chef 17.8.25-universal-mingw32 → 17.9.46-universal-mingw32

data/lib/chef/resource/chef_client_config.rb

@@ -97,7 +97,6 @@ class Chef
         data_collector_token 'TEST_TOKEN_TEST'
       end
       ```
-
       DOC
 
       # @todo policy_file or policy_group being set requires the other to be set so enforce that.
@@ -243,11 +242,11 @@ class Chef
         description: "Additional text to add at the bottom of the client.rb config. This can be used to run custom Ruby or to add less common config options"
 
       property :data_collector_server_url, String,
-        description: "The data collector url (typically automate) to send node, converge and compliance data. Note: Data collection reporting to Automate should be performed directly by Chef Infra Server if possible, as this removes the need to distribute tokens to individual nodes.",
+        description: "The data collector URL (typically automate) to send node, converge, and compliance data. Note: If possible, use Chef Infra Server to do all data collection reporting, as this removes the need to distribute tokens to individual nodes.",
         introduced: "17.8"
 
       property :data_collector_token, String,
-        description: "The data collector token to interact with the data collector server url (Automate). Note: Data collection reporting to Automate should be performed directly by Chef Infra Server if possible, as this removes the need to distribute tokens to individual nodes.",
+        description: "The data collector token to interact with the data collector server URL (Automate). Note: If possible, use Chef Infra Server to do all data collection reporting, as this removes the need to distribute tokens to individual nodes.",
         introduced: "17.8"
 
       action :create, description: "Create a client.rb config file for configuring #{ChefUtils::Dist::Infra::PRODUCT}." do

data/lib/chef/resource/chocolatey_package.rb

@@ -25,7 +25,7 @@ class Chef
 
       provides :chocolatey_package
 
-      description "Use the **chocolatey_package** resource to manage packages using Chocolatey on the Microsoft Windows platform. Note: The Chocolatey package manager is not installed on Windows by default. You will need to install it prior to using this resource by adding the [Chocolatey cookbook](https://supermarket.chef.io/cookbooks/chocolatey/) to your node's run list."
+      description "Use the **chocolatey_package** resource to manage packages using the Chocolatey package manager on the Microsoft Windows platform. Note: The Chocolatey package manager is not installed on Windows by default. You will need to install it prior to using this resource by adding the [chocolatey cookbook](https://supermarket.chef.io/cookbooks/chocolatey/) to your node's run list. Warning: The **chocolatey_package** resource must be specified as `chocolatey_package` and cannot be shortened to `package` in a recipe."
       introduced "12.7"
       examples <<~DOC
         **Install a Chocolatey package**:
@@ -73,9 +73,9 @@ class Chef
         coerce: proc { |x| [x].flatten }
 
       # In the choco if we have the feature useEnhancedExitCodes turned on, then choco will provide enhanced exit codes(2: no results).
-      # Choco exit codes https://chocolatey.org/docs/commandsinfo#exit-codes
+      # Choco exit codes https://docs.chocolatey.org/en-us/choco/commands/info#exit-codes
       property :returns, [Integer, Array],
-        description: "The exit code(s) returned a chocolatey package that indicate success.",
+        description: "The exit code(s) returned by the `choco` command that indicate a successful action. See [Chocolatey Exit Codes](https://docs.chocolatey.org/en-us/choco/commands/info#exit-codes) for a complete list of exit codes used by Chocolatey.",
         default: [ 0, 2 ], desired_state: false,
         introduced: "12.18"
     end

data/lib/chef/resource/cron/cron.rb

@@ -20,6 +20,7 @@
 require_relative "../../resource"
 require_relative "../helpers/cron_validations"
 require_relative "../../provider/cron" # do not remove. we actually need this below
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -30,7 +31,80 @@ class Chef
 
       provides :cron
 
-      description "Use the **cron** resource to manage cron entries for time-based job scheduling. Properties for a schedule will default to * if not provided. The cron resource requires access to a crontab program, typically cron."
+      description "Use the **cron** resource to manage cron entries for time-based job scheduling. Properties for a schedule will default to * if not provided. The cron resource requires access to a crontab program, typically cron. Warning: The cron resource should only be used to modify an entry in a crontab file. The `cron_d` resource directly manages `cron.d` files. This resource ships in #{ChefUtils::Dist::Infra::PRODUCT} 14.4 or later and can also be found in the [cron](https://github.com/chef-cookbooks/cron) cookbook) for previous #{ChefUtils::Dist::Infra::PRODUCT} releases."
+
+      examples <<~'DOC'
+      **Run a program at a specified interval**
+
+      ```ruby
+      cron 'noop' do
+        hour '5'
+        minute '0'
+        command '/bin/true'
+      end
+      ```
+
+      **Run an entry if a folder exists**
+
+      ```ruby
+      cron 'ganglia_tomcat_thread_max' do
+        command "/usr/bin/gmetric
+          -n 'tomcat threads max'
+          -t uint32
+          -v '/usr/local/bin/tomcat-stat --thread-max'"
+        only_if { ::File.exist?('/home/jboss') }
+      end
+      ```
+
+      **Run every Saturday, 8:00 AM**
+
+      The following example shows a schedule that will run every hour at 8:00 each Saturday morning, and will then send an email to “admin@example.com” after each run.
+
+      ```ruby
+      cron 'name_of_cron_entry' do
+        minute '0'
+        hour '8'
+        weekday '6'
+        mailto 'admin@example.com'
+        action :create
+      end
+      ```
+
+      **Run once a week**
+
+      ```ruby
+      cron 'cookbooks_report' do
+        minute '0'
+        hour '0'
+        weekday '1'
+        user 'chefio'
+        mailto 'sysadmin@example.com'
+        home '/srv/supermarket/shared/system'
+        command %W{
+          cd /srv/supermarket/current &&
+          env RUBYLIB="/srv/supermarket/current/lib"
+          RAILS_ASSET_ID=`git rev-parse HEAD` RAILS_ENV="#{rails_env}"
+          bundle exec rake cookbooks_report
+        }.join(' ')
+        action :create
+      end
+      ```
+
+      **Run only in November**
+
+      The following example shows a schedule that will run at 8:00 PM, every weekday (Monday through Friday), but only in November:
+
+      ```ruby
+      cron 'name_of_cron_entry' do
+        minute '0'
+        hour '20'
+        day '*'
+        month '11'
+        weekday '1-5'
+        action :create
+      end
+      ```
+      DOC
 
       state_attrs :minute, :hour, :day, :month, :weekday, :user
 

data/lib/chef/resource/cron/cron_d.rb

@@ -18,6 +18,7 @@
 require_relative "../../resource"
 require_relative "../helpers/cron_validations"
 require "shellwords" unless defined?(Shellwords)
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 
 class Chef
   class Resource
@@ -29,7 +30,7 @@ class Chef
       provides :cron_d
 
       introduced "14.4"
-      description "Use the **cron_d** resource to manage cron job files in the `/etc/cron.d` directory. This is similar to the 'cron' resource, but it does not use the monolithic /etc/crontab file."
+      description "Use the **cron_d** resource to manage cron job files in the `/etc/cron.d` directory. Warning: #{ChefUtils::Dist::Infra::PRODUCT} also ships with the **cron** resource for managing the monolithic `/etc/crontab` file on platforms that lack cron.d support. See the [cron resource](/resources/cron/) for information on using that resource."
       examples <<~DOC
         **Run a program on the fifth hour of the day**
 

data/lib/chef/resource/habitat/habitat_sup.rb

@@ -284,7 +284,7 @@ class Chef
           if new_resource.peer
             peer_list = []
             new_resource.peer.each do |p|
-              peer_list << if p !~ /.*:.*/
+              peer_list << if !/.*:.*/.match?(p)
                              p + ":9632"
                            else
                              p

data/lib/chef/resource/habitat/habitat_sup_windows.rb

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
 
-require "win32/service" if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+require "win32/service" if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
 require_relative "habitat_sup"
 
 class Chef

data/lib/chef/resource/homebrew_tap.rb

@@ -41,10 +41,6 @@ class Chef
       property :url, String,
         description: "The URL of the tap."
 
-      property :full, [TrueClass, FalseClass],
-        description: "Perform a full clone on the tap, as opposed to a shallow clone.",
-        default: false
-
       property :homebrew_path, String,
         description: "The path to the Homebrew binary.",
         default: "/usr/local/bin/brew"
@@ -57,7 +53,7 @@ class Chef
       action :tap, description: "Add a Homebrew tap." do
         unless tapped?(new_resource.tap_name)
           converge_by("tap #{new_resource.tap_name}") do
-            shell_out!("#{new_resource.homebrew_path} tap #{new_resource.full ? "--full" : ""} #{new_resource.tap_name} #{new_resource.url || ""}",
+            shell_out!("#{new_resource.homebrew_path} tap #{new_resource.tap_name} #{new_resource.url || ""}",
               user: new_resource.owner,
               env:  { "HOME" => ::Dir.home(new_resource.owner), "USER" => new_resource.owner },
               cwd: ::Dir.home(new_resource.owner))

data/lib/chef/resource/inspec_waiver_file_entry.rb

@@ -135,7 +135,7 @@ class Chef
 
       action_class do
         def load_waiver_file_to_hash(file_name)
-          if file_name =~ %r{(/|C:\\).*(.yaml|.yml)}i
+          if %r{(/|C:\\).*(.yaml|.yml)}i.match?(file_name)
             if ::File.exist?(file_name)
               hash = ::YAML.load_file(file_name)
               if hash == false || hash.nil? || hash == ""

data/lib/chef/resource/launchd.rb

@@ -84,7 +84,7 @@ class Chef
                   end
 
           # Check to make sure that our array only has hashes
-          unless array.all? { |obj| obj.is_a?(Hash) }
+          unless array.all?(Hash)
             error_msg = "start_calendar_interval must be a single hash or an array of hashes!"
             raise Chef::Exceptions::ValidationFailed, error_msg
           end
@@ -98,7 +98,7 @@ class Chef
               raise Chef::Exceptions::ValidationFailed, error_msg
             end
 
-            unless entry.values.all? { |val| val.is_a?(Integer) }
+            unless entry.values.all?(Integer)
               failed_values = entry.values.reject { |val| val.is_a?(Integer) }.join(", ")
               error_msg = "Invalid value(s) (#{failed_values}) for start_calendar_interval item.  Values must be integers!"
               raise Chef::Exceptions::ValidationFailed, error_msg

data/lib/chef/resource/lwrp_base.rb

@@ -54,7 +54,7 @@ class Chef
           resource_class.run_context = run_context
           resource_class.class_from_file(filename)
 
-          if !resource_class.unified_mode && !deprecated_class(resource_class)
+          if !resource_class.unified_mode && !deprecated_class(resource_class) && cookbook_name.to_s != "chef_client_updater"
             Chef.deprecated :unified_mode, "The #{resource_class.resource_name} resource in the #{cookbook_name} cookbook should declare `unified_mode true`", filename
           end
 

data/lib/chef/resource/powershell_package_source.rb

@@ -25,10 +25,10 @@ class Chef
 
       provides :powershell_package_source
 
-      description "Use the **powershell_package_source** resource to register a PowerShell package source and a Powershell package provider. There are 2 distinct objects we care about here. The first is a Package Source like a PowerShell Repository or a Nuget Source. The second object is a provider that PowerShell uses to get to that source with, like PowerShellGet, Nuget, Chocolatey, etc. "
+      description "Use the **powershell_package_source** resource to register a PowerShell package source and a Powershell package provider. There are two distinct objects we care about here. The first is a package source like a PowerShell repository or a NuGet Source. The second object is a provider that PowerShell uses to get to that source with, like PowerShellGet, NuGet, Chocolatey, etc."
       introduced "14.3"
       examples <<~DOC
-        **Add a new PSRepository that is not trusted and which requires credentials to connect to**:
+        **Add a new PowerShell repository that is not trusted and which requires credentials to connect to**:
 
         ```ruby
         powershell_package_source 'PowerShellModules' do
@@ -43,7 +43,7 @@ class Chef
         end
         ```
 
-        **Add a new Package Source that uses Chocolatey as the Package Provider**:
+        **Add a new package source that uses Chocolatey as the package provider**:
 
         ```ruby
         powershell_package_source 'PowerShellModules' do
@@ -56,7 +56,7 @@ class Chef
         end
         ```
 
-        **Add a new PowerShell Script source that is trusted**:
+        **Add a new PowerShell script source that is trusted**:
 
         ```ruby
         powershell_package_source 'MyDodgyScript' do
@@ -68,7 +68,7 @@ class Chef
         end
         ```
 
-        **Update my existing PSRepository to make it Trusted after all**:
+        **Update an existing PowerShell repository to make it trusted**:
 
         ```ruby
         powershell_package_source 'MyPSModule' do
@@ -137,7 +137,7 @@ class Chef
         description: "The location where scripts will be published to for this source. Only valid if the provider is `PowerShellGet`."
 
       property :trusted, [TrueClass, FalseClass],
-        description: "Whether or not to trust packages from this source. Used when creating a NON-PSRepository Package Source",
+        description: "Whether or not to trust packages from this source. Used when creating a non-PowerShell repository package source.",
         default: false
 
       property :user, String,
@@ -151,7 +151,7 @@ class Chef
       property :provider_name, String,
         equal_to: %w{ Programs msi NuGet msu PowerShellGet psl chocolatey winget },
         validation_message: "The following providers are supported: 'Programs', 'msi', 'NuGet', 'msu', 'PowerShellGet', 'psl', 'chocolatey' or 'winget'",
-        description: "The package management provider for the package source. The default is PowerShellGet and this option need only be set otherwise in specific use cases.",
+        description: "The package management provider for the package source. The default is `PowerShellGet`. Only change this option in specific use cases.",
         default: "NuGet"
 
       load_current_value do
@@ -202,7 +202,7 @@ class Chef
         end
       end
 
-      action :set, description: "Updates an existing PSRepository or Package Source" do
+      action :set, description: "Updates an existing PowerShell repository or package source." do
         package_details = get_package_source_details
         output = package_details.result
         if output == "PSRepository"

data/lib/chef/resource/remote_file.rb

@@ -138,7 +138,7 @@ class Chef
           nil
         elsif args[0].is_a?(Chef::DelayedEvaluator) && args.count == 1
           args[0]
-        elsif args.any? { |a| a.is_a?(Chef::DelayedEvaluator) } && args.count > 1
+        elsif args.any?(Chef::DelayedEvaluator) && args.count > 1
           raise Exceptions::InvalidRemoteFileURI, "Only 1 source argument allowed when using a lazy evaluator"
         else
           Array(args).flatten

data/lib/chef/resource/rhsm_register.rb

@@ -80,7 +80,7 @@ class Chef
         introduced: "15.9"
 
       property :server_url, String,
-        description: "The hostname of the subscription service to use. The default is for Customer Portal Subscription Management, subscription.rhn.redhat.com. If this option is not used, the system is registered with Customer Portal Subscription Management.",
+        description: "The hostname of the subscription service to use. The default is Customer Portal Subscription Management, subscription.rhn.redhat.com. If you do not use this option, the system registers with Customer Portal Subscription Management.",
           introduced: "17.8"
 
       property :base_url, String,
@@ -88,12 +88,12 @@ class Chef
         introduced: "17.8"
 
       property :service_level, String,
-        description: "Sets the service level to use for subscriptions on the registering machine. This is only used with the auto_attach option.",
+        description: "Sets the service level to use for subscriptions on the registering machine. This is only used with the `auto_attach` option.",
         introduced: "17.8"
 
       property :release,
         [Float, String],
-        description: "Sets the operating system minor release to use for subscriptions for the system. Products and updates are limited to the specified minor release version. This is used only used with the auto_attach option.  For example, `release '6.4'` will append `--release=6.4` to the register command.",
+        description: "Sets the operating system minor release to use for subscriptions for the system. Products and updates are limited to the specified minor release version. This is used only used with the `auto_attach` option.  For example, `release '6.4'` will append `--release=6.4` to the register command.",
         introduced: "17.8"
 
       action :register, description: "Register the node with RHSM." do

data/lib/chef/resource/windows_feature_powershell.rb

@@ -216,8 +216,7 @@ class Chef
         def parsed_feature_list
           # Grab raw feature information from WindowsFeature
           raw_list_of_features = powershell_exec!("Get-WindowsFeature | Select-Object -Property Name,InstallState", timeout: new_resource.timeout).result
-
-          Chef::JSONCompat.from_json(raw_list_of_features)
+          raw_list_of_features || []
         end
 
         # add the features values to the appropriate array

data/lib/chef/resource/windows_task.rb

@@ -149,7 +149,6 @@ class Chef
       DOC
 
       allowed_actions :create, :delete, :run, :end, :enable, :disable, :change
-      default_action :create
 
       property :task_name, String, regex: [%r{\A[^/\:\*\?\<\>\|]+\z}],
         description: "An optional property to set the task name if it differs from the resource block's name. Example: `Task Name` or `/Task Name`",
@@ -182,10 +181,19 @@ class Chef
         default: false
 
       property :frequency_modifier, [Integer, String],
-        default: 1
+        default: 1,
+        description: <<~DOCS
+          * For frequency `:minute` valid values are 1 to 1439
+          * For frequency `:hourly` valid values are 1 to 23
+          * For frequency `:daily` valid values are 1 to 365
+          * For frequency `:weekly` valid values are 1 to 52
+          * For frequency `:monthly` valid values are `('FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST')` OR `1-12`.
+            * e.g. If user want to run the task on `second week of the month` use `frequency_modifier` value as `SECOND`. Multiple values for weeks of the month should be comma separated e.g. `"FIRST, THIRD, LAST"`.
+            * To run task every (n) months use values 1 to 12.
+        DOCS
 
       property :frequency, Symbol, equal_to: %i{minute hourly daily weekly monthly once on_logon onstart on_idle none},
-        description: "The frequency with which to run the task."
+        description: "The frequency with which to run the task. Note: This property is required in Chef Infra Client 14.1 or later. Note: The `:once` value requires the `start_time` property to be set."
 
       property :start_day, String,
         description: "Specifies the first date on which the task runs in **MM/DD/YYYY** format.",
@@ -195,7 +203,14 @@ class Chef
         description: "Specifies the start time to run the task, in **HH:mm** format."
 
       property :day, [String, Integer],
-        description: "The day(s) on which the task runs."
+        description:  <<~DOCS
+        The day(s) on which the task runs.
+          * Use this property when setting `frequency` to `:monthly` or `:weekly`.
+          * Valid values with frequency `:weekly` are `MON`-`SUN` or `*`.
+          * Valid values with frequency `:monthly` are `1-31`, `MON`-`SUN`, and `LASTDAY`.
+          * Use `MON`-`SUN` or `LASTDAY` if you are setting `frequency_modifier` as "FIRST, SECOND, THIRD etc." else use 1-31.
+          * Multiple days should be comma separated. e.g `1, 2, 3` or `MON, WED, FRI`.
+        DOCS
 
       property :months, String,
         description: "The Months of the year on which the task runs, such as: `JAN, FEB` or `*`. Multiple months should be comma delimited. e.g. `Jan, Feb, Mar, Dec`."
@@ -961,7 +976,7 @@ class Chef
         end
       end
 
-      action :create do
+      action :create, description: "Creates a scheduled task, or updates an existing task if any property has changed." do
         set_command_and_arguments if new_resource.command
 
         if current_resource.exists
@@ -998,7 +1013,7 @@ class Chef
         end
       end
 
-      action :run do
+      action :run, description: "Runs a scheduled task." do
         if current_resource.exists
           logger.trace "#{new_resource} task exists"
           if current_resource.task.status == "running"
@@ -1013,7 +1028,7 @@ class Chef
         end
       end
 
-      action :delete do
+      action :delete, description: "Deletes a scheduled task." do
         if current_resource.exists
           logger.trace "#{new_resource} task exists"
           converge_by("delete scheduled task #{new_resource}") do
@@ -1026,7 +1041,7 @@ class Chef
         end
       end
 
-      action :end do
+      action :end, description: "Ends a scheduled task." do
         if current_resource.exists
           logger.trace "#{new_resource} task exists"
           if current_resource.task.status != "running"
@@ -1041,7 +1056,7 @@ class Chef
         end
       end
 
-      action :enable do
+      action :enable, description: "Enables a scheduled task." do
         if current_resource.exists
           logger.trace "#{new_resource} task exists"
           if current_resource.task.status == "not scheduled"
@@ -1058,7 +1073,7 @@ class Chef
         end
       end
 
-      action :disable do
+      action :disable, description: "Disables a scheduled task." do
         if current_resource.exists
           logger.info "#{new_resource} task exists"
           if %w{ready running}.include?(current_resource.task.status)

data/lib/chef/resource.rb

@@ -311,7 +311,7 @@ class Chef
     #   file '/foo.txt' do
     #     content 'hi'
     #     action :nothing
-    #     subscribes :create, '/bar.txt'
+    #     subscribes :create, bar
     #   end
     # @example Multiple resources by string
     #   file '/foo.txt' do
@@ -1096,7 +1096,7 @@ class Chef
     rescue NameError => e
       # This can happen when attempting to load a provider in a platform-specific
       # environment where we have not required the necessary files yet
-      raise unless e.message =~ /uninitialized constant/
+      raise unless /uninitialized constant/.match?(e.message)
     end
 
     # Define a method to load up this resource's properties with the current

data/lib/chef/resource_reporter.rb

@@ -34,7 +34,7 @@ class Chef
       as_hash["after"]    = new_resource.state_for_resource_reporter
       as_hash["before"]   = current_resource ? current_resource.state_for_resource_reporter : {}
       as_hash["duration"] = ( action_record.elapsed_time * 1000 ).to_i.to_s
-      as_hash["delta"]    = new_resource.diff if new_resource.respond_to?("diff")
+      as_hash["delta"]    = new_resource.diff if new_resource.respond_to?(:diff)
       as_hash["delta"]    = "" if as_hash["delta"].nil?
 
       # TODO: rename as "action"

data/lib/chef/run_lock.rb

@@ -144,7 +144,7 @@ class Chef
         # If we support FD_CLOEXEC, then use it.
         # NB: ruby-2.0.0-p195 sets FD_CLOEXEC by default, but not
         # ruby-1.8.7/1.9.3
-        if Fcntl.const_defined?("F_SETFD") && Fcntl.const_defined?("FD_CLOEXEC")
+        if Fcntl.const_defined?(:F_SETFD) && Fcntl.const_defined?(:FD_CLOEXEC)
           runlock.fcntl(Fcntl::F_SETFD, runlock.fcntl(Fcntl::F_GETFD, 0) | Fcntl::FD_CLOEXEC)
         end
         # Flock will return 0 if it can acquire the lock otherwise it

data/lib/chef/secret_fetcher/azure_key_vault.rb

@@ -1,5 +1,7 @@
 require_relative "base"
 require_relative "../exceptions"
+require "json" unless defined?(JSON)
+require "net/http" unless defined?(Net::HTTP)
 require "uri" unless defined?(URI)
 
 class Chef
@@ -57,7 +59,7 @@ class Chef
       end
 
       def validate!
-        raise Chef::Exceptions::Secret::ConfigurationInvalid, "You may only specify one (these are mutually exclusive): :object_id, :client_id, or :mi_res_id" if [object_id, client_id, mi_res_id].select { |x| !x.nil? }.length > 1
+        raise Chef::Exceptions::Secret::ConfigurationInvalid, "You may only specify one (these are mutually exclusive): :object_id, :client_id, or :mi_res_id" if [object_id, client_id, mi_res_id].count { |x| !x.nil? } > 1
       end
 
       private
@@ -121,7 +123,7 @@ class Chef
           body["access_token"]
         when Net::HTTPBadRequest
           body = JSON.parse(response.body)
-          raise Chef::Exceptions::Secret::Azure::IdentityNotFound if body["error_description"] =~ /identity not found/i
+          raise Chef::Exceptions::Secret::Azure::IdentityNotFound if /identity not found/i.match?(body["error_description"])
         else
           body = JSON.parse(response.body)
           body["access_token"]

data/lib/chef/secret_fetcher/hashi_vault.rb

@@ -31,6 +31,10 @@ class Chef
     # :auth_method - one of :iam_role, :token.  default: :iam_role
     # :vault_addr - the address of a running Vault instance, eg https://vault.example.com:8200
     #
+    # For `:approle`: one of `:approle_name` or `:approle_id`
+    #     `:approle_name`: The name of the approle to use for authentication.  When specified, associated `:approle_id` will be found via query to Vault instance.
+    #     `:approle_id`: The ID of the approle to use for authentication, requires `:approle_secret_id`
+    #     `:approle_secret_id`: The Vault `secret_id` associated with the provided `:approle_name` or `:approle_id`.  When specified, prevents need to create `:secret_id` with `:approle_name`.
     # For `:token` auth: `:token` - a Vault token valid for authentication.
     #
     # For `:iam_role`:  `:role_name` - the name of the role in Vault that was created
@@ -47,14 +51,25 @@ class Chef
     #
     # @example
     #
-    # fetcher = SecretFetcher.for_service(:hashi_vault, { role_name: "testing-role", vault_addr: https://localhost:8200}, run_context )
+    # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :iam_role, role_name: "testing-role", vault_addr: https://localhost:8200}, run_context )
     # fetcher.fetch("secretkey1")
     #
     # @example
     #
-    # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :token, token: "s.1234abcdef", vault_addr: https://localhost:8200}, run_context )
+    # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :token, token: "s.1234abcdef", vault_addr: https://localhost:8200}, approle: 'approle_name', run_context )
     # fetcher.fetch("secretkey1")
-    SUPPORTED_AUTH_TYPES = %i{iam_role token}.freeze
+    #
+    # @example
+    #
+    # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :approle, approle_id: "11111111-abcd-1111-abcd-111111111111", approle_secret_id: "22222222-abcd-2222-abcd-222222222222", vault_addr: https://localhost:8200}, run_context )
+    # fetcher.fetch("secretkey1")
+    #
+    # @example
+    #
+    # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :approle, approle_name: "testing-role", token: "s.1234abcdef", vault_addr: https://localhost:8200}, run_context )
+    # fetcher.fetch("secretkey1")
+    #
+    SUPPORTED_AUTH_TYPES = %i{approle iam_role token}.freeze
     class HashiVault < Base
 
       # Validate and authenticate the current session using the configured auth strategy and parameters
@@ -67,6 +82,25 @@ class Chef
         Vault.namespace = config[:namespace] unless config[:namespace].nil?
 
         case config[:auth_method]
+        when :approle
+          unless config[:approle_name] || config[:approle_id]
+            raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the :approle_name or :approle_id in the configuration with :auth_method set to :approle")
+          end
+
+          # When :approle_id and :approle_secret_id are both specified, all pieces are present which are needed to authenticate using an approle.
+          #  If either is missing, we need to authenticate to Vault to get the missing pieces with the :approle_name and optionally :token.
+          unless config[:approle_id] && config[:approle_secret_id]
+            if config[:approle_name].nil?
+              raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the :approle_name in the configuration when :approle_id and :approle_secret_id are not both present with :auth_method set to :approle")
+            end
+
+            Vault.token = config[:token] unless config[:token].nil?
+          end
+
+          approle_id = config[:approle_id] || Vault.approle.role_id(config[:approle_name])
+          approle_secret_id = config[:approle_secret_id] || Vault.approle.create_secret_id(config[:approle_name]).data[:secret_id]
+
+          Vault.auth.approle(approle_id, approle_secret_id)
         when :token
           if config[:token].nil?
             raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the token in the configuration as :token")

data/lib/chef/util/dsc/configuration_generator.rb

@@ -175,7 +175,7 @@ class Chef::Util::DSC
     end
 
     def get_configuration_document(document_path)
-      ::File.open(document_path, "rb", &:read)
+      ::File.binread(document_path)
     end
   end
 end

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("17.8.25")
+  VERSION = Chef::VersionString.new("17.9.46")
 end
 
 #

data/spec/functional/resource/archive_file_spec.rb

@@ -18,8 +18,9 @@
 require "spec_helper"
 require "tmpdir"
 
-# Exclude this test on platforms where ffi-libarchive loading is broken
-describe Chef::Resource::ArchiveFile, :libarchive_loading_broken do
+# AIX is broken, see https://github.com/chef/omnibus-software/issues/1566
+# Windows tests are disbled since we'd need libarchive on windows testers in buildkite for PRs
+describe Chef::Resource::ArchiveFile, :not_supported_on_aix, :not_supported_on_windows do
   include RecipeDSLHelper
 
   let(:tmp_path) { Dir.mktmpdir }

data/spec/functional/resource/cookbook_file_spec.rb

@@ -25,7 +25,7 @@ describe Chef::Resource::CookbookFile do
   let(:source) { "java.response" }
   let(:cookbook_name) { "java" }
   let(:expected_content) do
-    content = File.open(File.join(CHEF_SPEC_DATA, "cookbooks", "java", "files", "default", "java.response"), "rb", &:read)
+    content = File.binread(File.join(CHEF_SPEC_DATA, "cookbooks", "java", "files", "default", "java.response"))
     content.force_encoding(Encoding::BINARY) if content.respond_to?(:force_encoding)
     content
   end