chef 17.2.29 → 17.5.22

data/lib/chef/resource/inspec_waiver.rb

@@ -0,0 +1,185 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+
+class Chef
+  class Resource
+    class InspecWaiver < Chef::Resource
+      provides :inspec_waiver
+      unified_mode true
+
+      description "Use the **inspec_waiver** resource to add a waiver to the Compliance Phase."
+      introduced "17.5"
+      examples <<~DOC
+      **Activate the default waiver in the openssh cookbook's compliance segment**:
+
+      ```ruby
+        inspec_waiver 'openssh' do
+          action :add
+        end
+      ```
+
+      **Activate all waivers in the openssh cookbook's compliance segment**:
+
+      ```ruby
+        inspec_waiver 'openssh::.*' do
+          action :add
+        end
+      ```
+
+      **Add an InSpec waiver to the Compliance Phase**:
+
+      ```ruby
+        inspec_waiver 'Add waiver entry for control' do
+          control 'my_inspec_control_01'
+          run_test false
+          justification "The subject of this control is not managed by #{ChefUtils::Dist::Infra::PRODUCT} on the systems in policy group \#{node['policy_group']}"
+          expiration '2022-01-01'
+          action :add
+        end
+      ```
+
+      **Add an InSpec waiver to the Compliance Phase using the 'name' property to identify the control**:
+
+      ```ruby
+        inspec_waiver 'my_inspec_control_01' do
+          justification "The subject of this control is not managed by #{ChefUtils::Dist::Infra::PRODUCT} on the systems in policy group \#{node['policy_group']}"
+          action :add
+        end
+      ```
+
+      **Add an InSpec waiver to the Compliance Phase using an arbitrary YAML, JSON or TOML file**:
+
+      ```ruby
+        # files ending in .yml or .yaml that exist are parsed as YAML
+        inspec_waiver "/path/to/my/waiver.yml"
+
+        inspec_waiver "my-waiver-name" do
+          source "/path/to/my/waiver.yml"
+        end
+
+        # files ending in .json that exist are parsed as JSON
+        inspec_waiver "/path/to/my/waiver.json"
+
+        inspec_waiver "my-waiver-name" do
+          source "/path/to/my/waiver.json"
+        end
+
+        # files ending in .toml that exist are parsed as TOML
+        inspec_waiver "/path/to/my/waiver.toml"
+
+        inspec_waiver "my-waiver-name" do
+          source "/path/to/my/waiver.toml"
+        end
+      ```
+
+      **Add an InSpec waiver to the Compliance Phase using a hash**:
+
+      ```ruby
+        my_hash = { "ssh-01" => {
+          "expiration_date" => "2033-07-31",
+          "run" => false,
+          "justification" => "because"
+        } }
+
+        inspec_waiver "my-waiver-name" do
+          source my_hash
+        end
+      ```
+
+      Note that the inspec_waiver resource does not update and will not fire notifications (similar to the log resource).  This is done to preserve the ability to use
+      the resource while not causing the updated resource count to be larger than zero.  Since the resource does not update the state of the node being managed this
+      behavior is still consistent with the configuration management model.  Events should be used to observe configuration changes for the compliance phase.  It is
+      possible to use the `notify_group` resource to chain notifications of the two resources, but notifications are the wrong model to use and pure ruby conditionals
+      should be used instead.  Compliance configuration should be independent of other resources and should only be made conditional based on state/attributes not
+      on other resources.
+      DOC
+
+      property :control, String,
+        name_property: true,
+        description: "The name of the control being waived"
+
+      property :expiration, String,
+        description: "The expiration date of the waiver - provided in YYYY-MM-DD format",
+        callbacks: {
+          "Expiration date should be a valid calendar date and match the following format: YYYY-MM-DD" => proc { |e|
+            re = Regexp.new('\d{4}-\d{2}-\d{2}$').freeze
+            if re.match?(e)
+              Date.valid_date?(*e.split("-").map(&:to_i))
+            else
+              e.nil?
+            end
+          },
+        }
+
+      property :run_test, [true, false],
+        description: "If present and true, the control will run and be reported, but failures in it won’t make the overall run fail. If absent or false, the control will not be run."
+
+      property :justification, String,
+        description: "Can be any text you want and might include a reason for the waiver as well as who signed off on the waiver."
+
+      property :source, [ Hash, String ]
+
+      action :add, description: "Add a waiver to the compliance phase" do
+        if run_context.waiver_collection.valid?(new_resource.control)
+          include_waiver(new_resource.control)
+        else
+          include_waiver(waiver_hash)
+        end
+      end
+
+      action_class do
+        # If the source is nil and the control / name_property contains a file separator and is a string of a
+        # file that exists, then use that as the file (similar to the package provider automatic source property).  Otherwise
+        # just return the source.
+        #
+        # @api private
+        def source
+          @source ||= build_source
+        end
+
+        def build_source
+          return new_resource.source unless new_resource.source.nil?
+          return nil unless new_resource.control.count(::File::SEPARATOR) > 0 || (::File::ALT_SEPARATOR && new_resource.control.count(::File::ALT_SEPARATOR) > 0 )
+          return nil unless ::File.exist?(new_resource.control)
+
+          new_resource.control
+        end
+
+        def waiver_hash
+          case source
+          when Hash
+            source
+          when String
+            parse_file(source)
+          when nil
+            if new_resource.justification.nil? || new_resource.justification == ""
+              raise Chef::Exceptions::ValidationFailed, "Entries for an InSpec waiver must have a justification given, this parameter must have a value."
+            end
+
+            control_hash = {}
+            control_hash["expiration_date"] = new_resource.expiration.to_s unless new_resource.expiration.nil?
+            control_hash["run"] = new_resource.run_test unless new_resource.run_test.nil?
+            control_hash["justification"] = new_resource.justification.to_s
+
+            { new_resource.control => control_hash }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/inspec_waiver_file_entry.rb

@@ -84,13 +84,13 @@ class Chef
         }
 
       property :run_test, [true, false],
-        description: "If present and true, the control will run and be reported, but failures in it won’t make the overall run fail. If absent or false, the control will not be run."
+        description: "If present and `true`, the control will run and be reported, but failures in it won’t make the overall run fail. If absent or `false`, the control will not be run."
 
       property :justification, String,
         description: "Can be any text you want and might include a reason for the waiver as well as who signed off on the waiver."
 
       property :backup, [false, Integer],
-        description: "The number of backups to be kept in /var/chef/backup (for UNIX- and Linux-based platforms) or C:/chef/backup (for the Microsoft Windows platform). Set to false to prevent backups from being kept.",
+        description: "The number of backups to be kept in `/var/chef/backup` (for UNIX- and Linux-based platforms) or `C:/chef/backup` (for the Microsoft Windows platform). Set to `false` to prevent backups from being kept.",
         default: false
 
       action :add do

data/lib/chef/resource/launchd.rb

@@ -36,7 +36,7 @@ class Chef
 
       property :backup, [Integer, FalseClass],
         desired_state: false,
-        description: "The number of backups to be kept in /var/chef/backup. Set to false to prevent backups from being kept."
+        description: "The number of backups to be kept in `/var/chef/backup`. Set to `false` to prevent backups from being kept."
 
       property :cookbook, String,
         desired_state: false,
@@ -197,10 +197,10 @@ class Chef
         description: "The intended purpose of the job: `Adaptive`, `Background`, `Interactive`, or `Standard`."
 
       property :program, String,
-        description: "The first argument of execvp, typically the file name associated with the file to be executed. This value must be specified if program_arguments is not specified, and vice-versa."
+        description: "The first argument of `execvp`, typically the file name associated with the file to be executed. This value must be specified if `program_arguments` is not specified, and vice-versa."
 
       property :program_arguments, Array,
-        description: "The second argument of execvp. If program is not specified, this property must be specified and will be handled as if it were the first argument."
+        description: "The second argument of `execvp`. If program is not specified, this property must be specified and will be handled as if it were the first argument."
 
       property :queue_directories, Array,
         description: "An array of non-empty directories which, if any are modified, will cause a job to be started."

data/lib/chef/resource/lwrp_base.rb

@@ -37,7 +37,7 @@ class Chef
     class LWRPBase < Resource
 
       # Class methods
-      class <<self
+      class << self
 
         include Chef::Mixin::ConvertToClassName
         include Chef::Mixin::FromFile

data/lib/chef/resource/mount.rb

@@ -42,7 +42,7 @@ class Chef
         sensitive: true
 
       property :mount_point, String, name_property: true,
-               coerce: proc { |arg| arg.chomp("/") }, # Removed "/" from the end of str, because it was causing idempotency issue.
+               coerce: proc { |arg| (arg == "/" || arg.match?(":/$")) ? arg : arg.chomp("/") }, # Removed "/" from the end of str, because it was causing idempotency issue.
                description: "The directory (or path) in which the device is to be mounted. Defaults to the name of the resource block if not provided."
 
       property :device, String, identity: true,

data/lib/chef/resource/registry_key.rb

@@ -18,6 +18,7 @@
 
 require_relative "../resource"
 require_relative "../digester"
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -26,7 +27,7 @@ class Chef
 
       provides(:registry_key) { true }
 
-      description "Use the **registry_key** resource to create and delete registry keys in Microsoft Windows."
+      description "Use the **registry_key** resource to create and delete registry keys in Microsoft Windows. Note: 64-bit versions of Microsoft Windows have a 32-bit compatibility layer in the registry that reflects and redirects certain keys (and their values) into specific locations (or logical views) of the registry hive.\n\n#{ChefUtils::Dist::Infra::PRODUCT} can access any reflected or redirected registry key. The machine architecture of the system on which #{ChefUtils::Dist::Infra::PRODUCT} is running is used as the default (non-redirected) location. Access to the SysWow64 location is redirected must be specified. Typically, this is only necessary to ensure compatibility with 32-bit applications that are running on a 64-bit operating system.\n\nFor more information, see: [Registry Reflection](https://docs.microsoft.com/en-us/windows/win32/winprog64/registry-reflection)."
       examples <<~'DOC'
       **Create a registry key**
 
@@ -66,7 +67,7 @@ class Chef
       end
       ```
 
-      **Set proxy settings to be the same as those used by Chef Infra Client**
+      **Set proxy settings to be the same as those used by #{ChefUtils::Dist::Infra::PRODUCT}**
 
       ```ruby
       proxy = URI.parse(Chef::Config[:http_proxy])
@@ -115,14 +116,42 @@ class Chef
       end
       ```
 
-      Note: Be careful when using the :delete_key action with the recursive attribute. This will delete the registry key, all of its values and all of the names, types, and data associated with them. This cannot be undone by Chef Infra Client.
+      Note: Be careful when using the :delete_key action with the recursive attribute. This will delete the registry key, all of its values and all of the names, types, and data associated with them. This cannot be undone by #{ChefUtils::Dist::Infra::PRODUCT}.
       DOC
 
-      state_attrs :values
-
       default_action :create
       allowed_actions :create, :create_if_missing, :delete, :delete_key
 
+      VALID_VALUE_HASH_KEYS = %i{name type data}.freeze
+
+      property :key, String, name_property: true
+      property :values, [Hash, Array],
+        default: [],
+        coerce: proc { |v|
+          @unscrubbed_values =
+            case v
+            when Hash
+              [ Mash.new(v).symbolize_keys ]
+            when Array
+              v.map { |value| Mash.new(value).symbolize_keys }
+            else
+              raise ArgumentError, "Bad type for RegistryKey resource, use Hash or Array"
+            end
+          scrub_values(@unscrubbed_values)
+        },
+        callbacks: {
+        "Missing name key in RegistryKey values hash" => lambda { |v| v.all? { |value| value.key?(:name) } },
+        "Bad key in RegistryKey values hash. Should be one of: #{VALID_VALUE_HASH_KEYS}" => lambda do |v|
+          v.all? do |value|
+            value.keys.all? { |key| VALID_VALUE_HASH_KEYS.include?(key) }
+          end
+        end,
+        "Type of name should be a string" => lambda { |v| v.all? { |value| value[:name].is_a?(String) } },
+        "Type of type should be a symbol" => lambda { |v| v.all? { |value| value[:type] ? value[:type].is_a?(Symbol) : true } },
+      }
+      property :recursive, [TrueClass, FalseClass], default: false
+      property :architecture, Symbol, default: :machine, equal_to: %i{machine x86_64 i386}
+
       # Some registry key data types may not be safely reported as json.
       # Example (CHEF-5323):
       #
@@ -152,51 +181,10 @@ class Chef
       # may want to extend the state_attrs API with the ability to rename POST'd attrs.
       #
       # See lib/chef/resource_reporter.rb for more information.
-      attr_reader :unscrubbed_values
-
-      def initialize(name, run_context = nil)
-        super
-        @values, @unscrubbed_values = [], []
-      end
-
-      property :key, String, name_property: true
-
-      VALID_VALUE_HASH_KEYS = %i{name type data}.freeze
-
-      def values(arg = nil)
-        if not arg.nil?
-          if arg.is_a?(Hash)
-            @values = [ Mash.new(arg).symbolize_keys ]
-          elsif arg.is_a?(Array)
-            @values = []
-            arg.each do |value|
-              @values << Mash.new(value).symbolize_keys
-            end
-          else
-            raise ArgumentError, "Bad type for RegistryKey resource, use Hash or Array"
-          end
-
-          @values.each do |v|
-            raise ArgumentError, "Missing name key in RegistryKey values hash" unless v.key?(:name)
-
-            v.each_key do |key|
-              raise ArgumentError, "Bad key #{key} in RegistryKey values hash" unless VALID_VALUE_HASH_KEYS.include?(key)
-            end
-            raise ArgumentError, "Type of name => #{v[:name]} should be string" unless v[:name].is_a?(String)
-
-            if v[:type]
-              raise ArgumentError, "Type of type => #{v[:type]} should be symbol" unless v[:type].is_a?(Symbol)
-            end
-          end
-          @unscrubbed_values = @values
-        elsif instance_variable_defined?(:@values)
-          scrub_values(@values)
-        end
+      def unscrubbed_values
+        @unscrubbed_values ||= []
       end
 
-      property :recursive, [TrueClass, FalseClass], default: false
-      property :architecture, Symbol, default: :machine, equal_to: %i{machine x86_64 i386}
-
       private
 
       def scrub_values(values)

data/lib/chef/resource/remote_file.rb

@@ -34,6 +34,78 @@ class Chef
 
       description "Use the **remote_file** resource to transfer a file from a remote location using file specificity. This resource is similar to the **file** resource. Note: Fetching files from the `files/` directory in a cookbook should be done with the **cookbook_file** resource."
 
+      examples <<~'DOC'
+      **Download a file without checking the checksum**:
+
+      ```ruby
+        remote_file '/tmp/remote.txt' do
+          source 'https://example.org/remote.txt'
+        end
+      ```
+
+      **Download a file with a checksum to validate**:
+
+      ```ruby
+        remote_file '/tmp/test_file' do
+          source 'http://www.example.com/tempfiles/test_file'
+          mode '0755'
+          checksum '3a7dac00b1' # A SHA256 (or portion thereof) of the file.
+        end
+      ```
+
+      **Download a file only if it's not already present**:
+
+      ```ruby
+        remote_file '/tmp/remote.txt' do
+          source 'https://example.org/remote.txt'
+          checksum '3a7dac00b1' # A SHA256 (or portion thereof) of the file.
+          action :create_if_missing
+        end
+      ```
+
+      **Using HTTP Basic Authentication in Headers**:
+
+      ```ruby
+        remote_file '/tmp/remote.txt' do
+          source 'https://example.org/remote.txt'
+          headers('Authorization' => "Basic #{Base64.encode64("USERNAME_VALUE:PASSWORD_VALUE").delete("\n")}")
+          checksum '3a7dac00b1' # A SHA256 (or portion thereof) of the file.
+          action :create_if_missing
+        end
+      ```
+
+      **Downloading a file to the Chef file cache dir for execution**:
+
+      ```ruby
+        remote_file '#{Chef::Config['file_cache_path']}/install.sh' do
+          source 'https://example.org/install.sh'
+          action :create_if_missing
+        end
+
+        execute '#{Chef::Config['file_cache_path']}/install.sh'
+      ```
+
+      **Specify advanced HTTP connection options including Net::HTTP (nethttp) options:**
+
+      ```ruby
+        remote_file '/tmp/remote.txt' do
+          source 'https://example.org/remote.txt'
+          http_options({
+            http_retry_delay: 0,
+            http_retry_count: 0,
+            keepalives: false,
+            nethttp: {
+              continue_timeout: 5,
+              max_retries: 5,
+              read_timeout: 5,
+              write_timeout: 5,
+              ssl_timeout: 5,
+            },
+          })
+        end
+      ```
+      DOC
+
       def initialize(name, run_context = nil)
         super
         @source = []
@@ -85,7 +157,7 @@ class Chef
       end
 
       property :use_etag, [ TrueClass, FalseClass ], default: true,
-        description: "Enable ETag headers. Set to false to disable ETag headers. To use this setting, `use_conditional_get` must also be set to true."
+        description: "Enable ETag headers. Set to `false` to disable ETag headers. To use this setting, `use_conditional_get` must also be set to true."
 
       alias :use_etags :use_etag
 
@@ -96,9 +168,29 @@ class Chef
         description: "Whether #{ChefUtils::Dist::Infra::PRODUCT} uses active or passive FTP. Set to `true` to use active FTP."
 
       property :headers, Hash, default: {},
-        description: "A Hash of custom HTTP headers."
+        description: <<~'DOCS'
+        A Hash of custom headers. For example:
+
+        ```ruby
+        headers({ "Cookie" => "user=some_user; pass=p@ssw0rd!" })
+        ```
 
-      property :show_progress, [ TrueClass, FalseClass ], default: false
+        or:
+
+        ```ruby
+        headers({ "Referer" => "#{header}" })
+        ```
+
+        or:
+
+        ```ruby
+        headers( "Authorization"=>"Basic #{ Base64.encode64("#{username}:#{password}").gsub("\n", "") }" )
+        ```
+        DOCS
+
+      property :show_progress, [ TrueClass, FalseClass ],
+        description: "Displays the progress of the file download.",
+        default: false
 
       property :ssl_verify_mode, Symbol, equal_to: %i{verify_none verify_peer},
         introduced: "16.2",
@@ -118,6 +210,10 @@ class Chef
 
       property :authentication, Symbol, equal_to: %i{remote local}, default: :remote
 
+      property :http_options, Hash, default: {},
+        introduced: "17.5",
+        description: "A Hash of custom HTTP options. For example: `http_options({ http_retry_count: 0, http_retry_delay: 2 })`"
+
       def after_created
         validate_identity_platform(remote_user, remote_password, remote_domain)
         identity = qualify_user(remote_user, remote_password, remote_domain)

data/lib/chef/resource/rhsm_subscription.rb

@@ -32,11 +32,11 @@ class Chef
         name_property: true
 
       action :attach, description: "Attach the node to a subscription pool." do
-        execute "Attach subscription pool #{new_resource.pool_id}" do
-          command "subscription-manager attach --pool=#{new_resource.pool_id}"
-          default_env true
-          action :run
-          not_if { subscription_attached?(new_resource.pool_id) }
+        unless subscription_attached?(new_resource.pool_id)
+          converge_by("attach subscription pool #{new_resource.pool_id}") do
+            shell_out!("subscription-manager attach --pool=#{new_resource.pool_id}")
+            build_resource(:package, "rhsm_subscription-#{new_resource.pool_id}-flush_cache").run_action(:flush_cache)
+          end
         end
       end
 

data/lib/chef/resource/ruby_block.rb

@@ -29,6 +29,106 @@ class Chef
       provides :ruby_block, target_mode: true
 
       description "Use the **ruby_block** resource to execute Ruby code during a #{ChefUtils::Dist::Infra::PRODUCT} run. Ruby code in the `ruby_block` resource is evaluated with other resources during convergence, whereas Ruby code outside of a `ruby_block` resource is evaluated before other resources, as the recipe is compiled."
+      examples <<~'DOC'
+        **Reload Chef Infra Client configuration data**
+
+        ```ruby
+        ruby_block 'reload_client_config' do
+          block do
+            Chef::Config.from_file('/etc/chef/client.rb')
+          end
+          action :run
+        end
+        ```
+
+        **Run a block on a particular platform**
+
+        The following example shows how an if statement can be used with the `windows?` method in the Chef Infra Language to run code specific to Microsoft Windows. The code is defined using the ruby_block resource:
+
+        ```ruby
+        if windows?
+          ruby_block 'copy libmysql.dll into ruby path' do
+            block do
+              require 'fileutils'
+              FileUtils.cp "#{node['mysql']['client']['lib_dir']}\\libmysql.dll",
+                node['mysql']['client']['ruby_dir']
+            end
+            not_if { ::File.exist?("#{node['mysql']['client']['ruby_dir']}\\libmysql.dll") }
+          end
+        end
+        ```
+
+        **Stash a file in a data bag**
+
+        The following example shows how to use the ruby_block resource to stash a BitTorrent file in a data bag so that it can be distributed to nodes in the organization.
+
+        ```ruby
+        ruby_block 'share the torrent file' do
+          block do
+            f = File.open(node['bittorrent']['torrent'],'rb')
+            #read the .torrent file and base64 encode it
+            enc = Base64.encode64(f.read)
+            data = {
+              'id'=>bittorrent_item_id(node['bittorrent']['file']),
+              'seed'=>node.ipaddress,
+              'torrent'=>enc
+            }
+            item = Chef::DataBagItem.new
+            item.data_bag('bittorrent')
+            item.raw_data = data
+            item.save
+          end
+          action :nothing
+          subscribes :create, "bittorrent_torrent[#{node['bittorrent']['torrent']}]", :immediately
+        end
+        ```
+
+        **Update the /etc/hosts file**
+
+        The following example shows how the ruby_block resource can be used to update the /etc/hosts file:
+
+        ```ruby
+        ruby_block 'edit etc hosts' do
+          block do
+            rc = Chef::Util::FileEdit.new('/etc/hosts')
+            rc.search_file_replace_line(/^127\.0\.0\.1 localhost$/,
+              '127.0.0.1 #{new_fqdn} #{new_hostname} localhost')
+            rc.write_file
+          end
+        end
+        ```
+
+        **Set environment variables**
+
+        The following example shows how to use variables within a Ruby block to set environment variables using rbenv.
+
+        ```ruby
+        node.override[:rbenv][:root] = rbenv_root
+        node.override[:ruby_build][:bin_path] = rbenv_binary_path
+
+        ruby_block 'initialize' do
+          block do
+            ENV['RBENV_ROOT'] = node[:rbenv][:root]
+            ENV['PATH'] = "#{node[:rbenv][:root]}/bin:#{node[:ruby_build][:bin_path]}:#{ENV['PATH']}"
+          end
+        end
+        ```
+
+        **Call methods in a gem**
+
+        The following example shows how to call methods in gems not shipped in Chef Infra Client
+
+        ```ruby
+        chef_gem 'mongodb'
+
+        ruby_block 'config_replicaset' do
+          block do
+            MongoDB.configure_replicaset(node, replicaset_name, rs_nodes)
+          end
+          action :run
+        end
+        ```
+      DOC
 
       default_action :run
       allowed_actions :create, :run

data/lib/chef/resource/scm/subversion.rb

@@ -28,7 +28,7 @@ class Chef
 
       provides :subversion
 
-      description "Use the **subversion** resource to manage source control resources that exist in a Subversion repository."
+      description "Use the **subversion** resource to manage source control resources that exist in a Subversion repository. Warning: The subversion resource has known bugs and may not work as expected. For more information see Chef GitHub issues, particularly [#4050](https://github.com/chef/chef/issues/4050) and [#4257](https://github.com/chef/chef/issues/4257)."
       examples <<~DOC
       **Get the latest version of an application**
 

data/lib/chef/resource/support/HabService.dll.config.erb

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <appSettings>
+    <add key="debug" value="false" />
+    <% if @auth_token %>
+    <add key="ENV_HAB_AUTH_TOKEN" value="<%= @auth_token %>" />
+    <% end %>
+    <% if @gateway_auth_token %>
+    <add key="ENV_HAB_SUP_GATEWAY_AUTH_TOKEN" value="<%= @gateway_auth_token %>" />
+    <% end %>
+    <% if @bldr_url %>
+    <add key="ENV_HAB_BLDR_URL" value="<%= @bldr_url %>" />
+    <% end %>
+    <%if  @exec_start_options %>
+    <add key="launcherArgs" value="--no-color <%= @exec_start_options %>" />
+    <% end %>
+    <add key="launcherPath" value="C:\Hab\pkgs\<%= `hab pkg list core/hab-launcher`.split().last %>\bin\hab-launch.exe"/>
+  </appSettings>
+</configuration>

data/lib/chef/resource/support/client.erb

@@ -18,10 +18,17 @@
       @pid_file
       @policy_group
       @policy_name
-      @ssl_verify_mode).each do |prop| -%>
+      @ssl_verify_mode
+      @policy_persist_run_list).each do |prop| -%>
 <% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
 <%=prop.delete_prefix("@") %> <%= instance_variable_get(prop).inspect %>
 <% end -%>
+<%# ohai_disabled_plugins and ohai_optional_plugins properties don't match the config value perfectly-%>
+<% %w(@ohai_disabled_plugins
+      @ohai_optional_plugins).each do |prop| -%>
+<% next if instance_variable_get(prop).nil? || instance_variable_get(prop).empty? -%>
+<%=prop.gsub("@ohai_", "ohai.") %> <%= instance_variable_get(prop).inspect %>
+<% end -%>
 <%# log_location is special due to STDOUT/STDERR from String -> IO Object -%>
 <% unless @log_location.nil? %>
   <% if @log_location.is_a?(String) && %w(STDOUT STDERR).include?(@log_location) -%>