chef 17.2.29-universal-mingw32 → 17.3.48-universal-mingw32

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +4 -3
  3. data/chef.gemspec +1 -0
  4. data/lib/chef/client.rb +1 -1
  5. data/lib/chef/data_bag.rb +1 -2
  6. data/lib/chef/data_bag_item.rb +1 -2
  7. data/lib/chef/deprecated.rb +10 -4
  8. data/lib/chef/dsl.rb +1 -0
  9. data/lib/chef/dsl/render_helpers.rb +44 -0
  10. data/lib/chef/dsl/secret.rb +64 -0
  11. data/lib/chef/dsl/toml.rb +116 -0
  12. data/lib/chef/dsl/universal.rb +5 -0
  13. data/lib/chef/exceptions.rb +22 -0
  14. data/lib/chef/handler/slow_report.rb +1 -1
  15. data/lib/chef/json_compat.rb +1 -1
  16. data/lib/chef/policy_builder/policyfile.rb +88 -45
  17. data/lib/chef/provider/file.rb +2 -2
  18. data/lib/chef/provider/lwrp_base.rb +1 -1
  19. data/lib/chef/provider/package/habitat.rb +168 -0
  20. data/lib/chef/provider/package/powershell.rb +5 -0
  21. data/lib/chef/providers.rb +1 -0
  22. data/lib/chef/resource/chef_client_config.rb +7 -2
  23. data/lib/chef/resource/chef_client_cron.rb +1 -1
  24. data/lib/chef/resource/chef_client_launchd.rb +1 -1
  25. data/lib/chef/resource/chef_client_scheduled_task.rb +1 -1
  26. data/lib/chef/resource/chef_client_systemd_timer.rb +1 -1
  27. data/lib/chef/resource/chef_client_trusted_certificate.rb +2 -2
  28. data/lib/chef/resource/chef_vault_secret.rb +2 -2
  29. data/lib/chef/resource/dsc_resource.rb +1 -1
  30. data/lib/chef/resource/execute.rb +3 -3
  31. data/lib/chef/resource/gem_package.rb +2 -1
  32. data/lib/chef/resource/habitat/_habitat_shared.rb +28 -0
  33. data/lib/chef/resource/habitat/habitat_package.rb +129 -0
  34. data/lib/chef/resource/habitat/habitat_sup.rb +329 -0
  35. data/lib/chef/resource/habitat/habitat_sup_systemd.rb +67 -0
  36. data/lib/chef/resource/habitat/habitat_sup_windows.rb +90 -0
  37. data/lib/chef/resource/habitat_config.rb +107 -0
  38. data/lib/chef/resource/habitat_install.rb +247 -0
  39. data/lib/chef/resource/habitat_service.rb +451 -0
  40. data/lib/chef/resource/habitat_user_toml.rb +92 -0
  41. data/lib/chef/resource/lwrp_base.rb +1 -1
  42. data/lib/chef/resource/support/HabService.dll.config.erb +19 -0
  43. data/lib/chef/resource/support/client.erb +8 -1
  44. data/lib/chef/resource/support/sup.toml.erb +179 -0
  45. data/lib/chef/resource/windows_defender.rb +163 -0
  46. data/lib/chef/resource/windows_defender_exclusion.rb +125 -0
  47. data/lib/chef/resource/windows_printer.rb +78 -44
  48. data/lib/chef/resource/windows_printer_port.rb +1 -1
  49. data/lib/chef/resource/windows_update_settings.rb +259 -0
  50. data/lib/chef/resources.rb +12 -1
  51. data/lib/chef/secret_fetcher.rb +54 -0
  52. data/lib/chef/secret_fetcher/aws_secrets_manager.rb +53 -0
  53. data/lib/chef/secret_fetcher/azure_key_vault.rb +56 -0
  54. data/lib/chef/secret_fetcher/base.rb +72 -0
  55. data/lib/chef/secret_fetcher/example.rb +46 -0
  56. data/lib/chef/version.rb +1 -1
  57. data/spec/functional/mixin/from_file_spec.rb +1 -1
  58. data/spec/integration/recipes/recipe_dsl_spec.rb +1 -1
  59. data/spec/integration/recipes/resource_action_spec.rb +4 -4
  60. data/spec/support/shared/unit/provider/file.rb +2 -8
  61. data/spec/unit/data_bag_item_spec.rb +2 -2
  62. data/spec/unit/data_bag_spec.rb +1 -1
  63. data/spec/unit/dsl/render_helpers_spec.rb +102 -0
  64. data/spec/unit/dsl/secret_spec.rb +65 -0
  65. data/spec/unit/policy_builder/dynamic_spec.rb +0 -5
  66. data/spec/unit/policy_builder/policyfile_spec.rb +144 -56
  67. data/spec/unit/provider/apt_update_spec.rb +3 -1
  68. data/spec/unit/provider/mount/aix_spec.rb +1 -1
  69. data/spec/unit/provider/package/powershell_spec.rb +74 -12
  70. data/spec/unit/resource/windows_defender_exclusion_spec.rb +62 -0
  71. data/spec/unit/resource/windows_defender_spec.rb +71 -0
  72. data/spec/unit/resource/windows_update_settings_spec.rb +64 -0
  73. data/spec/unit/secret_fetcher/azure_key_vault_spec.rb +63 -0
  74. data/spec/unit/secret_fetcher_spec.rb +82 -0
  75. metadata +51 -7
@@ -0,0 +1,92 @@
1
+ # Copyright:: Chef Software Inc.
2
+ # License:: Apache License, Version 2.0
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing
14
+
15
+ require_relative "../resource"
16
+ class Chef
17
+ class Resource
18
+ class HabitatUserToml < Chef::Resource
19
+ unified_mode true
20
+ provides :habitat_user_toml
21
+
22
+ description "Use the **habitat_user_toml** to template a `user.toml` for Chef Habitat services. Configurations set in the `user.toml` override the `default.toml` for a given package, which makes it an alternative to applying service group level configuration."
23
+ introduced "17.3"
24
+ examples <<~DOC
25
+ **Configure user specific settings to nginx**
26
+
27
+ ```ruby
28
+ habitat_user_toml 'nginx' do
29
+ config({
30
+ worker_count: 2,
31
+ http: {
32
+ keepalive_timeout: 120
33
+ }
34
+ })
35
+ end
36
+ ```
37
+ DOC
38
+
39
+ property :config, Mash, required: true, coerce: proc { |m| m.is_a?(Hash) ? Mash.new(m) : m },
40
+ description: "Only valid for `:create` action. The configuration to apply as a ruby hash, for example, `{ worker_count: 2, http: { keepalive_timeout: 120 } }`."
41
+
42
+ property :service_name, String, name_property: true, desired_state: false,
43
+ description: "The service group to apply the configuration to, for example, `nginx.default`."
44
+
45
+ action :create, description: "(default action) Create the user.toml from the specified config." do
46
+ directory config_directory do
47
+ mode "0755"
48
+ owner root_owner
49
+ group node["root_group"]
50
+ recursive true
51
+ end
52
+
53
+ file "#{config_directory}/user.toml" do
54
+ mode "0600"
55
+ owner root_owner
56
+ group node["root_group"]
57
+ content render_toml(new_resource.config)
58
+ sensitive true
59
+ end
60
+ end
61
+
62
+ action :delete, description: "Delete the user.toml" do
63
+ file "#{config_directory}/user.toml" do
64
+ sensitive true
65
+ action :delete
66
+ end
67
+ end
68
+
69
+ action_class do
70
+ def config_directory
71
+ windows? ? "C:/hab/user/#{new_resource.service_name}/config" : "/hab/user/#{new_resource.service_name}/config"
72
+ end
73
+
74
+ def wmi_property_from_query(wmi_property, wmi_query)
75
+ @wmi = ::WIN32OLE.connect("winmgmts://")
76
+ result = @wmi.ExecQuery(wmi_query)
77
+ return unless result.each.count > 0
78
+
79
+ result.each.next.send(wmi_property)
80
+ end
81
+
82
+ def root_owner
83
+ if windows?
84
+ wmi_property_from_query(:name, "select * from Win32_UserAccount where sid like 'S-1-5-21-%-500' and LocalAccount=True")
85
+ else
86
+ "root"
87
+ end
88
+ end
89
+ end
90
+ end
91
+ end
92
+ end
@@ -37,7 +37,7 @@ class Chef
37
37
  class LWRPBase < Resource
38
38
 
39
39
  # Class methods
40
- class <<self
40
+ class << self
41
41
 
42
42
  include Chef::Mixin::ConvertToClassName
43
43
  include Chef::Mixin::FromFile
@@ -0,0 +1,19 @@
1
+ <?xml version="1.0" encoding="utf-8"?>
2
+ <configuration>
3
+ <appSettings>
4
+ <add key="debug" value="false" />
5
+ <% if @auth_token %>
6
+ <add key="ENV_HAB_AUTH_TOKEN" value="<%= @auth_token %>" />
7
+ <% end %>
8
+ <% if @gateway_auth_token %>
9
+ <add key="ENV_HAB_SUP_GATEWAY_AUTH_TOKEN" value="<%= @gateway_auth_token %>" />
10
+ <% end %>
11
+ <% if @bldr_url %>
12
+ <add key="ENV_HAB_BLDR_URL" value="<%= @bldr_url %>" />
13
+ <% end %>
14
+ <%if @exec_start_options %>
15
+ <add key="launcherArgs" value="--no-color <%= @exec_start_options %>" />
16
+ <% end %>
17
+ <add key="launcherPath" value="C:\Hab\pkgs\<%= `hab pkg list core/hab-launcher`.split().last %>\bin\hab-launch.exe"/>
18
+ </appSettings>
19
+ </configuration>
@@ -18,10 +18,17 @@
18
18
  @pid_file
19
19
  @policy_group
20
20
  @policy_name
21
- @ssl_verify_mode).each do |prop| -%>
21
+ @ssl_verify_mode
22
+ @policy_persist_run_list).each do |prop| -%>
22
23
  <% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
23
24
  <%=prop.delete_prefix("@") %> <%= instance_variable_get(prop).inspect %>
24
25
  <% end -%>
26
+ <%# ohai_disabled_plugins and ohai_optional_plugins properties don't match the config value perfectly-%>
27
+ <% %w(@ohai_disabled_plugins
28
+ @ohai_optional_plugins).each do |prop| -%>
29
+ <% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
30
+ <%=prop.gsub("@ohai_", "ohai.") %> <%= instance_variable_get(prop).inspect %>
31
+ <% end -%>
25
32
  <%# log_location is special due to STDOUT/STDERR from String -> IO Object -%>
26
33
  <% unless @log_location.nil? %>
27
34
  <% if @log_location.is_a?(String) && %w(STDOUT STDERR).include?(@log_location) -%>
@@ -0,0 +1,179 @@
1
+ # sup.toml
2
+ # Used for passing configuration options to the Chef Habitat supervisor
3
+ # This file is controlled by the 'habitat' cookbook and should not be modified by hand -- local modifications may be overwritten.
4
+
5
+ ### The listen address for the Gossip Gateway
6
+ <% if @listen_gossip %>
7
+ listen_gossip = "<%= @listen_gossip %>"
8
+ <% end %>
9
+
10
+ ### Start the supervisor in local mode
11
+ # local_gossip_mode =
12
+
13
+ ### The listen address for the HTTP Gateway
14
+ <% if @listen_http %>
15
+ listen_http = "<%= @listen_http %>"
16
+ <% end %>
17
+ ### Disable the HTTP Gateway completely
18
+ # http_disable =
19
+
20
+ ### The listen address for the Control Gateway
21
+ <% if @listen_ctl %>
22
+ listen_ctl = "<%= @listen_ctl %>"
23
+ <% end %>
24
+ ### The organization the Supervisor and its services are part of
25
+ <% if @organization %>
26
+ organization = "<%= @organization %>"
27
+ <% end %>
28
+ ### The listen address of one or more initial peers (IP[:PORT])
29
+ <% if @peer %>
30
+ peer = <%= @peer %>
31
+ <% end %>
32
+ ### Make this Supervisor a permanent peer
33
+ <% if @permanent_peer %>
34
+ permanent_peer = <%= @permanent_peer %>
35
+ <% end %>
36
+ ### Watch this file for connecting to the ring
37
+ # peer_watch_file =
38
+
39
+ ### Cache for creating and searching for encryption keys
40
+ # cache_key_path =
41
+
42
+ ### The name of the ring used by the Supervisor when running with wire encryption
43
+ <% if @ring %>
44
+ ring = "<%= @ring %>"
45
+ <% end %>
46
+ ### Use the package config from this path rather than the package itself
47
+ # config_from =
48
+
49
+ ### Enable automatic updates for the Supervisor itself
50
+ <% if @auto_update %>
51
+ auto_update = <%= @auto_update %>
52
+ <% end %>
53
+ ### The period of time in seconds between Supervisor update checks
54
+ # auto_update_period =
55
+
56
+ ### The period of time in seconds between service update checks
57
+ # service_update_period =
58
+
59
+ ### The private key for HTTP Gateway TLS encryption
60
+ ###
61
+ ### Read the private key from KEY_FILE. This should be an RSA private key or PKCS8-encoded private key in PEM format.
62
+ # key_file =
63
+
64
+ ### The server certificates for HTTP Gateway TLS encryption
65
+ ###
66
+ ### Read server certificates from CERT_FILE. This should contain PEM-format certificates in the right order. The first certificate should certify KEY_FILE. The last should be a root CA.
67
+ # cert_file =
68
+
69
+ ### The CA certificate for HTTP Gateway TLS encryption
70
+ ###
71
+ ### Read the CA certificate from CA_CERT_FILE. This should contain PEM-format certificate that can be used to validate client requests
72
+ # ca_cert_file =
73
+
74
+ ### Load a Habitat package as part of the Supervisor startup
75
+ ###
76
+ ### The package can be specified by a package identifier (ex: core/redis) or filepath to a Habitat artifact (ex: /home/core-redis-3.0.7-21120102031201-x86_64-linux.hart).
77
+ # pkg_ident_or_artifact =
78
+
79
+ ### Verbose output showing file and line/column numbers
80
+ # verbose =
81
+
82
+ ### Turn ANSI color off
83
+ # no_color =
84
+
85
+ ### Use structured JSON logging for the Supervisor
86
+ ###
87
+ ### This option also sets NO_COLOR.
88
+ # json_logging =
89
+
90
+ ### The IPv4 address to use as the `sys.ip` template variable
91
+ ###
92
+ ### If this argument is not set, the supervisor tries to dynamically determine an IP address. If that fails, the supervisor defaults to using `127.0.0.1`.
93
+ # sys_ip_address =
94
+
95
+ ### The name of the application for event stream purposes
96
+ ###
97
+ ### This will be attached to all events generated by this Supervisor.
98
+ <% if @event_stream_application %>
99
+ event_stream_application = "<%= @event_stream_application %>"
100
+ <% end %>
101
+ ### The name of the environment for event stream purposes
102
+ ###
103
+ ### This will be attached to all events generated by this Supervisor.
104
+ <% if @event_stream_environment %>
105
+ event_stream_environment = "<%= @event_stream_environment %>"
106
+ <% end %>
107
+ ### Event stream connection timeout before exiting the Supervisor
108
+ ###
109
+ ### Set to '0' to immediately start the Supervisor and continue running regardless of the initial connection status.
110
+ # event_stream_connect_timeout =
111
+
112
+ ### The event stream connection url used to send events to Chef Automate
113
+ ###
114
+ ### This enables the event stream and requires EVENT_STREAM_APPLICATION, EVENT_STREAM_ENVIRONMENT, and EVENT_STREAM_TOKEN also be set.
115
+ <% if @event_stream_url %>
116
+ event_stream_url = "<%= @event_stream_url %>"
117
+ <% end %>
118
+ ### The name of the site where this Supervisor is running for event stream purposes
119
+ <% if @event_stream_site %>
120
+ event_stream_site = "<%= @event_stream_site %>"
121
+ <% end %>
122
+ ### The authentication token for connecting the event stream to Chef Automate
123
+ <% if @event_stream_token %>
124
+ event_stream_token = "<%= @event_stream_token %>"
125
+ <% end %>
126
+ ### An arbitrary key-value pair to add to each event generated by this Supervisor
127
+ # event_meta = []
128
+
129
+ ### The path to Chef Automate's event stream certificate used to establish a TLS connection
130
+ ###
131
+ ### The certificate should be in PEM format.
132
+ <% if @event_stream_server_certificate %>
133
+ event_stream_server_certificate = "<%= @event_stream_server_certificate %>"
134
+ <% end %>
135
+ ### Automatically cleanup old packages
136
+ ###
137
+ ### The Supervisor will automatically cleanup old packages only keeping the KEEP_LATEST_PACKAGES latest packages. If this argument is not specified, no automatic package cleanup is performed.
138
+ <% if @keep_latest_packages %>
139
+ keep_latest_packages = "<%= @keep_latest_packages %>"
140
+ <% end %>
141
+ ### Receive updates from the specified release channel
142
+ # channel =
143
+
144
+ ### Specify an alternate Builder endpoint. If not specified, the value will be taken from the HAB_BLDR_URL environment variable if defined. (default: https://bldr.habitat.sh)
145
+ <% if @bldr_url %>
146
+ bldr_url = "<%= @bldr_url %>"
147
+ <% end %>
148
+ ### The service group with shared config and topology
149
+ # group =
150
+
151
+ ### Service topology
152
+ # topology =
153
+
154
+ ### The update strategy
155
+ # strategy =
156
+
157
+ ### The condition dictating when this service should update
158
+ ###
159
+ ### latest: Runs the latest package that can be found in the configured channel and local packages.
160
+ ###
161
+ ### track-channel: Always run what is at the head of a given channel. This enables service rollback where demoting a package from a channel will cause the package to rollback to an older version of the package. A ramification of enabling this condition is packages newer than the package at the head of the channel will be automatically uninstalled during a service rollback.
162
+ <% if @update_condition %>
163
+ update_condition = "<%= @update_condition %>"
164
+ <% end %>
165
+ ### One or more service groups to bind to a configuration
166
+ # bind = []
167
+
168
+ ### Governs how the presence or absence of binds affects service startup
169
+ ###
170
+ ### strict: blocks startup until all binds are present.
171
+ # binding_mode =
172
+
173
+ ### The interval in seconds on which to run health checks
174
+ # health_check_interval =
175
+
176
+ ### The delay in seconds after sending the shutdown signal to wait before killing the service process
177
+ ###
178
+ ### The default value can be set in the packages plan file.
179
+ # shutdown_timeout =
@@ -0,0 +1,163 @@
1
+ #
2
+ # Copyright:: Chef Software, Inc.
3
+ #
4
+ # Licensed under the Apache License, Version 2.0 (the "License");
5
+ # you may not use this file except in compliance with the License.
6
+ # You may obtain a copy of the License at
7
+ #
8
+ # http://www.apache.org/licenses/LICENSE-2.0
9
+ #
10
+ # Unless required by applicable law or agreed to in writing, software
11
+ # distributed under the License is distributed on an "AS IS" BASIS,
12
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ # See the License for the specific language governing permissions and
14
+ # limitations under the License.
15
+ #
16
+
17
+ require_relative "../resource"
18
+
19
+ class Chef
20
+ class Resource
21
+ class WindowsDefender < Chef::Resource
22
+ unified_mode true
23
+ provides :windows_defender
24
+
25
+ description "Use the **windows_defender** resource to enable or disable the Microsoft Windows Defender service."
26
+ introduced "17.3"
27
+ examples <<~DOC
28
+ **Configure Windows Defender AV settings**:
29
+
30
+ ```ruby
31
+ windows_defender 'Configure Defender' do
32
+ realtime_protection true
33
+ intrusion_protection_system true
34
+ lock_ui true
35
+ scan_archives true
36
+ scan_scripts true
37
+ scan_email true
38
+ scan_removable_drives true
39
+ scan_network_files false
40
+ scan_mapped_drives false
41
+ action :enable
42
+ end
43
+ ```
44
+
45
+ **Disable Windows Defender AV**:
46
+
47
+ ```ruby
48
+ windows_defender 'Disable Defender' do
49
+ action :disable
50
+ end
51
+ ```
52
+ DOC
53
+
54
+ # DisableIOAVProtection
55
+ property :realtime_protection, [true, false],
56
+ default: true,
57
+ description: "Enable realtime scanning of downloaded files and attachments."
58
+
59
+ # DisableIntrusionPreventionSystem
60
+ property :intrusion_protection_system, [true, false],
61
+ default: true,
62
+ description: "Enable network protection against exploitation of known vulnerabilities."
63
+
64
+ # UILockdown
65
+ property :lock_ui, [true, false],
66
+ description: "Lock the UI to prevent users from changing Windows Defender settings.",
67
+ default: false
68
+
69
+ # DisableArchiveScanning
70
+ property :scan_archives, [true, false],
71
+ default: true,
72
+ description: "Scan file archives such as .zip or .gz archives."
73
+
74
+ # DisableScriptScanning
75
+ property :scan_scripts, [true, false],
76
+ default: false,
77
+ description: "Scan scripts in malware scans."
78
+
79
+ # DisableEmailScanning
80
+ property :scan_email, [true, false],
81
+ default: false,
82
+ description: "Scan e-mails for malware."
83
+
84
+ # DisableRemovableDriveScanning
85
+ property :scan_removable_drives, [true, false],
86
+ default: false,
87
+ description: "Scan content of removable drives."
88
+
89
+ # DisableScanningNetworkFiles
90
+ property :scan_network_files, [true, false],
91
+ default: false,
92
+ description: "Scan files on a network."
93
+
94
+ # DisableScanningMappedNetworkDrivesForFullScan
95
+ property :scan_mapped_drives, [true, false],
96
+ default: true,
97
+ description: "Scan files on mapped network drives."
98
+
99
+ load_current_value do
100
+ values = powershell_exec!("Get-MPpreference").result
101
+
102
+ lock_ui values["UILockdown"]
103
+ realtime_protection !values["DisableIOAVProtection"]
104
+ intrusion_protection_system !values["DisableIntrusionPreventionSystem"]
105
+ scan_archives !values["DisableArchiveScanning"]
106
+ scan_scripts !values["DisableScriptScanning"]
107
+ scan_email !values["DisableEmailScanning"]
108
+ scan_removable_drives !values["DisableRemovableDriveScanning"]
109
+ scan_network_files !values["DisableScanningNetworkFiles"]
110
+ scan_mapped_drives !values["DisableScanningMappedNetworkDrivesForFullScan"]
111
+ end
112
+
113
+ action :enable, description: "Enable and configure Windows Defender." do
114
+ windows_service "Windows Defender" do
115
+ service_name "WinDefend"
116
+ action %i{start enable}
117
+ startup_type :automatic
118
+ end
119
+
120
+ converge_if_changed do
121
+ powershell_exec!(set_mppreference_cmd)
122
+ end
123
+ end
124
+
125
+ action :disable, description: "Disable Windows Defender." do
126
+ windows_service "Windows Defender" do
127
+ service_name "WinDefend"
128
+ action %i{disable stop}
129
+ end
130
+ end
131
+
132
+ action_class do
133
+ require "chef/mixin/powershell_type_coercions"
134
+ include Chef::Mixin::PowershellTypeCoercions
135
+
136
+ PROPERTY_TO_PS_MAP = {
137
+ realtime_protection: "DisableIOAVProtection",
138
+ intrusion_protection_system: "DisableIntrusionPreventionSystem",
139
+ scan_archives: "DisableArchiveScanning",
140
+ scan_scripts: "DisableScriptScanning",
141
+ scan_email: "DisableEmailScanning",
142
+ scan_removable_drives: "DisableRemovableDriveScanning",
143
+ scan_network_files: "DisableScanningNetworkFiles",
144
+ scan_mapped_drives: "DisableScanningMappedNetworkDrivesForFullScan",
145
+ }.freeze
146
+
147
+ def set_mppreference_cmd
148
+ cmd = "Set-MpPreference -Force"
149
+ cmd << " -UILockdown #{type_coercion(new_resource.lock_ui)}"
150
+
151
+ # the values are the opposite in Set-MpPreference and our properties so we have to iterate
152
+ # over the list and negate the provided values so it makes sense with the cmdlet flag's expected value
153
+ PROPERTY_TO_PS_MAP.each do |prop, flag|
154
+ next if new_resource.send(prop).nil? || current_resource.send(prop) == new_resource.send(prop)
155
+
156
+ cmd << " -#{flag} #{type_coercion(!new_resource.send(prop))}"
157
+ end
158
+ cmd
159
+ end
160
+ end
161
+ end
162
+ end
163
+ end