chef 17.2.29 → 17.3.48

data/lib/chef/resource/habitat_config.rb

@@ -0,0 +1,107 @@
+# Copyright:: Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../http"
+require_relative "../json_compat"
+require_relative "../resource"
+
+class Chef
+  class Resource
+    class HabitatConfig < Chef::Resource
+      unified_mode true
+
+      provides :habitat_config
+
+      description "Use the **habitat_config** resource to apply a configuration to a Chef Habitat service."
+      introduced "17.3"
+      examples <<~DOC
+      **Configure your nginx defaults**
+
+      ```ruby
+      habitat_config 'nginx.default' do
+        config({
+          worker_count: 2,
+          http: {
+            keepalive_timeout: 120
+          }
+          })
+        end
+        ```
+      DOC
+
+      property :config, Mash, required: true, coerce: proc { |m| m.is_a?(Hash) ? Mash.new(m) : m },
+        description: "The configuration to apply as a ruby hash, for example, `{ worker_count: 2, http: { keepalive_timeout: 120 } }`."
+
+      property :service_group, String, name_property: true, desired_state: false,
+        description: "The service group to apply the configuration to. For example, `nginx.default`"
+
+      property :remote_sup, String, default: "127.0.0.1:9632", desired_state: false,
+        description: "Address to a remote supervisor's control gateway."
+
+      # Http port needed for querying/comparing current config value
+      property :remote_sup_http, String, default: "127.0.0.1:9631", desired_state: false,
+        description: "Address for remote supervisor http port. Used to pull existing."
+
+      property :gateway_auth_token, String, desired_state: false,
+        description: "Auth token for accessing the remote supervisor's http port."
+
+      property :user, String, desired_state: false,
+        description: "Name of user key to use for encryption. Passes `--user` to `hab config apply`."
+
+      load_current_value do
+        http_uri = "http://#{remote_sup_http}"
+
+        begin
+          headers = {}
+          headers["Authorization"] = "Bearer #{gateway_auth_token}" if property_is_set?(:gateway_auth_token)
+          census = Mash.new(Chef::HTTP::SimpleJSON.new(http_uri).get("/census", headers))
+          sc = census["census_groups"][service_group]["service_config"]["value"]
+        rescue
+          # Default to a blank config if anything (http error, json parsing, finding
+          # the config object) goes wrong
+          sc = {}
+        end
+        config sc
+      end
+
+      action :apply, description: "applies the given configuration" do
+        converge_if_changed do
+          # Use the current timestamp as the serial number/incarnation
+          incarnation = Time.now.tv_sec
+
+          opts = []
+          # opts gets flattened by shell_out_compact later
+          opts << ["--remote-sup", new_resource.remote_sup] if new_resource.remote_sup
+          opts << ["--user", new_resource.user] if new_resource.user
+
+          tempfile = Tempfile.new(["habitat_config", ".toml"])
+          begin
+            tempfile.write(render_toml(new_resource.config))
+            tempfile.close
+
+            hab("config", "apply", opts, new_resource.service_group, incarnation, tempfile.path)
+          ensure
+            tempfile.close
+            tempfile.unlink
+          end
+        end
+      end
+
+      action_class do
+        use "../resource/habitat/habitat_shared"
+      end
+    end
+  end
+end

data/lib/chef/resource/habitat_install.rb

@@ -0,0 +1,247 @@
+#
+# Copyright:: Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+require_relative "../http/simple"
+require_relative "../resource"
+class Chef
+  class Resource
+    class HabitatInstall < Chef::Resource
+      unified_mode true
+      provides :habitat_install
+
+      description "Use the **habitat_install** resource to install Chef Habitat."
+      introduced "17.3"
+      examples <<~DOC
+      **Installation Without a Resource Name**
+
+      ```ruby
+      habitat_install
+      ```
+
+      **Installation specifying a habitat builder URL**
+
+      ```ruby
+      habitat_install 'install habitat' do
+        bldr_url 'http://localhost'
+      end
+      ```
+
+      **Installation specifying version and habitat builder URL**
+
+      ```ruby
+      habitat_install 'install habitat' do
+        bldr_url 'http://localhost'
+        hab_version '1.5.50'
+      end
+      ```
+      DOC
+
+      property :name, String, default: "install habitat",
+        description: "Name of the resource block. This has no impact other than logging."
+
+      property :install_url, String, default: "https://raw.githubusercontent.com/habitat-sh/habitat/master/components/hab/install.sh",
+        description: "URL to the install script, default is from the [habitat repo](https://raw.githubusercontent.com/habitat-sh/habitat/master/components/hab/install.sh) ."
+
+      property :bldr_url, String,
+        description: "Optional URL to an alternate Habitat Builder."
+
+      property :create_user, [true, false], default: true,
+        description: "Creates the `hab` system user."
+
+      property :tmp_dir, String,
+        description: "Sets TMPDIR environment variable for location to place temp files. Note: This is required if `/tmp` and `/var/tmp` are mounted `noexec`."
+
+      property :license, String, equal_to: ["accept"],
+        description: "Specifies acceptance of habitat license when set to `accept`."
+
+      property :hab_version, String,
+        description: "Specify the version of `Habitat` you would like to install."
+
+      action :install, description: "Installs Habitat. Does nothing if the `hab` binary is found in the default location for the system (`/bin/hab` on Linux, `/usr/local/bin/hab` on macOS, `C:/habitat/hab.exe` on Windows)" do
+        if ::File.exist?(hab_path)
+          cmd = shell_out!([hab_path, "--version"].flatten.compact.join(" "))
+          version = %r{hab (\d*\.\d*\.\d[^\/]*)}.match(cmd.stdout)[1]
+          return if version == new_resource.hab_version
+        end
+
+        if windows?
+          # Retrieve version information
+          uri = "https://packages.chef.io/files"
+          package_name = "hab-x86_64-windows"
+          habfile = "#{Chef::Config[:file_cache_path]}/#{package_name}.zip"
+
+          # TODO: Figure out how to properly validate the shasum for windows. Doesn't seem it's published
+          # as a .sha265sum like for the linux .tar.gz
+          download = "#{uri}/stable/habitat/latest/hab-x86_64-windows.zip"
+
+          remote_file habfile do
+            source download
+          end
+
+          archive_file "#{package_name}.zip" do
+            path habfile
+            destination "#{Chef::Config[:file_cache_path]}/habitat"
+            action :extract
+            not_if { ::Dir.exist?('c:\habitat') }
+          end
+
+          directory 'c:\habitat' do
+            notifies :run, "powershell_script[installing from archive]", :immediately
+          end
+
+          powershell_script "installing from archive" do
+            code <<-EOH
+      Move-Item -Path #{Chef::Config[:file_cache_path]}/habitat/hab-*/* -Destination C:/habitat -Force
+            EOH
+            action :nothing
+          end
+
+          # TODO: This won't self heal if missing until the next upgrade
+          windows_path 'C:\habitat' do
+            action :add
+          end
+        else
+          package %w{curl tar gzip}
+
+          if new_resource.create_user
+            group "hab"
+
+            user "hab" do
+              gid "hab"
+              system true
+            end
+          end
+
+          remote_file ::File.join(Chef::Config[:file_cache_path], "hab-install.sh") do
+            source new_resource.install_url
+            sensitive true
+          end
+
+          execute "installing with hab-install.sh" do
+            command hab_command
+            environment(
+              {
+                "HAB_BLDR_URL" => "bldr_url",
+                "TMPDIR" => "tmp_dir",
+              }.each_with_object({}) do |(var, property), env|
+                env[var] = new_resource.send(property.to_sym) if new_resource.send(property.to_sym)
+              end
+            )
+          end
+        end
+        execute "hab license accept" if new_resource.license == "accept"
+      end
+
+      # TODO: Work out cleanest method to implement upgrade that will support effortless installs as well as standard chef-client
+      # action :upgrade do
+      #   if platform_family?('windows')
+      #     # Retrieve version information
+      #     uri = 'https://packages.chef.io/files'
+      #     package_name = 'hab-x86_64-windows'
+      #     zipfile = "#{Chef::Config[:file_cache_path]}/#{package_name}.zip"
+
+      #     # TODO: Figure out how to properly validate the shasum for windows. Doesn't seem it's published
+      #     # as a .sha265sum like for the linux .tar.gz
+      #     download = "#{uri}/stable/habitat/latest/hab-x86_64-windows.zip"
+
+      #     remote_file zipfile do
+      #       source download
+      #     end
+
+      #     if Chef::VERSION.to_i < 15
+      #       ruby_block "#{package_name}.zip" do
+      #         block do
+      #           require 'zip'
+      #           Zip::File.open(zipfile) do |zip_file|
+      #             zip_file.each do |f|
+      #               fpath = "#{Chef::Config[:file_cache_path]}/habitat/" + f.name
+      #               zip_file.extract(f, fpath) # unless ::File.exist?(fpath)
+      #             end
+      #           end
+      #         end
+      #         action :run
+      #       end
+      #     else
+      #       archive_file "#{package_name}.zip" do
+      #         path zipfile
+      #         destination "#{Chef::Config[:file_cache_path]}/habitat"
+      #         action :extract
+      #       end
+      #     end
+
+      #     powershell_script 'installing from archive' do
+      #       code <<-EOH
+      #       Move-Item -Path #{Chef::Config[:file_cache_path]}/habitat/hab-*/* -Destination C:/habitat -Force
+      #       EOH
+      #     end
+
+      #     # TODO: This won't self heal if missing until the next upgrade
+      #     if Chef::VERSION.to_i < 14
+      #       env 'PATH_c-habitat' do
+      #         key_name 'PATH'
+      #         delim ';' # this was missing
+      #         value 'C:\habitat'
+      #         action :modify
+      #       end
+      #     else
+      #       windows_path 'C:\habitat' do
+      #         action :add
+      #       end
+      #     end
+      #   else
+      #     remote_file ::File.join(Chef::Config[:file_cache_path], 'hab-install.sh') do
+      #       source new_resource.install_url
+      #       sensitive true
+      #     end
+
+      #     execute 'installing with hab-install.sh' do
+      #       command hab_command
+      #       environment(
+      #         {
+      #           'HAB_BLDR_URL' => 'bldr_url',
+      #           'TMPDIR' => 'tmp_dir',
+      #         }.each_with_object({}) do |(var, property), env|
+      #           env[var] = new_resource.send(property.to_sym) if new_resource.send(property.to_sym)
+      #         end
+      #       )
+      #       not_if { ::File.exist?('/bin/hab') }
+      #     end
+      #   end
+      # end
+
+      action_class do
+        use "../resource/habitat/habitat_shared"
+
+        def hab_path
+          if macos?
+            "/usr/local/bin/hab"
+          elsif windows?
+            "C:/habitat/hab.exe"
+          else
+            "/bin/hab"
+          end
+        end
+
+        def hab_command
+          cmd = "bash #{Chef::Config[:file_cache_path]}/hab-install.sh"
+          cmd << " -v #{new_resource.hab_version} " if new_resource.hab_version
+          cmd << " -t x86_64-linux-kernel2" if node["kernel"]["release"].to_i < 3
+          cmd
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/habitat_service.rb

@@ -0,0 +1,451 @@
+# Copyright:: Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
+
+class Chef
+  class Resource
+    class HabitatService < Chef::Resource
+      unified_mode true
+      provides :habitat_service
+
+      description "Use the **habitat_service** resource to manage Chef Habitat services. This requires that `core/hab-sup` be running as a service. See the `habitat_sup` resource documentation for more information. Note: Applications may run as a specific user. Often with Habitat, the default is `hab`, or `root`. If the application requires another user, then it should be created with Chef's `user` resource."
+      introduced "17.3"
+      examples <<~DOC
+        **Install and load nginx**
+
+        ```ruby
+        habitat_package 'core/nginx'
+        habitat_service 'core/nginx'
+
+        habitat_service 'core/nginx unload' do
+          service_name 'core/nginx'
+          action :unload
+        end
+        ```
+
+        **Pass the `strategy` and `topology` options to hab service commands**
+
+        ```ruby
+        habitat_service 'core/redis' do
+          strategy 'rolling'
+          topology 'standalone'
+        end
+        ```
+
+        **Using update_condition**
+
+        ```ruby
+        habitat_service 'core/redis' do
+          strategy 'rolling'
+          update_condition 'track-channel'
+          topology 'standalone'
+        end
+        ```
+
+        **If the service has it's own user specified that is not the `hab` user, don't create the `hab` user on install, and instead create the application user with Chef's `user` resource**
+
+        ```ruby
+        habitat_install 'install habitat' do
+          create_user false
+        end
+
+        user 'acme-apps' do
+          system true
+        end
+
+        habitat_service 'acme/apps'
+        ```
+      DOC
+
+      property :service_name, String, name_property: true,
+        description: "The name of the service, must be in the form of `origin/name`"
+
+      property :loaded, [true, false], default: false, skip_docs: true,
+        description: "state property indicating whether the service is loaded in the supervisor"
+
+      property :running, [true, false], default: false, skip_docs: true,
+        description: "state property indicating whether the service is running in the supervisor"
+
+      # hab svc options which get included based on the action of the resource
+      property :strategy, [Symbol, String], equal_to: [:none, "none", :'at-once', "at-once", :rolling, "rolling"], default: :none, coerce: proc { |s| s.is_a?(String) ? s.to_sym : s },
+        description: "Passes `--strategy` with the specified update strategy to the hab command. Defaults to `:none`. Other options are `:'at-once'` and `:rolling`"
+
+      property :topology, [Symbol, String], equal_to: [:standalone, "standalone", :leader, "leader"], default: :standalone, coerce: proc { |s| s.is_a?(String) ? s.to_sym : s },
+        description: "Passes `--topology` with the specified service topology to the hab command"
+
+      property :bldr_url, String, default: "https://bldr.habitat.sh/",
+        description: "Passes `--url` with the specified Habitat Builder URL to the hab command. Depending on the type of Habitat Builder you are connecting to, this URL will look different, here are the **3** current types:
+        - Public Habitat Builder (default) - `https://bldr.habitat.sh`
+        - On-Prem Habitat Builder installed using the [Source Install Method](https://github.com/habitat-sh/on-prem-builder) - `https://your.bldr.url`
+        - On-Prem Habitat Builder installed using the [Automate Installer](https://automate.chef.io/docs/on-prem-builder/) - `https://your.bldr.url/bldr/v1`"
+
+      property :channel, [Symbol, String], default: :stable, coerce: proc { |s| s.is_a?(String) ? s.to_sym : s },
+        description: "Passes `--channel` with the specified channel to the hab command"
+
+      property :bind, [String, Array], coerce: proc { |b| b.is_a?(String) ? [b] : b }, default: [],
+        description: "Passes `--bind` with the specified services to bind to the hab command. If an array of multiple service binds are specified then a `--bind` flag is added for each."
+
+      property :binding_mode, [Symbol, String], equal_to: [:strict, "strict", :relaxed, "relaxed"], default: :strict, coerce: proc { |s| s.is_a?(String) ? s.to_sym : s },
+        description: "Passes `--binding-mode` with the specified binding mode. Defaults to `:strict`. Options are `:strict` or `:relaxed`"
+
+      property :service_group, String, default: "default",
+        description: " Passes `--group` with the specified service group to the hab command"
+
+      property :shutdown_timeout, Integer, default: 8,
+        description: "The timeout in seconds allowed during shutdown."
+
+      property :health_check_interval, Integer, default: 30,
+        description: "The interval (seconds) on which to run health checks."
+
+      property :remote_sup, String, default: "127.0.0.1:9632", desired_state: false,
+        description: "Address to a remote Supervisor's Control Gateway"
+
+      # Http port needed for querying/comparing current config value
+      property :remote_sup_http, String, default: "127.0.0.1:9631", desired_state: false,
+        description: "IP address and port used to communicate with the remote supervisor. If this value is invalid, the resource will update the supervisor configuration each time #{ChefUtils::Dist::Server::PRODUCT} runs."
+
+      property :gateway_auth_token, String, desired_state: false,
+        description: "Auth token for accessing the remote supervisor's http port."
+
+      property :update_condition, [Symbol, String], equal_to: [:latest, "latest", :'track-channel', "track-channel"], default: :latest, coerce: proc { |s| s.is_a?(String) ? s.to_sym : s },
+        description: "Passes `--update-condition` dictating when this service should updated. Defaults to `latest`. Options are `latest` or `track-channel` **_Note: This requires a minimum habitat version of 1.5.71_**
+        - `latest`: Runs the latest package that can be found in the configured channel and local packages.
+        - `track-channel`: Always run the package at the head of a given channel. This enables service rollback, where demoting a package from a channel will cause the package to rollback to an older version of the package. A ramification of enabling this condition is that packages that are newer than the package at the head of the channel are also uninstalled during a service rollback."
+
+      load_current_value do
+        service_details = get_service_details(service_name)
+
+        running service_up?(service_details)
+        loaded service_loaded?(service_details)
+
+        if loaded
+          service_name get_spec_identifier(service_details)
+          strategy get_update_strategy(service_details)
+          update_condition get_update_condition(service_details)
+          topology get_topology(service_details)
+          bldr_url get_builder_url(service_details)
+          channel get_channel(service_details)
+          bind get_binds(service_details)
+          binding_mode get_binding_mode(service_details)
+          service_group get_service_group(service_details)
+          shutdown_timeout get_shutdown_timeout(service_details)
+          health_check_interval get_health_check_interval(service_details)
+        end
+
+        Chef::Log.debug("service #{service_name} service name: #{service_name}")
+        Chef::Log.debug("service #{service_name} running state: #{running}")
+        Chef::Log.debug("service #{service_name} loaded state: #{loaded}")
+        Chef::Log.debug("service #{service_name} strategy: #{strategy}")
+        Chef::Log.debug("service #{service_name} update condition: #{update_condition}")
+        Chef::Log.debug("service #{service_name} topology: #{topology}")
+        Chef::Log.debug("service #{service_name} builder url: #{bldr_url}")
+        Chef::Log.debug("service #{service_name} channel: #{channel}")
+        Chef::Log.debug("service #{service_name} binds: #{bind}")
+        Chef::Log.debug("service #{service_name} binding mode: #{binding_mode}")
+        Chef::Log.debug("service #{service_name} service group: #{service_group}")
+        Chef::Log.debug("service #{service_name} shutdown timeout: #{shutdown_timeout}")
+        Chef::Log.debug("service #{service_name} health check interval: #{health_check_interval}")
+      end
+
+      # This method is defined here otherwise it isn't usable in the
+      # `load_current_value` method.
+      #
+      # It performs a check with TCPSocket to ensure that the HTTP API is
+      # available first. If it cannot connect, it assumes that the service
+      # is not running. It then attempts to reach the `/services` path of
+      # the API to get a list of services. If this fails for some reason,
+      # then it assumes the service is not running.
+      #
+      # Finally, it walks the services returned by the API to look for the
+      # service we're configuring. If it is "Up", then we know the service
+      # is running and fully operational according to Habitat. This is
+      # wrapped in a begin/rescue block because if the service isn't
+      # present and `sup_for_service_name` will be nil and we will get a
+      # NoMethodError.
+      #
+      def get_service_details(svc_name)
+        http_uri = "http://#{remote_sup_http}"
+
+        begin
+          TCPSocket.new(URI(http_uri).host, URI(http_uri).port).close
+        rescue Errno::ECONNREFUSED, Errno::EHOSTUNREACH
+          Chef::Log.debug("Could not connect to #{http_uri} to retrieve status for #{service_name}")
+          return false
+        end
+
+        begin
+          headers = {}
+          headers["Authorization"] = "Bearer #{gateway_auth_token}" if property_is_set?(:gateway_auth_token)
+          svcs = Chef::HTTP::SimpleJSON.new(http_uri).get("/services", headers)
+        rescue
+          Chef::Log.debug("Could not connect to #{http_uri}/services to retrieve status for #{service_name}")
+          return false
+        end
+
+        origin, name, _version, _release = svc_name.split("/")
+        svcs.find do |s|
+          s["pkg"]["origin"] == origin && s["pkg"]["name"] == name
+        end
+      end
+
+      def service_up?(service_details)
+        service_details["process"]["state"] == "up"
+      rescue
+        Chef::Log.debug("#{service_name} not found on the Habitat supervisor")
+        false
+      end
+
+      def service_loaded?(service_details)
+        if service_details
+          true
+        else
+          false
+        end
+      end
+
+      def get_spec_identifier(service_details)
+        service_details["spec_ident"]["spec_identifier"]
+      rescue
+        Chef::Log.debug("#{service_name} not found on the Habitat supervisor")
+        nil
+      end
+
+      def get_update_strategy(service_details)
+        service_details["update_strategy"].to_sym
+      rescue
+        Chef::Log.debug("Update Strategy for #{service_name} not found on Supervisor API")
+        "none"
+      end
+
+      def get_update_condition(service_details)
+        service_details["update_condition"].to_sym
+      rescue
+        Chef::Log.debug("Update condition #{service_name} not found on Supervisor API")
+        "latest"
+      end
+
+      def get_topology(service_details)
+        service_details["topology"].to_sym
+      rescue
+        Chef::Log.debug("Topology for #{service_name} not found on Supervisor API")
+        "standalone"
+      end
+
+      def get_builder_url(service_details)
+        service_details["bldr_url"]
+      rescue
+        Chef::Log.debug("Habitat Builder URL for #{service_name} not found on Supervisor API")
+        "https://bldr.habitat.sh"
+      end
+
+      def get_channel(service_details)
+        service_details["channel"].to_sym
+      rescue
+        Chef::Log.debug("Channel for #{service_name} not found on Supervisor API")
+        "stable"
+      end
+
+      def get_binds(service_details)
+        service_details["binds"]
+      rescue
+        Chef::Log.debug("Update Strategy for #{service_name} not found on Supervisor API")
+        []
+      end
+
+      def get_binding_mode(service_details)
+        service_details["binding_mode"].to_sym
+      rescue
+        Chef::Log.debug("Binding mode for #{service_name} not found on Supervisor API")
+        "strict"
+      end
+
+      def get_service_group(service_details)
+        service_details["service_group"].split(".").last
+      rescue
+        Chef::Log.debug("Service Group for #{service_name} not found on Supervisor API")
+        "default"
+      end
+
+      def get_shutdown_timeout(service_details)
+        service_details["pkg"]["shutdown_timeout"]
+      rescue
+        Chef::Log.debug("Shutdown Timeout for #{service_name} not found on Supervisor API")
+        8
+      end
+
+      def get_health_check_interval(service_details)
+        service_details["health_check_interval"]["secs"]
+      rescue
+        Chef::Log.debug("Health Check Interval for #{service_name} not found on Supervisor API")
+        30
+      end
+
+      action :load, description: "(default action) runs `hab service load` to load and start the specified application service" do
+        modified = false
+        converge_if_changed :service_name do
+          modified = true
+        end
+        converge_if_changed :strategy do
+          modified = true
+        end
+        converge_if_changed :update_condition do
+          modified = true
+        end
+        converge_if_changed :topology do
+          modified = true
+        end
+        converge_if_changed :bldr_url do
+          modified = true
+        end
+        converge_if_changed :channel do
+          modified = true
+        end
+        converge_if_changed :bind do
+          modified = true
+        end
+        converge_if_changed :binding_mode do
+          modified = true
+        end
+        converge_if_changed :service_group do
+          modified = true
+        end
+        converge_if_changed :shutdown_timeout do
+          modified = true
+        end
+        converge_if_changed :health_check_interval do
+          modified = true
+        end
+
+        options = svc_options
+        if current_resource.loaded && modified
+          Chef::Log.debug("Reloading #{current_resource.service_name} using --force due to parameter change")
+          options << "--force"
+        end
+
+        unless current_resource.loaded && !modified
+          execute "test" do
+            command "hab svc load #{new_resource.service_name} #{options.join(" ")}"
+            retry_delay 10
+            retries 5
+          end
+        end
+      end
+
+      action :unload, description: "runs `hab service unload` to unload and stop the specified application service" do
+        if current_resource.loaded
+          execute "hab svc unload #{new_resource.service_name} #{svc_options.join(" ")}"
+          wait_for_service_unloaded
+        end
+      end
+
+      action :start, description: "runs `hab service start` to start the specified application service" do
+        unless current_resource.loaded
+          Chef::Log.fatal("No service named #{new_resource.service_name} is loaded on the Habitat supervisor")
+          raise "No service named #{new_resource.service_name} is loaded on the Habitat supervisor"
+        end
+
+        execute "hab svc start #{new_resource.service_name} #{svc_options.join(" ")}" unless current_resource.running
+      end
+
+      action :stop, description: "runs `hab service stop` to stop the specified application service" do
+        unless current_resource.loaded
+          Chef::Log.fatal("No service named #{new_resource.service_name} is loaded on the Habitat supervisor")
+          raise "No service named #{new_resource.service_name} is loaded on the Habitat supervisor"
+        end
+
+        if current_resource.running
+          execute "hab svc stop #{new_resource.service_name} #{svc_options.join(" ")}"
+          wait_for_service_stopped
+        end
+      end
+
+      action :restart, description: "runs the `:stop` and then `:start` actions" do
+        action_stop
+        action_start
+      end
+
+      action :reload, description: "runs the `:unload` and then `:load` actions" do
+        action_unload
+        action_load
+      end
+
+      action_class do
+        def svc_options
+          opts = []
+
+          # certain options are only valid for specific `hab svc` subcommands.
+          case action
+          when :load
+            opts.push(*new_resource.bind.map { |b| "--bind #{b}" }) if new_resource.bind
+            opts << "--binding-mode #{new_resource.binding_mode}"
+            opts << "--url #{new_resource.bldr_url}" if new_resource.bldr_url
+            opts << "--channel #{new_resource.channel}" if new_resource.channel
+            opts << "--group #{new_resource.service_group}" if new_resource.service_group
+            opts << "--strategy #{new_resource.strategy}" if new_resource.strategy
+            opts << "--update-condition #{new_resource.update_condition}" if new_resource.update_condition
+            opts << "--topology #{new_resource.topology}" if new_resource.topology
+            opts << "--health-check-interval #{new_resource.health_check_interval}" if new_resource.health_check_interval
+            opts << "--shutdown-timeout #{new_resource.shutdown_timeout}" if new_resource.shutdown_timeout
+          when :unload, :stop
+            opts << "--shutdown-timeout #{new_resource.shutdown_timeout}" if new_resource.shutdown_timeout
+          end
+
+          opts << "--remote-sup #{new_resource.remote_sup}" if new_resource.remote_sup
+
+          opts.map(&:split).flatten.compact
+        end
+
+        def wait_for_service_unloaded
+          ruby_block "wait-for-service-unloaded" do
+            block do
+              raise "#{new_resource.service_name} still loaded" if service_loaded?(get_service_details(new_resource.service_name))
+            end
+            retries get_shutdown_timeout(new_resource.service_name) + 1
+            retry_delay 1
+          end
+
+          ruby_block "update current_resource" do
+            block do
+              current_resource.loaded = service_loaded?(get_service_details(new_resource.service_name))
+            end
+            action :nothing
+            subscribes :run, "ruby_block[wait-for-service-unloaded]", :immediately
+          end
+        end
+
+        def wait_for_service_stopped
+          ruby_block "wait-for-service-stopped" do
+            block do
+              raise "#{new_resource.service_name} still running" if service_up?(get_service_details(new_resource.service_name))
+            end
+            retries get_shutdown_timeout(new_resource.service_name) + 1
+            retry_delay 1
+
+            ruby_block "update current_resource" do
+              block do
+                current_resource.running = service_up?(get_service_details(new_resource.service_name))
+              end
+              action :nothing
+              subscribes :run, "ruby_block[wait-for-service-stopped]", :immediately
+            end
+          end
+        end
+      end
+    end
+  end
+end