f5f1492a3b9532f22c43110a81500dd744f23da0aec5c33b2a41317c737d-filelists.xml.gz} +0 -0
- /data/spec/functional/assets/yumrepo/repodata/{dabe2-primary.xml.gz → c10d1d34ce99e02f12ec96ef68360543ab1bb7c3cb81a4a2bf78df7d8597e9df-primary.xml.gz} +0 -0
|
@@ -0,0 +1,166 @@
|
|
|
1
|
+
#
|
|
2
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
3
|
+
# you may not use this file except in compliance with the License.
|
|
4
|
+
# You may obtain a copy of the License at
|
|
5
|
+
#
|
|
6
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
|
7
|
+
#
|
|
8
|
+
# Unless required by applicable law or agreed to in writing, software
|
|
9
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
10
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
11
|
+
# See the License for the specific language governing permissions and
|
|
12
|
+
# limitations under the License.
|
|
13
|
+
|
|
14
|
+
require_relative "../resource"
|
|
15
|
+
require_relative "selinux/common_helpers"
|
|
16
|
+
|
|
17
|
+
class Chef
|
|
18
|
+
class Resource
|
|
19
|
+
class SelinuxState < Chef::Resource
|
|
20
|
+
unified_mode true
|
|
21
|
+
|
|
22
|
+
provides :selinux_state
|
|
23
|
+
|
|
24
|
+
description "Use **selinux_state** resource to manages the SELinux state on the system. It does this by using the `setenforce` command and rendering the `/etc/selinux/config` file from a template."
|
|
25
|
+
introduced "18.0"
|
|
26
|
+
examples <<~DOC
|
|
27
|
+
**Set SELinux state to permissive**:
|
|
28
|
+
|
|
29
|
+
```ruby
|
|
30
|
+
selinux_state 'permissive' do
|
|
31
|
+
action :permissive
|
|
32
|
+
end
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
**Set SELinux state to enforcing**:
|
|
36
|
+
|
|
37
|
+
```ruby
|
|
38
|
+
selinux_state 'enforcing' do
|
|
39
|
+
action :enforcing
|
|
40
|
+
end
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
**Set SELinux state to disabled**:
|
|
44
|
+
```ruby
|
|
45
|
+
selinux_state 'disabled' do
|
|
46
|
+
action :disabled
|
|
47
|
+
end
|
|
48
|
+
```
|
|
49
|
+
DOC
|
|
50
|
+
|
|
51
|
+
default_action :nothing
|
|
52
|
+
|
|
53
|
+
property :config_file, String,
|
|
54
|
+
default: "/etc/selinux/config",
|
|
55
|
+
description: "Path to SELinux config file on disk."
|
|
56
|
+
|
|
57
|
+
property :persistent, [true, false],
|
|
58
|
+
default: true,
|
|
59
|
+
description: "Persist status update to the selinux configuration file."
|
|
60
|
+
|
|
61
|
+
property :policy, String,
|
|
62
|
+
default: lazy { default_policy_platform },
|
|
63
|
+
equal_to: %w{default minimum mls src strict targeted},
|
|
64
|
+
description: "SELinux policy type."
|
|
65
|
+
|
|
66
|
+
property :automatic_reboot, [true, false, Symbol],
|
|
67
|
+
default: false,
|
|
68
|
+
description: "Perform an automatic node reboot if required for state change."
|
|
69
|
+
|
|
70
|
+
deprecated_property_alias "temporary", "persistent", "The temporary property was renamed persistent in the 4.0 release of this cookbook. Please update your cookbooks to use the new property name."
|
|
71
|
+
|
|
72
|
+
action_class do
|
|
73
|
+
include Chef::SELinux::CommonHelpers
|
|
74
|
+
def render_selinux_template(action)
|
|
75
|
+
Chef::Log.warn("It is advised to set the configuration first to permissive to relabel the filesystem prior to enforcing.") if selinux_disabled? && action == :enforcing
|
|
76
|
+
|
|
77
|
+
unless new_resource.automatic_reboot
|
|
78
|
+
Chef::Log.warn("Changes from disabled require a reboot.") if selinux_disabled? && %i{enforcing permissive}.include?(action)
|
|
79
|
+
Chef::Log.warn("Disabling selinux requires a reboot.") if (selinux_enforcing? || selinux_permissive?) && action == :disabled
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
template "#{action} selinux config" do
|
|
83
|
+
path new_resource.config_file
|
|
84
|
+
source debian? ? ::File.expand_path("selinux/selinux_debian.erb", __dir__) : ::File.expand_path("selinux/selinux_default.erb", __dir__)
|
|
85
|
+
local true
|
|
86
|
+
variables(
|
|
87
|
+
selinux: action.to_s,
|
|
88
|
+
selinuxtype: new_resource.policy
|
|
89
|
+
)
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
93
|
+
def node_selinux_restart
|
|
94
|
+
unless new_resource.automatic_reboot
|
|
95
|
+
Chef::Log.warn("SELinux state change to #{action} requires a manual reboot as SELinux is currently #{selinux_state} and automatic reboots are disabled.")
|
|
96
|
+
return
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
outer_action = action
|
|
100
|
+
reboot "selinux_state_change" do
|
|
101
|
+
delay_mins 1
|
|
102
|
+
reason "SELinux state change to #{outer_action} from #{selinux_state}"
|
|
103
|
+
|
|
104
|
+
action new_resource.automatic_reboot.is_a?(Symbol) ? new_resource.automatic_reboot : :reboot_now
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
end
|
|
108
|
+
|
|
109
|
+
action :enforcing, description: "Set the SELinux state to enforcing." do
|
|
110
|
+
unless selinux_disabled? || selinux_enforcing?
|
|
111
|
+
execute "selinux-setenforce-enforcing" do
|
|
112
|
+
command "/usr/sbin/setenforce 1"
|
|
113
|
+
end
|
|
114
|
+
end
|
|
115
|
+
|
|
116
|
+
if selinux_activate_required?
|
|
117
|
+
execute "debian-selinux-activate" do
|
|
118
|
+
command "/usr/sbin/selinux-activate"
|
|
119
|
+
end
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
render_selinux_template(action) if new_resource.persistent
|
|
123
|
+
node_selinux_restart if state_change_reboot_required?
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
action :permissive, description: "Set the SELinux state to permissive." do
|
|
127
|
+
unless selinux_disabled? || selinux_permissive?
|
|
128
|
+
execute "selinux-setenforce-permissive" do
|
|
129
|
+
command "/usr/sbin/setenforce 0"
|
|
130
|
+
end
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
if selinux_activate_required?
|
|
134
|
+
execute "debian-selinux-activate" do
|
|
135
|
+
command "/usr/sbin/selinux-activate"
|
|
136
|
+
end
|
|
137
|
+
end
|
|
138
|
+
|
|
139
|
+
render_selinux_template(action) if new_resource.persistent
|
|
140
|
+
node_selinux_restart if state_change_reboot_required?
|
|
141
|
+
end
|
|
142
|
+
|
|
143
|
+
action :disabled, description: "Set the SELinux state to disabled. **NOTE**: Switching to or from disabled requires a reboot!" do
|
|
144
|
+
raise "A non-persistent change to the disabled SELinux status is not possible." unless new_resource.persistent
|
|
145
|
+
|
|
146
|
+
render_selinux_template(action)
|
|
147
|
+
node_selinux_restart if state_change_reboot_required?
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
private
|
|
151
|
+
|
|
152
|
+
#
|
|
153
|
+
# Decide default policy platform based upon platform_family
|
|
154
|
+
#
|
|
155
|
+
# @return [String] Policy platform name
|
|
156
|
+
def default_policy_platform
|
|
157
|
+
case node["platform_family"]
|
|
158
|
+
when "rhel", "fedora", "amazon"
|
|
159
|
+
"targeted"
|
|
160
|
+
when "debian"
|
|
161
|
+
"default"
|
|
162
|
+
end
|
|
163
|
+
end
|
|
164
|
+
end
|
|
165
|
+
end
|
|
166
|
+
end
|
data/lib/chef/resource/sudo.rb
CHANGED
|
@@ -10,19 +10,18 @@
|
|
|
10
10
|
@https_proxy
|
|
11
11
|
@ftp_proxy
|
|
12
12
|
@log_level
|
|
13
|
+
@minimal_ohai
|
|
13
14
|
@named_run_list
|
|
14
15
|
@no_proxy
|
|
15
16
|
@pid_file
|
|
16
17
|
@policy_group
|
|
17
18
|
@policy_name
|
|
18
19
|
@rubygems_url
|
|
19
|
-
@ssl_verify_mode
|
|
20
|
+
@ssl_verify_mode
|
|
21
|
+
@policy_persist_run_list).each do |prop| -%>
|
|
20
22
|
<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
|
|
21
23
|
<%=prop.delete_prefix("@") %> <%= instance_variable_get(prop).inspect %>
|
|
22
24
|
<% end -%>
|
|
23
|
-
<%# boolean properties are neither .nil? nor respond to .empty? so they are included below %>
|
|
24
|
-
minimal_ohai <%= @minimal_ohai.inspect %>
|
|
25
|
-
policy_persist_run_list <%= @policy_persist_run_list.inspect %>
|
|
26
25
|
<%# ohai_disabled_plugins and ohai_optional_plugins properties don't match the config value perfectly-%>
|
|
27
26
|
<% %w(@ohai_disabled_plugins
|
|
28
27
|
@ohai_optional_plugins).each do |prop| -%>
|
|
@@ -39,10 +38,10 @@ log_location <%= @log_location.inspect %>
|
|
|
39
38
|
<% end -%>
|
|
40
39
|
<%# These data_collector options are special as they have a '.' -%>
|
|
41
40
|
<% unless @data_collector_server_url.nil? || @data_collector_server_url.empty? %>
|
|
42
|
-
data_collector.server_url <%= @data_collector_server_url %>
|
|
41
|
+
data_collector.server_url <%= @data_collector_server_url.inspect %>
|
|
43
42
|
<% end %>
|
|
44
43
|
<% unless @data_collector_token.nil? || @data_collector_token.empty? %>
|
|
45
|
-
data_collector.token <%= @data_collector_token %>
|
|
44
|
+
data_collector.token <%= @data_collector_token.inspect %>
|
|
46
45
|
<% end %>
|
|
47
46
|
<%# The code below is not DRY on purpose to improve readability -%>
|
|
48
47
|
<% unless @start_handlers.empty? -%>
|
data/lib/chef/resource/sysctl.rb
CHANGED
|
@@ -20,7 +20,6 @@ require_relative "../resource"
|
|
|
20
20
|
class Chef
|
|
21
21
|
class Resource
|
|
22
22
|
class Sysctl < Chef::Resource
|
|
23
|
-
unified_mode true
|
|
24
23
|
|
|
25
24
|
provides(:sysctl) { true }
|
|
26
25
|
provides(:sysctl_param) { true }
|
|
@@ -188,7 +187,7 @@ class Chef
|
|
|
188
187
|
|
|
189
188
|
sysctl_lines << "#{new_resource.key} = #{new_resource.value}"
|
|
190
189
|
|
|
191
|
-
sysctl_lines.join("\n")
|
|
190
|
+
sysctl_lines.join("\n") + "\n"
|
|
192
191
|
end
|
|
193
192
|
end
|
|
194
193
|
|
|
@@ -34,7 +34,6 @@ class Chef
|
|
|
34
34
|
# chef-client. This resource includes actions and properties from the file resource. Template files managed by the
|
|
35
35
|
# template resource follow the same file specificity rules as the remote_file and file resources.
|
|
36
36
|
class Template < Chef::Resource::File
|
|
37
|
-
unified_mode true
|
|
38
37
|
|
|
39
38
|
provides :template
|
|
40
39
|
|
|
@@ -58,7 +58,6 @@ class Chef
|
|
|
58
58
|
# the 'password' property corresponds to a plaintext password and will
|
|
59
59
|
# attempt to use it in place of secure_token_password if it not set.
|
|
60
60
|
class MacUser < Chef::Resource::User
|
|
61
|
-
unified_mode true
|
|
62
61
|
|
|
63
62
|
provides :mac_user
|
|
64
63
|
provides :user, platform: "mac_os_x"
|
data/lib/chef/resource/user.rb
CHANGED
|
@@ -21,7 +21,6 @@ require_relative "../resource"
|
|
|
21
21
|
class Chef
|
|
22
22
|
class Resource
|
|
23
23
|
class User < Chef::Resource
|
|
24
|
-
unified_mode true
|
|
25
24
|
|
|
26
25
|
description "Use the **user** resource to add users, update existing users, remove users, and to lock/unlock user passwords."
|
|
27
26
|
|
|
@@ -73,6 +72,16 @@ class Chef
|
|
|
73
72
|
description: "The numeric group identifier."
|
|
74
73
|
|
|
75
74
|
alias_method :group, :gid
|
|
75
|
+
|
|
76
|
+
property :expire_date, [ String, NilClass ],
|
|
77
|
+
description: "(Linux) The date on which the user account will be disabled. The date is specified in the format YYYY-MM-DD.",
|
|
78
|
+
introduced: "18.0",
|
|
79
|
+
desired_state: false
|
|
80
|
+
|
|
81
|
+
property :inactive, [ String, Integer, NilClass ],
|
|
82
|
+
description: "(Linux) The number of days after a password expires until the account is permanently disabled. A value of 0 disables the account as soon as the password has expired, and a value of -1 disables the feature.",
|
|
83
|
+
introduced: "18.0",
|
|
84
|
+
desired_state: false
|
|
76
85
|
end
|
|
77
86
|
end
|
|
78
87
|
end
|
|
@@ -19,7 +19,6 @@ require_relative "../resource"
|
|
|
19
19
|
class Chef
|
|
20
20
|
class Resource
|
|
21
21
|
class WindowsDefender < Chef::Resource
|
|
22
|
-
unified_mode true
|
|
23
22
|
provides :windows_defender
|
|
24
23
|
|
|
25
24
|
description "Use the **windows_defender** resource to enable or disable the Microsoft Windows Defender service."
|
|
@@ -21,7 +21,6 @@ class Chef
|
|
|
21
21
|
class Resource
|
|
22
22
|
class WindowsFont < Chef::Resource
|
|
23
23
|
require_relative "../util/path_helper"
|
|
24
|
-
unified_mode true
|
|
25
24
|
|
|
26
25
|
provides(:windows_font) { true }
|
|
27
26
|
|
|
@@ -83,7 +82,7 @@ class Chef
|
|
|
83
82
|
|
|
84
83
|
# install the font into the appropriate fonts directory
|
|
85
84
|
def install_font
|
|
86
|
-
require "win32ole" if RUBY_PLATFORM.match?(/mswin|
|
|
85
|
+
require "win32ole" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
|
87
86
|
fonts_dir = Chef::Util::PathHelper.join(ENV["windir"], "fonts")
|
|
88
87
|
folder = WIN32OLE.new("Shell.Application").Namespace(fonts_dir)
|
|
89
88
|
converge_by("install font #{new_resource.font_name} to #{fonts_dir}") do
|
|
@@ -95,7 +94,7 @@ class Chef
|
|
|
95
94
|
#
|
|
96
95
|
# @return [Boolean] Is the font is installed?
|
|
97
96
|
def font_exists?
|
|
98
|
-
require "win32ole" if RUBY_PLATFORM.match?(/mswin|
|
|
97
|
+
require "win32ole" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
|
99
98
|
fonts_dir = WIN32OLE.new("WScript.Shell").SpecialFolders("Fonts")
|
|
100
99
|
fonts_dir_local = Chef::Util::PathHelper.join(ENV["home"], "AppData/Local/Microsoft/Windows/fonts")
|
|
101
100
|
logger.trace("Seeing if the font at #{Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)} exists")
|
|
@@ -20,7 +20,6 @@ require_relative "../resource"
|
|
|
20
20
|
class Chef
|
|
21
21
|
class Resource
|
|
22
22
|
class WindowsPagefile < Chef::Resource
|
|
23
|
-
unified_mode true
|
|
24
23
|
|
|
25
24
|
provides(:windows_pagefile) { true }
|
|
26
25
|
|
|
@@ -166,7 +165,6 @@ class Chef
|
|
|
166
165
|
# @return [Boolean]
|
|
167
166
|
def max_and_min_set?(pagefile, min, max)
|
|
168
167
|
logger.trace("Checking if #{pagefile} has max and initial disk size values set")
|
|
169
|
-
|
|
170
168
|
powershell_code = <<-CODE
|
|
171
169
|
$page_file = '#{pagefile}';
|
|
172
170
|
$driveLetter = $page_file.split(':')[0];
|
|
@@ -27,7 +27,6 @@ class Chef
|
|
|
27
27
|
# 2. Fail with a warning if the port can't be found and create_port is false
|
|
28
28
|
# 3. Fail with helpful messaging if the printer driver can't be installed
|
|
29
29
|
class WindowsPrinter < Chef::Resource
|
|
30
|
-
unified_mode true
|
|
31
30
|
|
|
32
31
|
autoload :Resolv, "resolv"
|
|
33
32
|
|
|
@@ -24,8 +24,6 @@ class Chef
|
|
|
24
24
|
class WindowsScript < Chef::Resource::Script
|
|
25
25
|
include Chef::Mixin::WindowsArchitectureHelper
|
|
26
26
|
|
|
27
|
-
unified_mode true
|
|
28
|
-
|
|
29
27
|
# This is an abstract resource meant to be subclasses; thus no 'provides'
|
|
30
28
|
|
|
31
29
|
set_guard_inherited_attributes(:architecture)
|