chef 17.9.52 → 17.10.95

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 944116661453cac4b29602c659f1f9ce7bb6e7c5b6742ab4d8982fdb7ccf9543
-  data.tar.gz: bbc55e863772d4e5d72d5936b2a034c43746502dea51734b9e1402b0055070e5
+  metadata.gz: cbd02b60802f0874cef53b37a8b8d5996600fdcb6c53c29263fe454b18bf0cb6
+  data.tar.gz: 70e96d302b07784e0b2fe4c93141f72510169f5a5456f6084d6d3f51fece3a33
 SHA512:
-  metadata.gz: bdb9b7dc0f162c740995850f6a32a32c618448cc5d475dba7d30acec38eaa2e98a259b3051f82d7ed63ba5000a9ac259b6c0643d1a7cc05b69bdb7d212d266f5
-  data.tar.gz: 17418b25e596b3bf1d9942357b99c23cf0e9ffdf3a74a57e1943d48c26f8efd410ca50fc1e64740c721e8a97761bcd3fe504a434ad80a2cb40f4adf3419b3b25
+  metadata.gz: f61a95453d1b50956c6c0b72552b3c8581b1707606589375352a0bdbbde54f7504c9a37d635b4ac2b2299ed33e75dfdec535ca2802b5be1e60a4ad1d33bf35b0
+  data.tar.gz: 0c8fbbd7634626b2178516af1df72274d352f789097b5fde508b38d00e98860c6c359f391a4c2bc2573ff257b63a7d5833937ef3e0c9b1a1ea1e709504093c41

data/Gemfile

@@ -15,12 +15,12 @@ else
   gem "chef-bin" # rubocop:disable Bundler/DuplicatedGem
 end
 
-gem "cheffish", "~> 17.0"
+gem "cheffish", "~> 17.0.0"
 
 group(:omnibus_package) do
   gem "appbundler"
   gem "rb-readline"
-  gem "inspec-core-bin", "~> 4.24" # need to provide the binaries for inspec
+  gem "inspec-core-bin", ">= 4.24" # need to provide the binaries for inspec
   gem "chef-vault"
 end
 

data/Rakefile

@@ -70,7 +70,7 @@ Bundler::GemHelper.install_tasks name: gemspec
 task :install do
   chef_bin_path = ::File.join(::File.dirname(__FILE__), "chef-bin")
   Dir.chdir(chef_bin_path) do
-    sh("rake install:force")
+    system "rake install:force"
   end
 end
 
@@ -80,7 +80,7 @@ namespace :install do
   task :local do
     chef_bin_path = ::File.join(::File.dirname(__FILE__), "chef-bin")
     Dir.chdir(chef_bin_path) do
-      sh("rake install:local")
+      system "rake install:local"
     end
   end
 end

data/chef-universal-mingw32.gemspec

@@ -11,10 +11,11 @@ gemspec.add_dependency "win32-mmap", "~> 0.4.1"
 gemspec.add_dependency "win32-mutex", "~> 0.4.2"
 gemspec.add_dependency "win32-process", "~> 0.9"
 gemspec.add_dependency "win32-service", ">= 2.1.5", "< 3.0"
-gemspec.add_dependency "wmi-lite", "~> 1.0"
 gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
+gemspec.add_dependency "win32-certstore", "~> 0.6.15"
+gemspec.add_dependency "wmi-lite", "~> 1.0"
 gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
-gemspec.add_dependency "win32-certstore", "~> 0.6.2" # 0.5+ required for specifying user vs. system store
+gemspec.add_dependency "chef-powershell", "~> 1.0.12" # 0.5+ required for specifying user vs. system store
 gemspec.extensions << "ext/win32-eventlog/Rakefile"
 gemspec.files += Dir.glob("{distro,ext}/**/*")
 

data/chef.gemspec

@@ -22,11 +22,11 @@ Gem::Specification.new do |s|
   s.email = "adam@chef.io"
   s.homepage = "https://www.chef.io"
 
-  s.required_ruby_version = ">= 2.6.0"
+  s.required_ruby_version = ">= 2.7.0"
 
   s.add_dependency "chef-config", "= #{Chef::VERSION}"
   s.add_dependency "chef-utils", "= #{Chef::VERSION}"
-  s.add_dependency "train-core", "~> 3.2", ">= 3.2.28" # 3.2.28 fixes sudo prompts. See https://github.com/chef/chef/pull/9635
+  s.add_dependency "train-core", "~> 3.10" # 3.2.28 fixes sudo prompts. See https://github.com/chef/chef/pull/9635
   s.add_dependency "train-winrm", ">= 0.2.5"
 
   s.add_dependency "license-acceptance", ">= 1.0.5", "< 3"
@@ -36,13 +36,13 @@ Gem::Specification.new do |s|
   s.add_dependency "mixlib-shellout", ">= 3.1.1", "< 4.0"
   s.add_dependency "mixlib-archive", ">= 0.4", "< 2.0"
   s.add_dependency "ohai", "~> 17.0"
-  s.add_dependency "inspec-core", "~> 4.23"
+  s.add_dependency "inspec-core", ">= 4.23"
 
-  s.add_dependency "ffi", ">= 1.5.0"
+  s.add_dependency "ffi", "~> 1.15.0"
   s.add_dependency "ffi-yajl", "~> 2.2"
-  s.add_dependency "net-sftp", ">= 2.1.2", "< 4.0" # remote_file resource
+  s.add_dependency "net-sftp", ">= 2.1.2", "< 5.0" # remote_file resource
   s.add_dependency "erubis", "~> 2.7" # template resource / cookbook syntax check
-  s.add_dependency "diff-lcs", ">= 1.2.4", "< 1.4.0" # 1.4 breaks output. Used in lib/chef/util/diff
+  s.add_dependency "diff-lcs", ">= 1.2.4", "!= 1.4.0", "< 1.6.0" # 1.4 breaks output. Used in lib/chef/util/diff
   s.add_dependency "ffi-libarchive", "~> 1.0", ">= 1.0.3" # archive_file resource
   s.add_dependency "chef-zero", ">= 14.0.11"
   s.add_dependency "chef-vault" # chef-vault resources and helpers

data/lib/chef/api_client.rb

@@ -196,7 +196,7 @@ class Chef
     end
 
     def reregister
-      reregistered_self = http_api.put("clients/#{name}", { name: name, admin: admin, validator: validator, private_key: true })
+      reregistered_self = http_api.put("clients/#{name}", name: name, admin: admin, validator: validator, private_key: true )
       if reregistered_self.respond_to?(:[])
         private_key(reregistered_self["private_key"])
       else

data/lib/chef/client.rb

@@ -326,12 +326,27 @@ class Chef
     def warn_if_eol
       require_relative "version"
 
+      # New Date format is YYYY-MM-DD or false
+      new_date = eol_override
+
       # We make a release every year so take the version you're on + 2006 and you get
       # the year it goes EOL
       eol_year = 2006 + Gem::Version.new(Chef::VERSION).segments.first
+      cut_off_date = !!new_date ? Time.parse(new_date) : Time.new(eol_year, 5, 01)
+
+      return if Time.now < cut_off_date
 
-      if Time.now > Time.new(eol_year, 5, 01)
-        logger.warn("This release of #{ChefUtils::Dist::Infra::PRODUCT} became end of life (EOL) on May 1st #{eol_year}. Please update to a supported release to receive new features, bug fixes, and security updates.")
+      logger.warn("This release of #{ChefUtils::Dist::Infra::PRODUCT} became end of life (EOL) on #{cut_off_date.strftime("%b %d, %Y")}. Please update to a supported release to receive new features, bug fixes, and security updates.")
+    end
+
+    def eol_override
+      # If you want to override the existing EOL date, add a file in the root of Chef
+      # put a date in it in the form of YYYY-DD-MM.
+      override_file = "EOL_override"
+      if File.exist?(override_file)
+        File.read(File.expand_path(override_file)).strip
+      else
+        false
       end
     end
 

data/lib/chef/compliance/input_collection.rb

@@ -40,7 +40,7 @@ class Chef
       def from_file(filename, cookbook_name)
         new_input = Input.from_file(events, filename, cookbook_name)
         self << new_input
-        events.compliance_input_loaded(new_input)
+        events&.compliance_input_loaded(new_input)
       end
 
       # Add a input from a raw hash.  This input will be enabled by default.

data/lib/chef/compliance/profile_collection.rb

@@ -41,7 +41,7 @@ class Chef
       def from_file(path, cookbook_name)
         new_profile = Profile.from_file(events, path, cookbook_name)
         self << new_profile
-        events.compliance_profile_loaded(new_profile)
+        events&.compliance_profile_loaded(new_profile)
       end
 
       # @return [Boolean] if any of the profiles are enabled

data/lib/chef/compliance/waiver_collection.rb

@@ -40,7 +40,7 @@ class Chef
       def from_file(filename, cookbook_name)
         new_waiver = Waiver.from_file(events, filename, cookbook_name)
         self << new_waiver
-        events.compliance_waiver_loaded(new_waiver)
+        events&.compliance_waiver_loaded(new_waiver)
       end
 
       # Add a waiver from a raw hash.  This waiver will be enabled by default.

data/lib/chef/dsl/secret.rb

@@ -21,6 +21,118 @@ class Chef
   module DSL
     module Secret
 
+      #
+      # This allows you to set the default secret service that is used when
+      # fetching secrets.
+      #
+      # @example
+      #
+      #   default_secret_service :hashi_vault
+      #   val1 = secret(name: "test1", config: { region: "us-west-1" })
+      #
+      # @example
+      #
+      #   default_secret_service #=> nil
+      #   default_secret_service :hashi_vault
+      #   default_secret_service #=> :hashi_vault
+      #
+      # @param [Symbol] service default secret service to use when fetching secrets
+      # @return [Symbol, nil] default secret service to use when fetching secrets
+      #
+      def default_secret_service(service = nil)
+        return run_context.default_secret_service if service.nil?
+        raise Chef::Exceptions::Secret::InvalidFetcherService.new("Unsupported secret service: #{service.inspect}", Chef::SecretFetcher::SECRET_FETCHERS) unless Chef::SecretFetcher::SECRET_FETCHERS.include?(service)
+
+        run_context.default_secret_service = service
+      end
+
+      #
+      # This allows you to set the secret service for the scope of the block
+      # passed into this method.
+      #
+      # @example
+      #
+      #   with_secret_service :hashi_vault do
+      #     val1 = secret(name: "test1", config: { region: "us-west-1" })
+      #     val2 = secret(name: "test2", config: { region: "us-west-1" })
+      #   end
+      #
+      # @example Combine with #with_secret_config
+      #
+      #   with_secret_service :hashi_vault do
+      #     with_secret_config region: "us-west-1" do
+      #       val1 = secret(name: "test1")
+      #       val2 = secret(name: "test2")
+      #     end
+      #   end
+      #
+      # @param [Symbol] service The default secret service to use when fetching secrets
+      #
+      def with_secret_service(service)
+        raise ArgumentError, "You must pass a block to #with_secret_service" unless block_given?
+
+        begin
+          old_service = default_secret_service
+          # Use "public" API for input validation
+          default_secret_service(service)
+          yield
+        ensure
+          # Use "private" API so we can set back to nil
+          run_context.default_secret_service = old_service
+        end
+      end
+
+      #
+      # This allows you to set the default secret config that is used when
+      # fetching secrets.
+      #
+      # @example
+      #
+      #   default_secret_config region: "us-west-1"
+      #   val1 = secret(name: "test1", service: :hashi_vault)
+      #
+      # @example
+      #
+      #   default_secret_config #=> {}
+      #   default_secret_service region: "us-west-1"
+      #   default_secret_service #=> { region: "us-west-1" }
+      #
+      # @param [Hash<Symbol,Object>] config The default configuration options to apply when fetching secrets
+      # @return [Hash<Symbol,Object>]
+      #
+      def default_secret_config(**config)
+        return run_context.default_secret_config if config.empty?
+
+        run_context.default_secret_config = config
+      end
+
+      #
+      # This allows you to set the secret config for the scope of the block
+      # passed into this method.
+      #
+      # @example
+      #
+      #   with_secret_config region: "us-west-1" do
+      #     val1 = secret(name: "test1", service: :hashi_vault)
+      #     val2 = secret(name: "test2", service: :hashi_vault)
+      #   end
+      #
+      # @param [Hash<Symbol,Object>] config The default configuration options to use when fetching secrets
+      #
+      def with_secret_config(**config)
+        raise ArgumentError, "You must pass a block to #with_secret_config" unless block_given?
+
+        begin
+          old_config = default_secret_config
+          # Use "public" API for input validation
+          default_secret_config(**config)
+          yield
+        ensure
+          # Use "private" API so we can set back to nil
+          run_context.default_secret_config = old_config
+        end
+      end
+
       # Helper method which looks up a secret using the given service and configuration,
       # and returns the retrieved secret value.
       # This DSL providers a wrapper around [Chef::SecretFetcher]
@@ -49,11 +161,7 @@ class Chef
       #
       #   value = secret(name: "test1", service: :aws_secrets_manager, version: "v1", config: { region: "us-west-1" })
       #   log "My secret is #{value}"
-      def secret(name: nil, version: nil, service: nil, config: {})
-        Chef::Log.warn <<~EOM.gsub("\n", " ")
-          The secrets Chef Infra language helper is currently in beta. If you have feedback or you would
-          like to be part of the future design of this helper e-mail us at secrets_management_beta@progress.com"
-        EOM
+      def secret(name: nil, version: nil, service: default_secret_service, config: default_secret_config)
         sensitive(true) if is_a?(Chef::Resource)
         Chef::SecretFetcher.for_service(service, config, run_context).fetch(name, version)
       end

data/lib/chef/mixin/checksum.rb

@@ -31,6 +31,12 @@ class Chef
 
         checksum.slice(0, 6)
       end
+
+      def checksum_match?(ref_checksum, diff_checksum)
+        return false if ref_checksum.nil? || diff_checksum.nil?
+
+        ref_checksum.casecmp?(diff_checksum)
+      end
     end
   end
 end

data/lib/chef/mixin/properties.rb

@@ -274,6 +274,12 @@ class Chef
           result
         end
 
+        # This method returns list of sensitive properties
+        # @return [Array<Property>] All sensitive properties.
+        def sensitive_properties
+          properties.values.empty? ? [] : properties.values.select(&:sensitive?)
+        end
+
         # Returns the name of the name property.  Returns nil if there is no name property.
         #
         # @return [Symbol] the name property for this resource

data/lib/chef/node/attribute.rb

@@ -452,17 +452,34 @@ class Chef
       # method-style access to attributes (has to come after the prepended ImmutablizeHash)
 
       def read(*path)
-        merged_attributes.read(*path)
+        if path[0].nil?
+          Chef::Log.warn "Calling node.read() without any path argument is very slow, probably a bug, and should be avoided"
+          merged_attributes.read(*path) # re-merges everything, slow edge case
+        else
+          self[path[0]] unless path[0].nil? # force deep_merge_cache key construction if necessary
+          deep_merge_cache.read(*path)
+        end
       end
 
       alias :dig :read
 
       def read!(*path)
-        merged_attributes.read!(*path)
+        if path[0].nil?
+          Chef::Log.warn "Calling node.read!() without any path argument is very slow, probably a bug, and should be avoided"
+          merged_attributes.read!(*path) # re-merges everything, slow edge case
+        else
+          self[path[0]] unless path[0].nil? # force deep_merge_cache key construction if necessary
+          deep_merge_cache.read!(*path)
+        end
       end
 
       def exist?(*path)
-        merged_attributes.exist?(*path)
+        if path[0].nil?
+          true
+        else
+          self[path[0]] unless path[0].nil? # force deep_merge_cache key construction if necessary
+          deep_merge_cache.exist?(*path)
+        end
       end
 
       def write(level, *args, &block)

data/lib/chef/node/mixin/deep_merge_cache.rb

@@ -30,7 +30,7 @@ class Chef
           @merged_attributes = nil
           @combined_override = nil
           @combined_default = nil
-          @deep_merge_cache = {}
+          @deep_merge_cache = Chef::Node::ImmutableMash.new
         end
 
         # Invalidate a key in the deep_merge_cache.  If called with nil, or no arg, this will invalidate
@@ -39,9 +39,9 @@ class Chef
         # must invalidate the entire cache and re-deep-merge the entire node object.
         def reset_cache(path = nil)
           if path.nil?
-            deep_merge_cache.clear
+            deep_merge_cache.regular_clear
           else
-            deep_merge_cache.delete(path.to_s)
+            deep_merge_cache.regular_delete(path.to_s)
           end
         end
 
@@ -53,7 +53,7 @@ class Chef
                   deep_merge_cache[key.to_s]
                 else
                   # save all the work of computing node[key]
-                  deep_merge_cache[key.to_s] = merged_attributes(key)
+                  deep_merge_cache.internal_set(key.to_s, merged_attributes(key))
                 end
           ret = ret.call while ret.is_a?(::Chef::DelayedEvaluator)
           ret

data/lib/chef/policy_builder/expand_node_object.rb

@@ -248,8 +248,7 @@ class Chef
       end
 
       def api_service
-        @api_service ||= Chef::ServerAPI.new(config[:chef_server_url],
-          { version_class: Chef::CookbookManifestVersions })
+        @api_service ||= Chef::ServerAPI.new(config[:chef_server_url], version_class: Chef::CookbookManifestVersions )
       end
 
       def config

data/lib/chef/policy_builder/policyfile.rb

@@ -507,7 +507,7 @@ class Chef
       # @api private
       def api_service
         @api_service ||= Chef::ServerAPI.new(config[:chef_server_url],
-          { version_class: Chef::CookbookManifestVersions })
+          version_class: Chef::CookbookManifestVersions)
       end
 
       # @api private

data/lib/chef/provider/file.rb

@@ -336,7 +336,7 @@ class Chef
       end
 
       def do_validate_content
-        if new_resource.checksum && tempfile && ( new_resource.checksum != tempfile_checksum )
+        if new_resource.checksum && tempfile && !checksum_match?(new_resource.checksum, tempfile_checksum)
           raise Chef::Exceptions::ChecksumMismatch.new(short_cksum(new_resource.checksum), short_cksum(tempfile_checksum))
         end
 
@@ -450,7 +450,7 @@ class Chef
 
       def contents_changed?
         logger.trace "calculating checksum of #{tempfile.path} to compare with #{current_resource.checksum}"
-        tempfile_checksum != current_resource.checksum
+        !checksum_match?(tempfile_checksum, current_resource.checksum)
       end
 
       def tempfile

data/lib/chef/provider/package/chocolatey.rb

@@ -130,6 +130,21 @@ class Chef
         # install from, but like the rubygem provider's sources which are more like repos.
         def check_resource_semantics!; end
 
+        def self.get_choco_version
+          @get_choco_version ||= powershell_exec!("choco --version").result
+        end
+
+        # Choco V2 uses 'Search' for remote repositories and 'List' for local packages
+        def self.query_command
+          return "list" if get_choco_version.match?(/^1/)
+
+          "search"
+        end
+
+        def query_command
+          self.class.query_command
+        end
+
         private
 
         def version_compare(v1, v2)
@@ -225,7 +240,7 @@ class Chef
           package_name_array.each do |pkg|
             available_versions =
               begin
-                cmd = [ "list", "-r", pkg ]
+                cmd = [ query_command, "-r", pkg ]
                 cmd += common_options
                 cmd.push( new_resource.list_options ) if new_resource.list_options
 
@@ -242,6 +257,8 @@ class Chef
         # Installed packages in chocolatey as a Hash of names mapped to versions
         # (names are downcased for case-insensitive matching)
         #
+        # Beginning with Choco 2.0, "list" returns local packages only while "search" returns packages from external package sources
+        #
         # @return [Hash] name-to-version mapping of installed packages
         def installed_packages
           @installed_packages ||= Hash[*parse_list_output("list", "-l", "-r").flatten]

data/lib/chef/provider/package/powershell.rb

@@ -56,7 +56,7 @@ class Chef
           names.each_with_index do |name, index|
             cmd = powershell_exec(build_powershell_package_command("Install-Package '#{name}'", versions[index]), timeout: new_resource.timeout)
             next if cmd.nil?
-            raise Chef::Exceptions::PowershellCmdletException, "Failed to install package due to catalog signing error, use skip_publisher_check to force install" if /SkipPublisherCheck/.match?(cmd.error)
+            raise Chef::Exceptions::PowershellCmdletException, "Failed to install package due to catalog signing error, use skip_publisher_check to force install" if /SkipPublisherCheck/.match?(cmd.error!)
           end
         end
 

data/lib/chef/provider/package/rubygems.rb

@@ -214,7 +214,7 @@ class Chef
           def install(gem_dependency, options = {})
             with_gem_sources(*options.delete(:sources)) do
               with_correct_verbosity do
-                dependency_installer(options).install(gem_dependency)
+                dependency_installer(**options).install(gem_dependency)
               end
             end
           end
@@ -228,7 +228,7 @@ class Chef
           def uninstall(gem_name, gem_version = nil, opts = {})
             gem_version ? opts[:version] = gem_version : opts[:all] = true
             with_correct_verbosity do
-              uninstaller(gem_name, opts).uninstall
+              uninstaller(gem_name, **opts).uninstall
             end
           end
 
@@ -240,12 +240,12 @@ class Chef
             yield
           end
 
-          def dependency_installer(opts = {})
-            Gem::DependencyInstaller.new(opts)
+          def dependency_installer(**opts)
+            Gem::DependencyInstaller.new(**opts)
           end
 
-          def uninstaller(gem_name, opts = {})
-            Gem::Uninstaller.new(gem_name, DEFAULT_UNINSTALLER_OPTS.merge(opts))
+          def uninstaller(gem_name, **opts)
+            Gem::Uninstaller.new(gem_name, **DEFAULT_UNINSTALLER_OPTS.merge(opts))
           end
 
           private

data/lib/chef/provider/package/windows.rb

@@ -38,7 +38,7 @@ class Chef
         def define_resource_requirements
           if new_resource.checksum
             requirements.assert(:install) do |a|
-              a.assertion { new_resource.checksum == checksum(source_location) }
+              a.assertion { checksum_match?(new_resource.checksum, checksum(source_location)) }
               a.failure_message Chef::Exceptions::Package, "Checksum on resource (#{short_cksum(new_resource.checksum)}) does not match checksum on content (#{short_cksum(source_location)})"
             end
           end

data/lib/chef/provider/package/yum/python_helper.rb

@@ -178,7 +178,20 @@ class Chef
           #
           # @api private
           def combine_args(provides, version, arch)
-            provides = provides.dup
+            provides = provides.to_s.strip
+            version = if !version.nil? && !version.empty?
+                        version.to_s.strip
+                      end
+            arch = if !arch.nil? && !arch.empty?
+                     arch.to_s.strip
+                   end
+            if version =~ /^[><=]/
+              if arch
+                return { "provides" => "#{provides}.#{arch} #{version}" }
+              else
+                return { "provides" => "#{provides} #{version}" }
+              end
+            end
             maybe_arch = provides.rpartition(".").last
             if is_arch?(maybe_arch)
               arch = maybe_arch

data/lib/chef/provider/service/windows.rb

@@ -183,7 +183,7 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service
     end
 
     converge_by("create service #{new_resource.service_name}") do
-      Win32::Service.new(windows_service_config)
+      Win32::Service.new(**windows_service_config)
     end
 
     converge_delayed_start
@@ -209,7 +209,7 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service
     converge_if_changed :service_type, :startup_type, :error_control,
       :binary_path_name, :load_order_group, :dependencies,
       :run_as_user, :display_name, :description do
-        Win32::Service.configure(windows_service_config(:configure))
+        Win32::Service.configure(**windows_service_config(:configure))
       end
 
     converge_delayed_start
@@ -268,7 +268,7 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service
       password: new_resource.run_as_password,
     }.reject { |k, v| v.nil? || v.length == 0 }
 
-    Win32::Service.configure(new_config)
+    Win32::Service.configure(**new_config)
     logger.info "#{new_resource} configured."
 
     grant_service_logon(new_resource.run_as_user) if new_resource.run_as_user != "localsystem"
@@ -395,7 +395,7 @@ class Chef::Provider::Service::Windows < Chef::Provider::Service
       config[:service_name]  = new_resource.service_name
       config[:delayed_start] = new_resource.delayed_start ? 1 : 0
 
-      Win32::Service.configure(config)
+      Win32::Service.configure(**config)
     end
   end
 

data/lib/chef/provider/user/windows.rb

@@ -78,11 +78,11 @@ class Chef
         end
 
         def create_user
-          @net_user.add(set_options)
+          @net_user.add(**set_options)
         end
 
         def manage_user
-          @net_user.update(set_options)
+          @net_user.update(**set_options)
         end
 
         def remove_user

data/lib/chef/provider/user.rb

@@ -117,7 +117,11 @@ class Chef
           new_val = new_resource.send(user_attrib)
           cur_val = current_resource.send(user_attrib)
           if !new_val.nil? && new_val.to_s != cur_val.to_s
-            @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
+            if user_attrib.to_s == "password" && new_resource.sensitive
+              @change_desc << "change #{user_attrib} from ******** to ********"
+            else
+              @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
+            end
           end
         end
 

data/lib/chef/resource/chef_client_config.rb

@@ -209,6 +209,10 @@ class Chef
         description: %q(An array of hashes that contain a report handler class and the arguments to pass to that class on initialization. The hash should include `class` and `argument` keys where `class` is a String and `argument` is an array of quoted String values. For example: `[{'class' => 'MyHandler', %w('"argument1"', '"argument2"')}]`),
         default: []
 
+      property :rubygems_url, [String, Array],
+        description: "The location to source rubygems. It can be set to a string or array of strings for URIs to set as rubygems sources. This allows individuals to setup an internal mirror of rubygems for “airgapped” environments.",
+        introduced: "17.11"
+
       property :exception_handlers, Array,
         description: %q(An array of hashes that contain a exception handler class and the arguments to pass to that class on initialization. The hash should include `class` and `argument` keys where `class` is a String and `argument` is an array of quoted String values. For example: `[{'class' => 'MyHandler', %w('"argument1"', '"argument2"')}]`),
         default: []
@@ -297,6 +301,7 @@ class Chef
             policy_group: new_resource.policy_group,
             policy_name: new_resource.policy_name,
             report_handlers: format_handler(new_resource.report_handlers),
+            rubygems_url: new_resource.rubygems_url,
             ssl_verify_mode: new_resource.ssl_verify_mode,
             start_handlers: format_handler(new_resource.start_handlers),
             additional_config: new_resource.additional_config,

data/lib/chef/resource/locale.rb

@@ -113,8 +113,11 @@ class Chef
           end
 
           requirements.assert(:all_actions) do |a|
-            # RHEL/CentOS type platforms don't have locale-gen
-            a.assertion { shell_out("locale-gen") }
+            a.assertion do
+              # RHEL/CentOS type platforms don't have locale-gen
+              # Windows has locale-gen as part of the install, but not in the path
+              which("locale-gen") || windows?
+            end
             a.failure_message(Chef::Exceptions::ProviderNotFound, "The locale resource requires the locale-gen tool")
           end
         end