chef 17.2.29-universal-mingw32 → 17.5.22-universal-mingw32

data/lib/chef/provider/systemd_unit.rb

@@ -22,6 +22,7 @@ require_relative "../resource/file"
 require_relative "../resource/file/verification/systemd_unit"
 require "iniparse"
 require "shellwords" unless defined?(Shellwords)
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Provider
@@ -75,7 +76,7 @@ class Chef
         end
       end
 
-      action :create do
+      action :create, description: "Create a systemd unit file, if it does not already exist." do
         if current_resource.content != new_resource.to_ini
           converge_by("creating unit: #{new_resource.unit_name}") do
             manage_unit_file(:create)
@@ -84,7 +85,7 @@ class Chef
         end
       end
 
-      action :delete do
+      action :delete, description: "Delete a systemd unit file, if it exists." do
         if ::File.exist?(unit_path)
           converge_by("deleting unit: #{new_resource.unit_name}") do
             manage_unit_file(:delete)
@@ -93,19 +94,19 @@ class Chef
         end
       end
 
-      action :preset do
+      action :preset, description: "Restore the preset '`enable`/`disable`' configuration for a systemd unit. *New in #{ChefUtils::Dist::Infra::PRODUCT} 14.0.*" do
         converge_by("restoring enable/disable preset configuration for unit: #{new_resource.unit_name}") do
           systemctl_execute!(:preset, new_resource.unit_name)
         end
       end
 
-      action :revert do
+      action :revert, description: "Revert to a vendor's version of a systemd unit file. *New in #{ChefUtils::Dist::Infra::PRODUCT} 14.0.*" do
         converge_by("reverting to vendor version of unit: #{new_resource.unit_name}") do
           systemctl_execute!(:revert, new_resource.unit_name)
         end
       end
 
-      action :enable do
+      action :enable, description: "Ensure the unit will be started after the next system boot." do
         if current_resource.static
           logger.debug("#{new_resource.unit_name} is a static unit, enabling is a NOP.")
         end
@@ -121,7 +122,7 @@ class Chef
         end
       end
 
-      action :disable do
+      action :disable, description: "Ensure the unit will not be started after the next system boot." do
         if current_resource.static
           logger.debug("#{new_resource.unit_name} is a static unit, disabling is a NOP.")
         end
@@ -138,14 +139,14 @@ class Chef
         end
       end
 
-      action :reenable do
+      action :reenable, description: "Reenable a unit file. *New in #{ChefUtils::Dist::Infra::PRODUCT} 14.0.*" do
         converge_by("reenabling unit: #{new_resource.unit_name}") do
           systemctl_execute!(:reenable, new_resource.unit_name)
           logger.info("#{new_resource} reenabled")
         end
       end
 
-      action :mask do
+      action :mask, description: "Ensure the unit will not start, even to satisfy dependencies." do
         unless current_resource.masked
           converge_by("masking unit: #{new_resource.unit_name}") do
             systemctl_execute!(:mask, new_resource.unit_name)
@@ -154,7 +155,7 @@ class Chef
         end
       end
 
-      action :unmask do
+      action :unmask, description: "Stop the unit from being masked and cause it to start as specified." do
         if current_resource.masked
           converge_by("unmasking unit: #{new_resource.unit_name}") do
             systemctl_execute!(:unmask, new_resource.unit_name)
@@ -163,7 +164,7 @@ class Chef
         end
       end
 
-      action :start do
+      action :start, description: "Start a systemd unit." do
         unless current_resource.active
           converge_by("starting unit: #{new_resource.unit_name}") do
             systemctl_execute!(:start, new_resource.unit_name, default_env: false)
@@ -172,7 +173,7 @@ class Chef
         end
       end
 
-      action :stop do
+      action :stop, description: "Stop a running systemd unit." do
         if current_resource.active
           converge_by("stopping unit: #{new_resource.unit_name}") do
             systemctl_execute!(:stop, new_resource.unit_name, default_env: false)
@@ -181,14 +182,14 @@ class Chef
         end
       end
 
-      action :restart do
+      action :restart, description: "Restart a systemd unit." do
         converge_by("restarting unit: #{new_resource.unit_name}") do
           systemctl_execute!(:restart, new_resource.unit_name, default_env: false)
           logger.info("#{new_resource} restarted")
         end
       end
 
-      action :reload do
+      action :reload, description: "Reload the configuration file for a systemd unit." do
         if current_resource.active
           converge_by("reloading unit: #{new_resource.unit_name}") do
             systemctl_execute!(:reload, new_resource.unit_name, default_env: false)
@@ -199,21 +200,21 @@ class Chef
         end
       end
 
-      action :try_restart do
+      action :try_restart, description: "Try to restart a systemd unit if the unit is running." do
         converge_by("try-restarting unit: #{new_resource.unit_name}") do
           systemctl_execute!("try-restart", new_resource.unit_name, default_env: false)
           logger.info("#{new_resource} try-restarted")
         end
       end
 
-      action :reload_or_restart do
+      action :reload_or_restart, description: "For systemd units that are services, this action reloads the configuration of the service without restarting, if possible; otherwise, it will restart the service so the new configuration is applied." do
         converge_by("reload-or-restarting unit: #{new_resource.unit_name}") do
           systemctl_execute!("reload-or-restart", new_resource.unit_name, default_env: false)
           logger.info("#{new_resource} reload-or-restarted")
         end
       end
 
-      action :reload_or_try_restart do
+      action :reload_or_try_restart, description: "For systemd units that are services, this action reloads the configuration of the service without restarting, if possible; otherwise, it will try to restart the service so the new configuration is applied." do
         converge_by("reload-or-try-restarting unit: #{new_resource.unit_name}") do
           systemctl_execute!("reload-or-try-restart", new_resource.unit_name, default_env: false)
           logger.info("#{new_resource} reload-or-try-restarted")

data/lib/chef/provider/template.rb

@@ -39,7 +39,7 @@ class Chef
         super
 
         requirements.assert(:create, :create_if_missing) do |a|
-          a.assertion { ::File.exists?(content.template_location) }
+          a.assertion { ::File.exist?(content.template_location) }
           a.failure_message "Template source #{content.template_location} could not be found."
           a.whyrun "Template source #{content.template_location} does not exist. Assuming it would have been created."
           a.block_action!

data/lib/chef/provider/user/mac.rb

@@ -28,7 +28,7 @@ class Chef
   class Provider
     class User
       # A macOS user provider that is compatible with default TCC restrictions
-      # in macOS 10.14. See resource/user/mac_user.rb for complete description
+      # in macOS 10.14+. See resource/user/mac_user.rb for complete description
       # of the mac_user resource
       class MacUser < Chef::Provider::User
         include Chef::Mixin::Which
@@ -49,11 +49,11 @@ class Chef
             current_resource.uid(user_plist[:uid][0])
             current_resource.gid(user_plist[:gid][0])
             current_resource.home(user_plist[:home][0])
-            current_resource.shell(user_plist[:shell][0])
+            current_resource.shell(user_plist[:shell]&.first) # use &.first since shell can be nil
             current_resource.comment(user_plist[:comment][0])
 
             if user_plist[:is_hidden]
-              current_resource.hidden(user_plist[:is_hidden][0] == "1" ? true : false)
+              current_resource.hidden(user_plist[:is_hidden]&.first == "1" ? true : false) # when not hidden the value seems to be nil so &.first to handle that
             end
 
             shadow_hash = user_plist[:shadow_hash]

data/lib/chef/provider/yum_repository.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "../resource"
-require_relative "../dsl/declare_resource"
 require_relative "../mixin/which"
 require_relative "noop"
 
@@ -32,8 +31,8 @@ class Chef
 
       def load_current_resource; end
 
-      action :create do
-        declare_resource(:template, ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo")) do
+      action :create, description: "Create a repository based on the properties." do
+        template ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo") do
           if template_available?(new_resource.source)
             source new_resource.source
           else
@@ -46,72 +45,57 @@ class Chef
           if new_resource.make_cache
             notifies :run, "execute[yum clean metadata #{new_resource.repositoryid}]", :immediately if new_resource.clean_metadata || new_resource.clean_headers
             notifies :run, "execute[yum-makecache-#{new_resource.repositoryid}]", :immediately
-            notifies :create, "ruby_block[package-cache-reload-#{new_resource.repositoryid}]", :immediately
+            notifies :flush_cache, "package[package-cache-reload-#{new_resource.repositoryid}]", :immediately
           end
         end
 
-        declare_resource(:execute, "yum clean metadata #{new_resource.repositoryid}") do
-          command "yum clean metadata --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
-          action :nothing
-        end
+        # avoid extra logging if make_cache property isn't set
+        if new_resource.make_cache
+          execute "yum clean metadata #{new_resource.repositoryid}" do
+            command "yum clean metadata --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+            action :nothing
+          end
 
-        # get the metadata for this repo only
-        declare_resource(:execute, "yum-makecache-#{new_resource.repositoryid}") do
-          command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
-          action :nothing
-          only_if { new_resource.enabled }
-        end
+          # get the metadata for this repo only
+          execute "yum-makecache-#{new_resource.repositoryid}" do
+            command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+            action :nothing
+            only_if { new_resource.enabled }
+          end
 
-        # reload internal Chef yum/dnf cache
-        declare_resource(:ruby_block, "package-cache-reload-#{new_resource.repositoryid}") do
-          if ( platform?("fedora") && node["platform_version"].to_i >= 22 ) ||
-              ( platform_family?("rhel") && node["platform_version"].to_i >= 8 )
-            block { Chef::Provider::Package::Dnf::PythonHelper.instance.restart }
-          else
-            block { Chef::Provider::Package::Yum::YumCache.instance.reload }
+          package "package-cache-reload-#{new_resource.repositoryid}" do
+            action :nothing
           end
-          action :nothing
         end
       end
 
-      action :delete do
+      action :delete, description: "Remove a repository." do
         # clean the repo cache first
-        declare_resource(:execute, "yum clean all #{new_resource.repositoryid}") do
+        execute "yum clean all #{new_resource.repositoryid}" do
           command "yum clean all --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
           only_if "yum repolist all | grep -P '^#{new_resource.repositoryid}([ \t]|$)'"
         end
 
-        declare_resource(:file, ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo")) do
+        file ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo") do
           action :delete
-          notifies :create, "ruby_block[package-cache-reload-#{new_resource.repositoryid}]", :immediately
+          notifies :flush_cache, "package[package-cache-reload-#{new_resource.repositoryid}]", :immediately
         end
 
-        declare_resource(:ruby_block, "package-cache-reload-#{new_resource.repositoryid}") do
-          if ( platform?("fedora") && node["platform_version"].to_i >= 22 ) ||
-              ( platform_family?("rhel") && node["platform_version"].to_i >= 8 )
-            block { Chef::Provider::Package::Dnf::PythonHelper.instance.restart }
-          else
-            block { Chef::Provider::Package::Yum::YumCache.instance.reload }
-          end
+        package "package-cache-reload-#{new_resource.repositoryid}" do
           action :nothing
         end
       end
 
-      action :makecache do
-        declare_resource(:execute, "yum-makecache-#{new_resource.repositoryid}") do
+      action :makecache, description: "Force the creation of the repository cache. This is also done automatically when a repository is updated." do
+        execute "yum-makecache-#{new_resource.repositoryid}" do
           command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
           action :run
           only_if { new_resource.enabled }
+          notifies :flush_cache, "package[package-cache-reload-#{new_resource.repositoryid}]", :immediately
         end
 
-        declare_resource(:ruby_block, "package-cache-reload-#{new_resource.repositoryid}") do
-          if ( platform?("fedora") && node["platform_version"].to_i >= 22 ) ||
-              ( platform_family?("rhel") && node["platform_version"].to_i >= 8 )
-            block { Chef::Provider::Package::Dnf::PythonHelper.instance.restart }
-          else
-            block { Chef::Provider::Package::Yum::YumCache.instance.reload }
-          end
-          action :run
+        package "package-cache-reload-#{new_resource.repositoryid}" do
+          action :nothing
         end
       end
 

data/lib/chef/provider/zypper_repository.rb

@@ -29,7 +29,7 @@ class Chef
 
       def load_current_resource; end
 
-      action :create do
+      action :create, description: "Add a new Zypper repository." do
         if new_resource.gpgautoimportkeys
           install_gpg_keys(new_resource.gpgkey)
         else
@@ -50,13 +50,13 @@ class Chef
         end
       end
 
-      action :delete do
+      action :delete, description: "Remove a Zypper repository." do
         execute "zypper --quiet --non-interactive removerepo #{escaped_repo_name}" do
           only_if "zypper --quiet lr #{escaped_repo_name}"
         end
       end
 
-      action :refresh do
+      action :refresh, description: "Refresh Zypper repository." do
         execute "zypper --quiet --non-interactive refresh --force #{escaped_repo_name}" do
           only_if "zypper --quiet lr #{escaped_repo_name}"
         end

data/lib/chef/provider.rb

@@ -57,10 +57,12 @@ class Chef
     #
     # @since 13.0
     # @param name [String, Symbol] Name of the action to define.
+    # @param description [String] description of the action
     # @param block [Proc] Body of the action.
     #
     # @return [void]
-    def self.action(name, &block)
+    def self.action(name, description: nil, &block)
+      action_descriptions[name.to_sym] = description unless description.nil?
       # We need the block directly in a method so that `return` works.
       define_method("compile_action_#{name}", &block)
       class_eval <<-EOM
@@ -70,6 +72,29 @@ class Chef
       EOM
     end
 
+    # Return the hash of action descriptions defined for
+    # the provider class.
+    #
+    # @return [Hash] hash of [Symbol] => [String] containing
+    # any provided action descriptions.
+    def self.action_descriptions
+      @action_descriptions ||= {}
+    end
+
+    # Retrieve the description for a provider's action, if
+    # any description has been included in the definition.
+    #
+    # @param action [Symbol,String] the action name
+    # @return [String] the description of the action provided, or nil if no description
+    # was defined
+    def self.action_description(action)
+      description = action_descriptions[action.to_sym]
+      if description.nil? && superclass.respond_to?(:action_description)
+        description = superclass.action_description(action)
+      end
+      description
+    end
+
     # Deprecation stub for the old use_inline_resources mode.
     #
     # @return [void]

data/lib/chef/provider_resolver.rb

@@ -57,10 +57,16 @@ class Chef
     end
 
     def resolve
-      maybe_explicit_provider(resource) ||
+      resolved = maybe_explicit_provider(resource) ||
         maybe_custom_resource(resource) ||
-        maybe_dynamic_provider_resolution(resource, action) ||
+        maybe_dynamic_provider_resolution(resource, action)
+
+      if resolved.nil?
+        raise(Chef::Exceptions::ProviderNotFound, "Cannot find a provider for #{resource}") if node.nil?
+
         raise(Chef::Exceptions::ProviderNotFound, "Cannot find a provider for #{resource} on #{node["platform"]} version #{node["platform_version"]}")
+      end
+      resolved
     end
 
     # Does NOT call provides? on the resource (it is assumed this is being

data/lib/chef/providers.rb

@@ -74,6 +74,7 @@ require_relative "provider/package/cab"
 require_relative "provider/package/powershell"
 require_relative "provider/package/msu"
 require_relative "provider/package/snap"
+require_relative "provider/package/habitat"
 
 require_relative "provider/service/arch"
 require_relative "provider/service/freebsd"

data/lib/chef/resource/archive_file.rb

@@ -81,6 +81,11 @@ class Chef
         description: "Should the resource overwrite the destination file contents if they already exist? If set to `:auto` the date stamp of files within the archive will be compared to those on disk and disk contents will be overwritten if they differ. This may cause unintended consequences if disk date stamps are changed between runs, which will result in the files being overwritten during each client run. Make sure to properly test any change to this property.",
         default: false
 
+      property :strip_components, Integer,
+        description: "Remove the specified number of leading path elements.  Pathnames with fewer elements will be silently skipped. This behaves similarly to tar's --strip-components command line argument.",
+        introduced: "17.5",
+        default: 0
+
       # backwards compatibility for the legacy cookbook names
       alias_method :extract_options, :options
       alias_method :extract_to, :destination
@@ -117,7 +122,7 @@ class Chef
 
         if new_resource.owner || new_resource.group
           converge_by("set owner of files extracted in #{new_resource.destination} to #{new_resource.owner}:#{new_resource.group}") do
-            archive = Archive::Reader.open_filename(new_resource.path)
+            archive = Archive::Reader.open_filename(new_resource.path, nil, strip_components: new_resource.strip_components)
             archive.each_entry do |e|
               FileUtils.chown(new_resource.owner, new_resource.group, "#{new_resource.destination}/#{e.pathname}")
             end
@@ -160,18 +165,16 @@ class Chef
         # @return [Boolean]
         def archive_differs_from_disk?(src, dest)
           modified = false
-          Dir.chdir(dest) do
-            archive = Archive::Reader.open_filename(src)
-            Chef::Log.trace("Beginning the comparison of file mtime between contents of #{src} and #{dest}")
-            archive.each_entry do |e|
-              pathname = ::File.expand_path(e.pathname)
-              if ::File.exist?(pathname)
-                Chef::Log.trace("#{pathname} mtime is #{::File.mtime(pathname)} and archive is #{e.mtime}")
-                modified = true unless ::File.mtime(pathname) == e.mtime
-              else
-                Chef::Log.trace("#{pathname} doesn't exist on disk, but exists in the archive")
-                modified = true
-              end
+          archive = Archive::Reader.open_filename(src, nil, strip_components: new_resource.strip_components)
+          Chef::Log.trace("Beginning the comparison of file mtime between contents of #{src} and #{dest}")
+          archive.each_entry do |e|
+            pathname = ::File.expand_path(e.pathname, dest)
+            if ::File.exist?(pathname)
+              Chef::Log.trace("#{pathname} mtime is #{::File.mtime(pathname)} and archive is #{e.mtime}")
+              modified = true unless ::File.mtime(pathname) == e.mtime
+            else
+              Chef::Log.trace("#{pathname} doesn't exist on disk, but exists in the archive")
+              modified = true
             end
           end
           modified
@@ -189,7 +192,7 @@ class Chef
             flags = [options].flatten.map { |option| extract_option_map[option] }.compact.reduce(:|)
 
             Dir.chdir(dest) do
-              archive = Archive::Reader.open_filename(src)
+              archive = Archive::Reader.open_filename(src, nil, strip_components: new_resource.strip_components)
 
               archive.each_entry do |e|
                 archive.extract(e, flags.to_i)

data/lib/chef/resource/chef_client_config.rb

@@ -29,7 +29,7 @@ class Chef
       examples <<~DOC
       **Bare minimum #{ChefUtils::Dist::Infra::PRODUCT} client.rb**:
 
-      The absolute minimum configuration necessary for a node to communicate with the Infra Server is the URL of the Infra Server. All other configuration options either have values at the server side (Policyfiles, Roles, Environments, etc) or have default values determined at client startup.
+      The absolute minimum configuration necessary for a node to communicate with the #{ChefUtils::Dist::Server::PRODUCT} is the URL of the #{ChefUtils::Dist::Server::PRODUCT}. All other configuration options either have values at the server side (Policyfiles, Roles, Environments, etc) or have default values determined at client startup.
 
       ```ruby
       chef_client_config 'Create client.rb' do
@@ -184,6 +184,10 @@ class Chef
         coerce: proc { |x| x.map { |v| string_to_symbol(v).capitalize } },
         default: []
 
+      property :policy_persist_run_list, [true, false],
+        description: "Override run lists defined in a Policyfile with the `run_list` defined on the #{ChefUtils::Dist::Server::PRODUCT}.",
+        introduced: "17.3"
+
       property :minimal_ohai, [true, false],
         description: "Run a minimal set of Ohai plugins providing data necessary for the execution of #{ChefUtils::Dist::Infra::PRODUCT}'s built-in resources. Setting this to true will skip many large and time consuming data sets such as `cloud` or `packages`. Setting this this to true may break cookbooks that assume all Ohai data will be present."
 
@@ -277,7 +281,8 @@ class Chef
             report_handlers: format_handler(new_resource.report_handlers),
             ssl_verify_mode: new_resource.ssl_verify_mode,
             start_handlers: format_handler(new_resource.start_handlers),
-            additional_config: new_resource.additional_config
+            additional_config: new_resource.additional_config,
+            policy_persist_run_list: new_resource.policy_persist_run_list
           )
           mode "0640"
           action :create

data/lib/chef/resource/chef_client_cron.rb

@@ -106,7 +106,7 @@ class Chef
         description: "The e-mail address to e-mail any cron task failures to."
 
       property :accept_chef_license, [true, false],
-        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement/>",
+        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement>",
         default: false
 
       property :config_directory, String,

data/lib/chef/resource/chef_client_launchd.rb

@@ -65,7 +65,7 @@ class Chef
         description: "A random number of seconds between 0 and X to add to interval so that all #{ChefUtils::Dist::Infra::CLIENT} commands don't execute at the same time."
 
       property :accept_chef_license, [true, false],
-        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement/>",
+        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement>",
         default: false
 
       property :config_directory, String,

data/lib/chef/resource/chef_client_scheduled_task.rb

@@ -58,6 +58,14 @@ class Chef
         daemon_options ['-n audit_only']
       end
       ```
+
+      **Run #{ChefUtils::Dist::Infra::PRODUCT} with a persistent delay on every run calculated once, similar to how chef_client_cron resource works**:
+
+      ```ruby
+      chef_client_scheduled_task 'Run chef-client with persistent splay' do
+        use_consistent_splay true
+      end
+      ```
       DOC
 
       resource_name :chef_client_scheduled_task
@@ -87,7 +95,7 @@ class Chef
         default_description: "30 if frequency is 'minute', 1 otherwise"
 
       property :accept_chef_license, [true, false],
-        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement/>",
+        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement>",
         default: false
 
       property :start_date, String,
@@ -104,6 +112,11 @@ class Chef
         description: "A random number of seconds between 0 and X to add to interval so that all #{ChefUtils::Dist::Infra::CLIENT} commands don't execute at the same time.",
         default: 300
 
+      property :use_consistent_splay, [true, false],
+        description: "Always use the same random splay amount for each node to ensure consistent frequencies between #{ChefUtils::Dist::Infra::CLIENT} execution.",
+        introduced: "17.5",
+        default: false
+
       property :run_on_battery, [true, false],
         description: "Run the #{ChefUtils::Dist::Infra::PRODUCT} task when the system is on batteries.",
         default: true
@@ -129,6 +142,11 @@ class Chef
         description: "An array of options to pass to the #{ChefUtils::Dist::Infra::CLIENT} command.",
         default: []
 
+      property :priority, Integer,
+        description: "Use to set Priority Levels range from 0 to 10.",
+        introduced: "17.5",
+        default: 7, callbacks: { "should be in range of 0 to 10" => proc { |v| v >= 0 && v <= 10 } }
+
       action :add, description: "Add a Windows Scheduled Task that runs #{ChefUtils::Dist::Infra::PRODUCT}." do
         # TODO: Replace this with a :create_if_missing action on directory when that exists
         unless Dir.exist?(new_resource.log_directory)
@@ -151,8 +169,9 @@ class Chef
           frequency_modifier             new_resource.frequency_modifier if frequency_supports_frequency_modifier?
           start_time                     new_resource.start_time
           start_day                      new_resource.start_date unless new_resource.start_date.nil?
-          random_delay                   new_resource.splay if frequency_supports_random_delay?
+          random_delay                   new_resource.splay if frequency_supports_random_delay? && !new_resource.use_consistent_splay
           disallow_start_if_on_batteries new_resource.splay unless new_resource.run_on_battery
+          priority                       new_resource.priority
           action                         %i{create enable}
         end
       end
@@ -173,7 +192,31 @@ class Chef
           # Fetch path of cmd.exe through environment variable comspec
           cmd_path = ENV["COMSPEC"]
 
-          "#{cmd_path} /c \"#{client_cmd}\""
+          "#{cmd_path} /c \"#{consistent_splay_command}#{client_cmd}\""
+        end
+
+        #
+        # Generate a uniformly distributed unique number to sleep from 0 to the splay time
+        #
+        # @param [Integer] splay The number of seconds to splay
+        #
+        # @return [Integer]
+        #
+        def splay_sleep_time(splay)
+          seed = node["shard_seed"] || Digest::MD5.hexdigest(node.name).to_s.hex
+          random = Random.new(seed.to_i)
+          random.rand(splay)
+        end
+
+        #
+        # The consistent splay sleep time when use_consistent_splay is true.
+        #
+        # @return [NilClass,String] The prepended sleep command to run prior to executing the full command.
+        #
+        def consistent_splay_command
+          return unless new_resource.use_consistent_splay
+
+          "C:/windows/system32/windowspowershell/v1.0/powershell.exe Start-Sleep -s #{splay_sleep_time(new_resource.splay)} && "
         end
 
         #

data/lib/chef/resource/chef_client_systemd_timer.rb

@@ -75,7 +75,7 @@ class Chef
         default: "5min"
 
       property :accept_chef_license, [true, false],
-        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement/>",
+        description: "Accept the Chef Online Master License and Services Agreement. See <https://www.chef.io/online-master-agreement>",
         default: false
 
       property :run_on_battery, [true, false],

data/lib/chef/resource/chef_client_trusted_certificate.rb

@@ -64,7 +64,7 @@ class Chef
       property :certificate, String, required: [:add],
         description: "The text of the certificate file including the BEGIN/END comment lines."
 
-      action :add do
+      action :add, description: "Add a trusted certificate to #{ChefUtils::Dist::Infra::PRODUCT}'s trusted certificate directory" do
         unless ::Dir.exist?(Chef::Config[:trusted_certs_dir])
           directory Chef::Config[:trusted_certs_dir] do
             mode "0640"
@@ -78,7 +78,7 @@ class Chef
         end
       end
 
-      action :remove do
+      action :remove, description: "Remove a trusted certificate from #{ChefUtils::Dist::Infra::PRODUCT}'s trusted certificate directory" do
         file cert_path do
           action :delete
         end

data/lib/chef/resource/chef_vault_secret.rb

@@ -33,7 +33,7 @@ class Chef
         ```ruby
         chef_vault_secret 'foo' do
           data_bag 'bar'
-          raw_data({'auth' => 'baz'})
+          raw_data({ 'auth' => 'baz' })
           admins 'jtimberman'
           search '*:*'
         end
@@ -45,7 +45,7 @@ class Chef
         chef_vault_secret 'root-password' do
           admins 'jtimberman,paulmooring'
           data_bag 'secrets'
-          raw_data({'auth' => 'DoNotUseThisPasswordForRoot'})
+          raw_data({ 'auth' => 'DoNotUseThisPasswordForRoot' })
           search '*:*'
         end
         ```