chef 17.3.48-universal-mingw32 → 17.6.15-universal-mingw32

data/lib/chef/provider/user/mac.rb

@@ -28,7 +28,7 @@ class Chef
   class Provider
     class User
       # A macOS user provider that is compatible with default TCC restrictions
-      # in macOS 10.14. See resource/user/mac_user.rb for complete description
+      # in macOS 10.14+. See resource/user/mac_user.rb for complete description
       # of the mac_user resource
       class MacUser < Chef::Provider::User
         include Chef::Mixin::Which
@@ -49,11 +49,11 @@ class Chef
             current_resource.uid(user_plist[:uid][0])
             current_resource.gid(user_plist[:gid][0])
             current_resource.home(user_plist[:home][0])
-            current_resource.shell(user_plist[:shell][0])
+            current_resource.shell(user_plist[:shell]&.first) # use &.first since shell can be nil
             current_resource.comment(user_plist[:comment][0])
 
             if user_plist[:is_hidden]
-              current_resource.hidden(user_plist[:is_hidden][0] == "1" ? true : false)
+              current_resource.hidden(user_plist[:is_hidden]&.first == "1" ? true : false) # when not hidden the value seems to be nil so &.first to handle that
             end
 
             shadow_hash = user_plist[:shadow_hash]

data/lib/chef/provider/yum_repository.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "../resource"
-require_relative "../dsl/declare_resource"
 require_relative "../mixin/which"
 require_relative "noop"
 
@@ -32,8 +31,8 @@ class Chef
 
       def load_current_resource; end
 
-      action :create do
-        declare_resource(:template, ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo")) do
+      action :create, description: "Create a repository based on the properties." do
+        template ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo") do
           if template_available?(new_resource.source)
             source new_resource.source
           else
@@ -46,72 +45,57 @@ class Chef
           if new_resource.make_cache
             notifies :run, "execute[yum clean metadata #{new_resource.repositoryid}]", :immediately if new_resource.clean_metadata || new_resource.clean_headers
             notifies :run, "execute[yum-makecache-#{new_resource.repositoryid}]", :immediately
-            notifies :create, "ruby_block[package-cache-reload-#{new_resource.repositoryid}]", :immediately
+            notifies :flush_cache, "package[package-cache-reload-#{new_resource.repositoryid}]", :immediately
           end
         end
 
-        declare_resource(:execute, "yum clean metadata #{new_resource.repositoryid}") do
-          command "yum clean metadata --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
-          action :nothing
-        end
+        # avoid extra logging if make_cache property isn't set
+        if new_resource.make_cache
+          execute "yum clean metadata #{new_resource.repositoryid}" do
+            command "yum clean metadata --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+            action :nothing
+          end
 
-        # get the metadata for this repo only
-        declare_resource(:execute, "yum-makecache-#{new_resource.repositoryid}") do
-          command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
-          action :nothing
-          only_if { new_resource.enabled }
-        end
+          # get the metadata for this repo only
+          execute "yum-makecache-#{new_resource.repositoryid}" do
+            command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
+            action :nothing
+            only_if { new_resource.enabled }
+          end
 
-        # reload internal Chef yum/dnf cache
-        declare_resource(:ruby_block, "package-cache-reload-#{new_resource.repositoryid}") do
-          if ( platform?("fedora") && node["platform_version"].to_i >= 22 ) ||
-              ( platform_family?("rhel") && node["platform_version"].to_i >= 8 )
-            block { Chef::Provider::Package::Dnf::PythonHelper.instance.restart }
-          else
-            block { Chef::Provider::Package::Yum::YumCache.instance.reload }
+          package "package-cache-reload-#{new_resource.repositoryid}" do
+            action :nothing
           end
-          action :nothing
         end
       end
 
-      action :delete do
+      action :delete, description: "Remove a repository." do
         # clean the repo cache first
-        declare_resource(:execute, "yum clean all #{new_resource.repositoryid}") do
+        execute "yum clean all #{new_resource.repositoryid}" do
           command "yum clean all --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
           only_if "yum repolist all | grep -P '^#{new_resource.repositoryid}([ \t]|$)'"
         end
 
-        declare_resource(:file, ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo")) do
+        file ::File.join(new_resource.reposdir, "#{new_resource.repositoryid}.repo") do
           action :delete
-          notifies :create, "ruby_block[package-cache-reload-#{new_resource.repositoryid}]", :immediately
+          notifies :flush_cache, "package[package-cache-reload-#{new_resource.repositoryid}]", :immediately
         end
 
-        declare_resource(:ruby_block, "package-cache-reload-#{new_resource.repositoryid}") do
-          if ( platform?("fedora") && node["platform_version"].to_i >= 22 ) ||
-              ( platform_family?("rhel") && node["platform_version"].to_i >= 8 )
-            block { Chef::Provider::Package::Dnf::PythonHelper.instance.restart }
-          else
-            block { Chef::Provider::Package::Yum::YumCache.instance.reload }
-          end
+        package "package-cache-reload-#{new_resource.repositoryid}" do
           action :nothing
         end
       end
 
-      action :makecache do
-        declare_resource(:execute, "yum-makecache-#{new_resource.repositoryid}") do
+      action :makecache, description: "Force the creation of the repository cache. This is also done automatically when a repository is updated." do
+        execute "yum-makecache-#{new_resource.repositoryid}" do
           command "yum -q -y makecache --disablerepo=* --enablerepo=#{new_resource.repositoryid}"
           action :run
           only_if { new_resource.enabled }
+          notifies :flush_cache, "package[package-cache-reload-#{new_resource.repositoryid}]", :immediately
         end
 
-        declare_resource(:ruby_block, "package-cache-reload-#{new_resource.repositoryid}") do
-          if ( platform?("fedora") && node["platform_version"].to_i >= 22 ) ||
-              ( platform_family?("rhel") && node["platform_version"].to_i >= 8 )
-            block { Chef::Provider::Package::Dnf::PythonHelper.instance.restart }
-          else
-            block { Chef::Provider::Package::Yum::YumCache.instance.reload }
-          end
-          action :run
+        package "package-cache-reload-#{new_resource.repositoryid}" do
+          action :nothing
         end
       end
 

data/lib/chef/provider/zypper_repository.rb

@@ -29,7 +29,7 @@ class Chef
 
       def load_current_resource; end
 
-      action :create do
+      action :create, description: "Add a new Zypper repository." do
         if new_resource.gpgautoimportkeys
           install_gpg_keys(new_resource.gpgkey)
         else
@@ -50,13 +50,13 @@ class Chef
         end
       end
 
-      action :delete do
+      action :delete, description: "Remove a Zypper repository." do
         execute "zypper --quiet --non-interactive removerepo #{escaped_repo_name}" do
           only_if "zypper --quiet lr #{escaped_repo_name}"
         end
       end
 
-      action :refresh do
+      action :refresh, description: "Refresh Zypper repository." do
         execute "zypper --quiet --non-interactive refresh --force #{escaped_repo_name}" do
           only_if "zypper --quiet lr #{escaped_repo_name}"
         end

data/lib/chef/provider.rb

@@ -57,10 +57,12 @@ class Chef
     #
     # @since 13.0
     # @param name [String, Symbol] Name of the action to define.
+    # @param description [String] description of the action
     # @param block [Proc] Body of the action.
     #
     # @return [void]
-    def self.action(name, &block)
+    def self.action(name, description: nil, &block)
+      action_descriptions[name.to_sym] = description unless description.nil?
       # We need the block directly in a method so that `return` works.
       define_method("compile_action_#{name}", &block)
       class_eval <<-EOM
@@ -70,6 +72,29 @@ class Chef
       EOM
     end
 
+    # Return the hash of action descriptions defined for
+    # the provider class.
+    #
+    # @return [Hash] hash of [Symbol] => [String] containing
+    # any provided action descriptions.
+    def self.action_descriptions
+      @action_descriptions ||= {}
+    end
+
+    # Retrieve the description for a provider's action, if
+    # any description has been included in the definition.
+    #
+    # @param action [Symbol,String] the action name
+    # @return [String] the description of the action provided, or nil if no description
+    # was defined
+    def self.action_description(action)
+      description = action_descriptions[action.to_sym]
+      if description.nil? && superclass.respond_to?(:action_description)
+        description = superclass.action_description(action)
+      end
+      description
+    end
+
     # Deprecation stub for the old use_inline_resources mode.
     #
     # @return [void]

data/lib/chef/provider_resolver.rb

@@ -57,10 +57,16 @@ class Chef
     end
 
     def resolve
-      maybe_explicit_provider(resource) ||
+      resolved = maybe_explicit_provider(resource) ||
         maybe_custom_resource(resource) ||
-        maybe_dynamic_provider_resolution(resource, action) ||
+        maybe_dynamic_provider_resolution(resource, action)
+
+      if resolved.nil?
+        raise(Chef::Exceptions::ProviderNotFound, "Cannot find a provider for #{resource}") if node.nil?
+
         raise(Chef::Exceptions::ProviderNotFound, "Cannot find a provider for #{resource} on #{node["platform"]} version #{node["platform_version"]}")
+      end
+      resolved
     end
 
     # Does NOT call provides? on the resource (it is assumed this is being

data/lib/chef/resource/archive_file.rb

@@ -81,6 +81,11 @@ class Chef
         description: "Should the resource overwrite the destination file contents if they already exist? If set to `:auto` the date stamp of files within the archive will be compared to those on disk and disk contents will be overwritten if they differ. This may cause unintended consequences if disk date stamps are changed between runs, which will result in the files being overwritten during each client run. Make sure to properly test any change to this property.",
         default: false
 
+      property :strip_components, Integer,
+        description: "Remove the specified number of leading path elements. Pathnames with fewer elements will be silently skipped. This behaves similarly to tar's --strip-components command line argument.",
+        introduced: "17.5",
+        default: 0
+
       # backwards compatibility for the legacy cookbook names
       alias_method :extract_options, :options
       alias_method :extract_to, :destination
@@ -117,7 +122,7 @@ class Chef
 
         if new_resource.owner || new_resource.group
           converge_by("set owner of files extracted in #{new_resource.destination} to #{new_resource.owner}:#{new_resource.group}") do
-            archive = Archive::Reader.open_filename(new_resource.path)
+            archive = Archive::Reader.open_filename(new_resource.path, nil, strip_components: new_resource.strip_components)
             archive.each_entry do |e|
               FileUtils.chown(new_resource.owner, new_resource.group, "#{new_resource.destination}/#{e.pathname}")
             end
@@ -160,18 +165,16 @@ class Chef
         # @return [Boolean]
         def archive_differs_from_disk?(src, dest)
           modified = false
-          Dir.chdir(dest) do
-            archive = Archive::Reader.open_filename(src)
-            Chef::Log.trace("Beginning the comparison of file mtime between contents of #{src} and #{dest}")
-            archive.each_entry do |e|
-              pathname = ::File.expand_path(e.pathname)
-              if ::File.exist?(pathname)
-                Chef::Log.trace("#{pathname} mtime is #{::File.mtime(pathname)} and archive is #{e.mtime}")
-                modified = true unless ::File.mtime(pathname) == e.mtime
-              else
-                Chef::Log.trace("#{pathname} doesn't exist on disk, but exists in the archive")
-                modified = true
-              end
+          archive = Archive::Reader.open_filename(src, nil, strip_components: new_resource.strip_components)
+          Chef::Log.trace("Beginning the comparison of file mtime between contents of #{src} and #{dest}")
+          archive.each_entry do |e|
+            pathname = ::File.expand_path(e.pathname, dest)
+            if ::File.exist?(pathname)
+              Chef::Log.trace("#{pathname} mtime is #{::File.mtime(pathname)} and archive is #{e.mtime}")
+              modified = true unless ::File.mtime(pathname) == e.mtime
+            else
+              Chef::Log.trace("#{pathname} doesn't exist on disk, but exists in the archive")
+              modified = true
             end
           end
           modified
@@ -189,7 +192,7 @@ class Chef
             flags = [options].flatten.map { |option| extract_option_map[option] }.compact.reduce(:|)
 
             Dir.chdir(dest) do
-              archive = Archive::Reader.open_filename(src)
+              archive = Archive::Reader.open_filename(src, nil, strip_components: new_resource.strip_components)
 
               archive.each_entry do |e|
                 archive.extract(e, flags.to_i)

data/lib/chef/resource/chef_client_scheduled_task.rb

@@ -58,6 +58,14 @@ class Chef
         daemon_options ['-n audit_only']
       end
       ```
+
+      **Run #{ChefUtils::Dist::Infra::PRODUCT} with a persistent delay on every run calculated once, similar to how chef_client_cron resource works**:
+
+      ```ruby
+      chef_client_scheduled_task 'Run chef-client with persistent splay' do
+        use_consistent_splay true
+      end
+      ```
       DOC
 
       resource_name :chef_client_scheduled_task
@@ -104,6 +112,11 @@ class Chef
         description: "A random number of seconds between 0 and X to add to interval so that all #{ChefUtils::Dist::Infra::CLIENT} commands don't execute at the same time.",
         default: 300
 
+      property :use_consistent_splay, [true, false],
+        description: "Always use the same random splay amount for each node to ensure consistent frequencies between #{ChefUtils::Dist::Infra::CLIENT} execution.",
+        introduced: "17.5",
+        default: false
+
       property :run_on_battery, [true, false],
         description: "Run the #{ChefUtils::Dist::Infra::PRODUCT} task when the system is on batteries.",
         default: true
@@ -129,6 +142,11 @@ class Chef
         description: "An array of options to pass to the #{ChefUtils::Dist::Infra::CLIENT} command.",
         default: []
 
+      property :priority, Integer,
+        description: "Use to set Priority Levels range from 0 to 10.",
+        introduced: "17.5",
+        default: 7, callbacks: { "should be in range of 0 to 10" => proc { |v| v >= 0 && v <= 10 } }
+
       action :add, description: "Add a Windows Scheduled Task that runs #{ChefUtils::Dist::Infra::PRODUCT}." do
         # TODO: Replace this with a :create_if_missing action on directory when that exists
         unless Dir.exist?(new_resource.log_directory)
@@ -151,8 +169,9 @@ class Chef
           frequency_modifier             new_resource.frequency_modifier if frequency_supports_frequency_modifier?
           start_time                     new_resource.start_time
           start_day                      new_resource.start_date unless new_resource.start_date.nil?
-          random_delay                   new_resource.splay if frequency_supports_random_delay?
+          random_delay                   new_resource.splay if frequency_supports_random_delay? && !new_resource.use_consistent_splay
           disallow_start_if_on_batteries new_resource.splay unless new_resource.run_on_battery
+          priority                       new_resource.priority
           action                         %i{create enable}
         end
       end
@@ -173,7 +192,31 @@ class Chef
           # Fetch path of cmd.exe through environment variable comspec
           cmd_path = ENV["COMSPEC"]
 
-          "#{cmd_path} /c \"#{client_cmd}\""
+          "#{cmd_path} /c \"#{consistent_splay_command}#{client_cmd}\""
+        end
+
+        #
+        # Generate a uniformly distributed unique number to sleep from 0 to the splay time
+        #
+        # @param [Integer] splay The number of seconds to splay
+        #
+        # @return [Integer]
+        #
+        def splay_sleep_time(splay)
+          seed = node["shard_seed"] || Digest::MD5.hexdigest(node.name).to_s.hex
+          random = Random.new(seed.to_i)
+          random.rand(splay)
+        end
+
+        #
+        # The consistent splay sleep time when use_consistent_splay is true.
+        #
+        # @return [NilClass,String] The prepended sleep command to run prior to executing the full command.
+        #
+        def consistent_splay_command
+          return unless new_resource.use_consistent_splay
+
+          "C:/windows/system32/windowspowershell/v1.0/powershell.exe Start-Sleep -s #{splay_sleep_time(new_resource.splay)} && "
         end
 
         #

data/lib/chef/resource/chocolatey_config.rb

@@ -24,22 +24,22 @@ class Chef
       description "Use the **chocolatey_config** resource to add or remove Chocolatey configuration keys."
       introduced "14.3"
       examples <<~DOC
-        **Set the Chocolatey cacheLocation config**:
+      **Set the Chocolatey cacheLocation config**:
 
-        ```ruby
-        chocolatey_config 'Set cacheLocation config' do
-          config_key 'cacheLocation'
-          value 'C:\temp\choco'
-        end
-        ```
+      ```ruby
+      chocolatey_config 'Set cacheLocation config' do
+        config_key 'cacheLocation'
+        value 'C:\\temp\\choco'
+      end
+      ```
 
-        **Unset a Chocolatey config**:
+      **Unset a Chocolatey config**:
 
-        ```ruby
-        chocolatey_config 'BogusConfig' do
-          action :unset
-        end
-        ```
+      ```ruby
+      chocolatey_config 'BogusConfig' do
+        action :unset
+      end
+      ```
       DOC
 
       property :config_key, String, name_property: true,

data/lib/chef/resource/execute.rb

@@ -549,11 +549,11 @@ class Chef
         desired_state: false
 
       property :user, [ String, Integer ],
-        description: "The user name of the user identity with which to launch the new process. The user name may optionally be specified with a domain, i.e. `domainuser` or `user@my.dns.domain.com` via Universal Principal Name (UPN)format. It can also be specified without a domain simply as user if the domain is instead specified using the domain property. On Windows only, if this property is specified, the password property must be specified."
+        description: "The user name of the user identity with which to launch the new process. The user name may optionally be specified with a domain, i.e. `domain\\user` or `user@my.dns.domain.com` via Universal Principal Name (UPN)format. It can also be specified without a domain simply as user if the domain is instead specified using the domain property. On Windows only, if this property is specified, the password property must be specified."
 
       property :domain, String,
         introduced: "12.21",
-        description: "Windows only: The domain of the user user specified by the user property. If not specified, the username and password specified by the `user` and `password` properties will be used to resolve that user against the domain in which the system running #{ChefUtils::Dist::Infra::PRODUCT} is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the user property."
+        description: "Windows only: The domain of the user specified by the user property. If not specified, the username and password specified by the `user` and `password` properties will be used to resolve that user against the domain in which the system running #{ChefUtils::Dist::Infra::PRODUCT} is joined, or if that system is not joined to a domain it will resolve the user as a local account on that system. An alternative way to specify the domain is to leave this property unspecified and specify the domain as part of the user property."
 
       property :password, String, sensitive: true,
         introduced: "12.21",

data/lib/chef/resource/file/verification/json.rb

@@ -0,0 +1,50 @@
+#
+# Author:: Antony Thomas (<antonydeepak@gmail.com>)
+# Copyright:: Copyright (c) Facebook, Inc. and its affiliates.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+class Chef
+  class Resource
+    class File
+      class Verification
+
+        #
+        # Extends File verification to provide Json verification
+        #
+        # Example:
+        # file 'foo.json' do
+        #   content '{"foo": "bar"}'
+        #   verify :json
+        # end
+        #
+        #
+
+        class Json < Chef::Resource::File::Verification
+
+          provides :json
+
+          def verify(path, opts = {})
+            Chef::JSONCompat.parse(IO.read(path))
+            true
+          rescue Chef::Exceptions::JSON::ParseError => e
+            Chef::Log.error("Json syntax verify failed with : #{e.message}")
+            false
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/file/verification/yaml.rb

@@ -0,0 +1,52 @@
+#
+# Author:: Antony Thomas (<antonydeepak@gmail.com>)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "psych" unless defined?(Psych)
+
+class Chef
+  class Resource
+    class File
+      class Verification
+
+        #
+        # Extends File verification to provide a Yaml verification
+        #
+        # Example:
+        # file 'foo.yaml' do
+        #   content "--- foo: 'foo-"
+        #   verify :yaml
+        # end
+        #
+        #
+
+        class Yaml < Chef::Resource::File::Verification
+
+          provides :yaml
+
+          def verify(path, opts = {})
+            Psych.parse_file(path)
+            true
+          rescue Psych::SyntaxError => e
+            Chef::Log.error("Yaml syntax verify failed with : #{e.message}")
+            false
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/homebrew_cask.rb

@@ -34,7 +34,7 @@ class Chef
 
       property :cask_name, String,
         description: "An optional property to set the cask name if it differs from the resource block's name.",
-        regex: %r{^[\w/-]+$},
+        regex: %r{^[\w/\-@]+$},
         validation_message: "The provided Homebrew cask name is not valid. Cask names can contain alphanumeric characters, _, -, or / only!",
         name_property: true
 

data/lib/chef/resource/inspec_input.rb

@@ -0,0 +1,127 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "../resource"
+
+class Chef
+  class Resource
+    class InspecInput < Chef::Resource
+      provides :inspec_input
+      unified_mode true
+
+      description "Use the **inspec_input** resource to add an input to the Compliance Phase."
+      introduced "17.5"
+      examples <<~DOC
+
+      **Activate the default input in the openssh cookbook's compliance segment**:
+
+      ```ruby
+        inspec_input 'openssh' do
+          action :add
+        end
+      ```
+
+      **Activate all inputs in the openssh cookbook's compliance segment**:
+
+      ```ruby
+        inspec_input 'openssh::.*' do
+          action :add
+        end
+      ```
+
+      **Add an InSpec input to the Compliance Phase from a hash**:
+
+      ```ruby
+        inspec_input { ssh_custom_path: '/whatever2' }
+      ```
+
+      **Add an InSpec input to the Compliance Phase using the 'name' property to identify the input**:
+
+      ```ruby
+        inspec_input "setting my input" do
+          source( { ssh_custom_path: '/whatever2' })
+        end
+      ```
+
+      **Add an InSpec input to the Compliance Phase using a TOML, JSON, or YAML file**:
+
+      ```ruby
+        inspec_input "/path/to/my/input.yml"
+      ```
+
+      **Add an InSpec input to the Compliance Phase using a TOML, JSON, or YAML file, using the 'name' property**:
+
+      ```ruby
+        inspec_input "setting my input" do
+          source "/path/to/my/input.yml"
+        end
+      ```
+
+      Note that the **inspec_input** resource does not update and will not fire notifications (similar to the log resource). This is done to preserve the ability to use
+      the resource while not causing the updated resource count to be larger than zero. Since the resource does not update the state of the managed node, this behavior
+      is still consistent with the configuration management model. Instead, you should use events to observe configuration changes for the compliance phase. It is
+      possible to use the `notify_group` resource to chain notifications of the two resources, but notifications are the wrong model to use, and you should use pure ruby
+      conditionals instead. Compliance configuration should be independent of other resources and should only be conditional based on state/attributes, not other resources.
+      DOC
+
+      property :name, [ Hash, String ]
+
+      property :input, [ Hash, String ],
+        name_property: true
+
+      property :source, [ Hash, String ],
+        name_property: true
+
+      action :add, description: "Add an input to the compliance phase" do
+        if run_context.input_collection.valid?(new_resource.input)
+          include_input(new_resource.input)
+        else
+          include_input(input_hash)
+        end
+      end
+
+      action_class do
+        # If the source is nil and the input / name_property contains a file separator and is a string of a
+        # file that exists, then use that as the file (similar to the package provider automatic source property).  Otherwise
+        # just return the source.
+        #
+        # @api private
+        def source
+          @source ||= build_source
+        end
+
+        def build_source
+          return new_resource.source unless new_resource.source.nil?
+          return nil unless new_resource.input.count(::File::SEPARATOR) > 0 || (::File::ALT_SEPARATOR && new_resource.input.count(::File::ALT_SEPARATOR) > 0 )
+          return nil unless ::File.exist?(new_resource.input)
+
+          new_resource.input
+        end
+
+        def input_hash
+          case source
+          when Hash
+            source
+          when String
+            parse_file(source)
+          when nil
+            raise Chef::Exceptions::ValidationFailed, "Could not find the input #{new_resource.input} in any cookbook segment."
+          end
+        end
+      end
+    end
+  end
+end