chef 17.2.29-universal-mingw32 → 17.5.22-universal-mingw32

data/lib/chef/resource/windows_printer.rb

@@ -22,6 +22,10 @@ require_relative "../resource"
 
 class Chef
   class Resource
+    # @todo
+    # 1. Allow updating the printer properties
+    # 2. Fail with a warning if the port can't be found and create_port is false
+    # 3. Fail with helpful messaging if the printer driver can't be installed
     class WindowsPrinter < Chef::Resource
       unified_mode true
 
@@ -29,7 +33,7 @@ class Chef
 
       provides(:windows_printer) { true }
 
-      description "Use the **windows_printer** resource to setup Windows printers. Note that this doesn't currently install a printer driver. You must already have the driver installed on the system."
+      description "Use the **windows_printer** resource to setup Windows printers. This resource will automatically install the driver specified in the `driver_name` property and will automatically create a printer port using either the `ipv4_address` property or the `port_name` property."
       introduced "14.0"
       examples <<~DOC
       **Create a printer**:
@@ -50,6 +54,23 @@ class Chef
         action :delete
       end
       ```
+
+      **Create a printer port and a printer that uses that port (new in 17.3)**
+
+      ```ruby
+      windows_printer_port '10.4.64.39' do
+        port_name 'My awesome printer port'
+        snmp_enabled true
+        port_protocol 2
+      end
+
+      windows_printer 'HP LaserJet 5th Floor' do
+        driver_name 'HP LaserJet 4100 Series PCL6'
+        port_name 'My awesome printer port'
+        ipv4_address '10.4.64.38'
+        create_port false
+      end
+      ```
       DOC
 
       property :device_id, String,
@@ -84,25 +105,74 @@ class Chef
             proc { |v| v.match(Resolv::IPv4::Regex) },
         }
 
-      PRINTERS_REG_KEY = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\'.freeze unless defined?(PRINTERS_REG_KEY)
+      property :create_port, [TrueClass, FalseClass],
+        description: "Create a printer port for the printer. Set this to false and specify the `port_name` property if using the `windows_printer_port` resource to create the port instead.",
+        introduced: "17.3",
+        default: true, desired_state: false
+
+      property :port_name, String,
+        description: "The port name.",
+        default: lazy { |x| "IP_#{x.ipv4_address}" },
+        introduced: "17.3",
+        default_description: "The resource block name or the ipv4_address prepended with IP_."
 
-      # @todo Set @current_resource printer properties from registry
       load_current_value do |new_resource|
-        name new_resource.name
+        printer_data = powershell_exec(%Q{Get-WmiObject -Class Win32_Printer -Filter "Name='#{new_resource.device_id}'"}).result
+
+        if printer_data.empty?
+          current_value_does_not_exist!
+        else
+          device_id new_resource.device_id
+          comment printer_data["Comment"]
+          default printer_data["Default"]
+          location printer_data["Location"]
+          shared printer_data["Shared"]
+          share_name printer_data["ShareName"]
+          port_name printer_data["PortName"]
+
+          driver_data = powershell_exec(%Q{Get-PrinterDriver -Name="#{new_resource.driver_name}"}).result
+          unless driver_data.empty?
+            driver_name new_resource.driver_name
+          end
+        end
       end
 
       action :create, description: "Create a new printer and printer port, if one doesn't already." do
-        if printer_exists?
+        if current_resource
           Chef::Log.info "#{@new_resource} already exists - nothing to do."
         else
-          converge_by("Create #{@new_resource}") do
-            create_printer
+          # Create the printer port first unless the property is set to false
+          if new_resource.create_port
+            windows_printer_port new_resource.port_name do
+              ipv4_address new_resource.ipv4_address
+              port_name new_resource.port_name
+            end
+          end
+
+          converge_by("install driver #{new_resource.driver_name}") do
+            powershell_exec!("Add-PrinterDriver -Name '#{new_resource.driver_name}'")
+          end
+
+          converge_by("create #{@new_resource.device_id}") do
+            powershell_exec! <<-EOH
+            Set-WmiInstance -class Win32_Printer `
+              -EnableAllPrivileges `
+              -Argument @{ DeviceID   = "#{new_resource.device_id}";
+                          Comment    = "#{new_resource.comment}";
+                          Default    = "$#{new_resource.default}";
+                          DriverName = "#{new_resource.driver_name}";
+                          Location   = "#{new_resource.location}";
+                          PortName   = "#{new_resource.port_name}";
+                          Shared     = "$#{new_resource.shared}";
+                          ShareName  = "#{new_resource.share_name}";
+                        }
+            EOH
           end
         end
       end
 
       action :delete, description: "Delete an existing printer. Note that this resource does not delete the associated printer port." do
-        if printer_exists?
+        if current_resource
           converge_by("Delete #{new_resource.device_id}") do
             powershell_exec!("Remove-Printer -Name '#{new_resource.device_id}'")
           end
@@ -110,42 +180,6 @@ class Chef
           Chef::Log.info "#{new_resource.device_id} doesn't exist - can't delete."
         end
       end
-
-      action_class do
-        # does the printer exist
-        #
-        # @param [String] name the name of the printer
-        # @return [Boolean]
-        def printer_exists?
-          printer_reg_key = PRINTERS_REG_KEY + new_resource.name
-          logger.trace "Checking to see if this reg key exists: '#{printer_reg_key}'"
-          registry_key_exists?(printer_reg_key)
-        end
-
-        # creates the printer port and then the printer
-        def create_printer
-          # Create the printer port first
-          windows_printer_port new_resource.ipv4_address
-
-          port_name = "IP_#{new_resource.ipv4_address}"
-
-          declare_resource(:powershell_script, "Creating printer: #{new_resource.device_id}") do
-            code <<-EOH
-              Set-WmiInstance -class Win32_Printer `
-                -EnableAllPrivileges `
-                -Argument @{ DeviceID   = "#{new_resource.device_id}";
-                            Comment    = "#{new_resource.comment}";
-                            Default    = "$#{new_resource.default}";
-                            DriverName = "#{new_resource.driver_name}";
-                            Location   = "#{new_resource.location}";
-                            PortName   = "#{port_name}";
-                            Shared     = "$#{new_resource.shared}";
-                            ShareName  = "#{new_resource.share_name}";
-                          }
-            EOH
-          end
-        end
-      end
     end
   end
 end

data/lib/chef/resource/windows_printer_port.rb

@@ -137,7 +137,7 @@ class Chef
 
       action :delete, description: "Delete an existing printer port." do
         if current_resource
-          converge_by("Delete #{new_resource.port_name}") do
+          converge_by("delete port #{new_resource.port_name}") do
             powershell_exec!("Remove-PrinterPort -Name #{new_resource.port_name}")
           end
         else

data/lib/chef/resource/windows_uac.rb

@@ -104,7 +104,9 @@ class Chef
         #
         # @return [Integer]
         def consent_behavior_users_symbol_to_reg(sym)
-          %i{auto_deny secure_prompt_for_creds prompt_for_creds}.index(sym)
+          # Since 2 isn't a valid value for ConsentPromptBehaviorUser, assign the value at index as nil.
+          # https://docs.microsoft.com/en-us/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings#registry-key-settings
+          [:auto_deny, :secure_prompt_for_creds, nil, :prompt_for_creds].index(sym)
         end
       end
     end

data/lib/chef/resource/windows_update_settings.rb

@@ -0,0 +1,259 @@
+#
+# Author:: Sölvi Páll Ásgeirsson (<solvip@gmail.com>)
+# Author:: Richard Lavey (richard.lavey@calastone.com)
+# Author:: Tim Smith (tsmith@chef.io)
+#
+# Copyright:: 2014-2017, Sölvi Páll Ásgeirsson.
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+class Chef
+  class Resource
+    class WindowsUpdateSettings < Chef::Resource
+      unified_mode true
+
+      provides :windows_update_settings
+
+      description "Use the **windows_update_settings** resource to manage the various Windows Update patching options."
+      introduced "17.3"
+      examples <<~DOC
+      **Set Windows Update settings**:
+
+      ```ruby
+      windows_update_settings 'Settings to Configure Windows Nodes to automatically receive updates' do
+        disable_os_upgrades true
+        elevate_non_admins true
+        block_windows_update_website true
+        automatically_install_minor_updates true
+        scheduled_install_day 'Friday'
+        scheduled_install_hour 18
+        update_other_ms_products true
+        action :enable
+      end
+      ```
+      DOC
+
+      # required for the alias to pass validation
+      allowed_actions :set, :enable
+
+      DAYS = %W{Everyday Monday Tuesday Wednesday Thursday Friday Saturday Sunday}.freeze
+      UPDATE_OPTIONS = {
+                        notify: 2,
+                        download_and_notify: 3,
+                        download_and_schedule: 4,
+                        local_admin_decides: 5,
+                      }.freeze
+
+      # HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate
+
+      property :disable_os_upgrades, [true, false], default: false, description: "Disable OS upgrades."
+      # options: 0 - let windows update update the os - false
+      #          1 - don't let windows update update the os - true
+
+      property :elevate_non_admins, [true, false], default: true, description: "Allow normal user accounts to temporarily be elevated to install patches."
+      # options: 0 - do not elevate a user to force an install - false
+      #          1 - do elevate the logged on user to install an update - true
+
+      property :add_to_target_wsus_group, [true, false], deprecated: "As of Chef Infra Client 17.3 the `add_to_target_wsus_group` property is no longer necessary."
+      # we set this registry value now automatically if the group name is set
+
+      property :target_wsus_group_name, String, description: "Add the node to a WSUS Target Group."
+      # options: --- a string representing the name of a target group you defined on your wsus server
+
+      property :wsus_server_url, String, description: "The URL of your WSUS server if you use one."
+      # options: --- a url for your internal update server in the form of https://my.updateserver.tld:4545 or whatever
+
+      property :wsus_status_server_url, String, deprecated: "As of Chef Infra Client 17.3 the `wsus_status_server_url` no longer needs to be set."
+      # this needs to be the same as wsus_server_url so we just set that value in both places now
+
+      # HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
+
+      property :block_windows_update_website, [true, false], default: false, description: "Block accessing the Windows Update website."
+      # options: 0 - allow access to the windows update website - false
+      #          1 - do not allow access to the windows update website - true
+
+      # HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate\AU
+
+      property :automatic_update_option, [Integer, Symbol], equal_to: UPDATE_OPTIONS.keys, coerce: proc { |x| UPDATE_OPTIONS.key(x) || x },
+                default: :download_and_schedule,
+                description: "Control what to do when updates are found. This allows you to notify, automatically download and notify to install, automatically download and schedule the install, or let the local admin decide what action to take."
+      # options: 2 - notify before download
+      #          3 - auto download and notify
+      #          4 - auto download and schedule - must also set day and time (below)
+      #          5 - allow the local admin to decide
+
+      property :automatically_install_minor_updates, [true, false], default: false, description: "Automatically install minor updates."
+      # options: 0 - do not automatically install minor updates - false
+      #          1 - of course, silently install them! - true
+
+      property :enable_detection_frequency, [true, false], default: false, description: "Used to override the OS default of how often to check for updates"
+      # do i want my nodes checking for updates at a time interval i chose?
+      # options: 0 - do not enable the option for a custom interval - false
+      #          1 - yeah, buddy, i want to set my own interval for checking for updates - true
+
+      property :custom_detection_frequency, Integer, default: 22, description: "If you decided to override the OS default detection frequency, specify your choice here. Valid choices are 0 - 22",
+      callbacks: {
+        "should be a valid detection frequency (0-22)" => lambda { |p|
+          p >= 0 && p <= 22
+        },
+      }
+      # a time period of between 0 and 22 hours to check for new updates
+      # this is a hex value - convert it from dec to hex
+
+      property :no_reboot_with_users_logged_on, [true, false], default: true, description: "Prevents the OS from rebooting while someone is on the console."
+      # options: 0 - user is notified of pending reboot in xx minutes - false/off
+      #          1 - user is notified of pending reboot but can defer - true/on
+
+      property :disable_automatic_updates, [true, false], default: false, description: "Disable Windows Update."
+      # options: 0 - enable automatic updates to the local system - false
+      #          1 - disable automatic updates - true
+
+      property :scheduled_install_day, String, equal_to: DAYS, default: DAYS.first, description: "A day of the week to tell Windows when to install updates."
+      # options: Everyday - install every day
+      #          Sunday - Saturday day of the week to install, 1 == sunday
+
+      property :scheduled_install_hour, Integer, description: "If you chose a scheduled day to install, then choose an hour on that day for you installation",
+                callbacks: {
+                  "should be a valid hour in a 24 hour clock" => lambda { |p|
+                    p > 0 && p < 25
+                  },
+                }
+      # options: --- 2-digit number representing an hour of the day, uses a 24-hour clock, 12 == noon, 24 == midnight
+
+      property :update_other_ms_products, [true, false], default: true, description: "Allows for other Microsoft products to get updates too"
+      # options: 0 - do not allow wu to update other apps - remove key from hive - false/off
+      #          1 - please update all my stuff! - true/on
+
+      # \AU\AllowMUUpdateService dword: 1
+
+      property :custom_wsus_server, [true, false], deprecated: "As of Chef Infra Client 17.3 the `custom_wsus_server` no longer needs to be setup when specifying a WSUS endpoint."
+      # not necessary as we set this registry value automatically if a URL is set
+
+      action :set, description: "Set Windows Update settings." do
+        actual_day = convert_day(new_resource.scheduled_install_day)
+
+        registry_key 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate' do
+          recursive true
+          values [{
+            name: "DisableOSUpgrade",
+            type: :dword,
+            data: new_resource.disable_os_upgrades ? 1 : 0,
+          },
+          {
+            name: "ElevateNonAdmins",
+            type: :dword,
+            data: new_resource.elevate_non_admins ? 1 : 0,
+          },
+          {
+            name: "TargetGroupEnabled",
+            type: :dword,
+            data: new_resource.target_wsus_group_name ? 1 : 0,
+          },
+          {
+            name: "TargetGroup",
+            type: :string,
+            data: new_resource.target_wsus_group_name,
+          },
+          {
+            name: "WUServer",
+            type: :string,
+            data: new_resource.wsus_server_url,
+          },
+          {
+            name: "WUStatusServer",
+            type: :string,
+            data: new_resource.wsus_server_url, # status server and server need to be the same. Why? Ask Microsoft
+          }]
+          action :create
+        end
+
+        registry_key 'HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer' do
+          recursive true
+          values [{
+            name: "NoWindowsUpdate",
+            type: :dword,
+            data: new_resource.block_windows_update_website ? 1 : 0,
+          }]
+          action :create
+        end
+
+        registry_key 'HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU' do
+          recursive true
+          values [{
+            name: "AUOptions",
+            type: :dword,
+            data: UPDATE_OPTIONS[new_resource.automatic_update_option],
+          },
+          {
+            name: "AutoInstallMinorUpdates",
+            type: :dword,
+            data: new_resource.automatically_install_minor_updates ? 1 : 0,
+          },
+          {
+            name: "DetectionFrequencyEnabled",
+            type: :dword,
+            data: new_resource.enable_detection_frequency ? 1 : 0,
+          },
+          {
+            name: "DetectionFrequency",
+            type: :dword,
+            data: new_resource.custom_detection_frequency,
+          },
+          {
+            name: "NoAutoRebootWithLoggedOnUsers",
+            type: :dword,
+            data: new_resource.no_reboot_with_users_logged_on ? 1 : 0,
+          },
+          {
+            name: "NoAutoUpdate",
+            type: :dword,
+            data: new_resource.disable_automatic_updates ? 1 : 0,
+          },
+          {
+            name: "ScheduledInstallDay",
+            type: :dword,
+            data: actual_day,
+          },
+          {
+            name: "ScheduledInstallTime",
+            type: :dword,
+            data: new_resource.scheduled_install_hour,
+          },
+          {
+            name: "AllowMUUpdateService",
+            type: :dword,
+            data: new_resource.update_other_ms_products ? 1 : 0,
+          },
+          {
+            name: "UseWUServer",
+            type: :dword,
+            data: new_resource.wsus_server_url ? 1 : 0, # if we have a URL set then want to turn on WSUS functionality
+          }]
+          action :create
+        end
+      end
+
+      action_class do
+        def convert_day(day)
+          DAYS.index(day)
+        end
+
+        # support the old name as well
+        alias_method :action_enable, :action_set
+      end
+    end
+  end
+end

data/lib/chef/resource/windows_user_privilege.rb

@@ -139,7 +139,7 @@ class Chef
         coerce: proc { |v| Array(v) },
         callbacks: {
           "Privilege property restricted to the following values: #{PRIVILEGE_OPTS}" => lambda { |n| (n - PRIVILEGE_OPTS).empty? },
-        }
+        }, identity: true
 
       load_current_value do |new_resource|
         if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove))

data/lib/chef/resource/yum_package.rb

@@ -27,11 +27,7 @@ class Chef
       provides :yum_package
       provides :package, platform_family: "fedora_derived"
 
-      description "Use the **yum_package** resource to install, upgrade, and remove packages with Yum"\
-                  " for the Red Hat and CentOS platforms. The yum_package resource is able to resolve"\
-                  " `provides` data for packages much like Yum can do when it is run from the command line."\
-                  " This allows a variety of options for installing packages, like minimum versions,"\
-                  " virtual provides, and library names."
+      description "Use the **yum_package** resource to install, upgrade, and remove packages with Yum for the Red Hat and CentOS platforms. The yum_package resource is able to resolve `provides` data for packages much like Yum can do when it is run from the command line. This allows a variety of options for installing packages, like minimum versions, virtual provides, and library names. Note: Support for using file names to install packages (as in `yum_package '/bin/sh'`) is not available because the volume of data required to parse for this is excessive."
       examples <<~DOC
         **Install an exact version**:
 

data/lib/chef/resource.rb

@@ -1063,7 +1063,8 @@ class Chef
     # action for the resource.
     #
     # @param name [Symbol] The action name to define.
-    # @param description [String] optional description for the action
+    # @param description [String] optional description for the action. Used for
+    #   documentation generation.
     # @param recipe_block The recipe to run when the action is taken. This block
     #   takes no parameters, and will be evaluated in a new context containing:
     #
@@ -1076,11 +1077,8 @@ class Chef
     def self.action(action, description: nil, &recipe_block)
       action = action.to_sym
       declare_action_class
-      action_class.action(action, &recipe_block)
+      action_class.action(action, description: description, &recipe_block)
       self.allowed_actions += [ action ]
-      # Accept any non-nil description, which will correctly override
-      # any specific inherited description.
-      action_descriptions[action] = description unless description.nil?
       default_action action if Array(default_action) == [:nothing]
     end
 
@@ -1090,18 +1088,15 @@ class Chef
     # @param action [Symbol,String] the action name
     # @return the description of the action provided, or nil if no description
     # was defined
-    def self.action_description(action)
-      action_descriptions[action.to_sym]
-    end
-
-    # @api private
-    #
-    # @return existing action description hash, or newly-initialized
-    # hash containing action descriptions inherited from parent Resource,
-    # if any.
-    def self.action_descriptions
-      @action_descriptions ||=
-        superclass.respond_to?(:action_descriptions) ? superclass.action_descriptions.dup : { nothing: nil }
+    def action_description(action)
+      provider_for_action(action).class.action_description(action)
+    rescue Chef::Exceptions::ProviderNotFound
+      # If a provider can't be found, there can be no description defined on the provider.
+      nil
+    rescue NameError => e
+      # This can happen when attempting to load a provider in a platform-specific
+      # environment where we have not required the necessary files yet
+      raise unless e.message =~ /uninitialized constant/
     end
 
     # Define a method to load up this resource's properties with the current
@@ -1191,6 +1186,7 @@ class Chef
             if superclass.custom_resource?
               superclass.action_class
             else
+
               ActionClass
             end
 

data/lib/chef/resource_inspector.rb

@@ -23,6 +23,11 @@ require_relative "node"
 require_relative "resources"
 require_relative "json_compat"
 
+# We need to require providers  so that we can resolve
+# action documentation that may have been defined on the providers
+# instead of the resources.
+require_relative "providers"
+
 class Chef
   module ResourceInspector
     def self.get_default(default)
@@ -39,11 +44,10 @@ class Chef
     def self.extract_resource(resource, complete = false)
       data = {}
       data[:description] = resource.description
-      # data[:deprecated] = resource.deprecated || false
       data[:default_action] = resource.default_action
       data[:actions] = {}
       resource.allowed_actions.each do |action|
-        data[:actions][action] = resource.action_description(action)
+        data[:actions][action] = resource.new(resource.to_s, nil).action_description(action)
       end
 
       data[:examples] = resource.examples

data/lib/chef/resources.rb

@@ -58,6 +58,14 @@ require_relative "resource/ips_package"
 require_relative "resource/gem_package"
 require_relative "resource/scm/git"
 require_relative "resource/group"
+require_relative "resource/habitat/habitat_package"
+require_relative "resource/habitat/habitat_sup"
+require_relative "resource/habitat/habitat_sup_systemd"
+require_relative "resource/habitat/habitat_sup_windows"
+require_relative "resource/habitat_config"
+require_relative "resource/habitat_install"
+require_relative "resource/habitat_service"
+require_relative "resource/habitat_user_toml"
 require_relative "resource/http_request"
 require_relative "resource/hostname"
 require_relative "resource/homebrew_cask"
@@ -65,6 +73,8 @@ require_relative "resource/homebrew_package"
 require_relative "resource/homebrew_tap"
 require_relative "resource/homebrew_update"
 require_relative "resource/ifconfig"
+require_relative "resource/inspec_input"
+require_relative "resource/inspec_waiver"
 require_relative "resource/inspec_waiver_file_entry"
 require_relative "resource/kernel_module"
 require_relative "resource/ksh"
@@ -148,6 +158,8 @@ require_relative "resource/windows_ad_join"
 require_relative "resource/windows_audit_policy"
 require_relative "resource/windows_auto_run"
 require_relative "resource/windows_certificate"
+require_relative "resource/windows_defender"
+require_relative "resource/windows_defender_exclusion"
 require_relative "resource/windows_dfs_folder"
 require_relative "resource/windows_dfs_namespace"
 require_relative "resource/windows_dfs_server"
@@ -167,7 +179,8 @@ require_relative "resource/windows_share"
 require_relative "resource/windows_shortcut"
 require_relative "resource/windows_task"
 require_relative "resource/windows_uac"
+require_relative "resource/windows_update_settings"
 require_relative "resource/windows_workgroup"
 require_relative "resource/timezone"
 require_relative "resource/windows_user_privilege"
-require_relative "resource/windows_security_policy"
+require_relative "resource/windows_security_policy"