chef 17.9.52 → 18.0.169
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +16 -8
- data/README.md +7 -7
- data/Rakefile +5 -24
- data/{chef-universal-mingw32.gemspec → chef-universal-mingw-ucrt.gemspec} +7 -5
- data/chef.gemspec +14 -7
- data/lib/chef/api_client.rb +1 -1
- data/lib/chef/api_client_v1.rb +9 -1
- data/lib/chef/application/exit_code.rb +3 -3
- data/lib/chef/client.rb +167 -0
- data/lib/chef/compliance/input.rb +1 -1
- data/lib/chef/compliance/input_collection.rb +1 -1
- data/lib/chef/compliance/profile.rb +1 -1
- data/lib/chef/compliance/profile_collection.rb +1 -2
- data/lib/chef/compliance/waiver.rb +1 -1
- data/lib/chef/compliance/waiver_collection.rb +1 -1
- data/lib/chef/cookbook/syntax_check.rb +2 -2
- data/lib/chef/dsl/reader_helpers.rb +1 -1
- data/lib/chef/dsl/rest_resource.rb +77 -0
- data/lib/chef/dsl/secret.rb +113 -5
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +8 -0
- data/lib/chef/http/authenticator.rb +170 -3
- data/lib/chef/http/ssl_policies.rb +3 -3
- data/lib/chef/mixin/powershell_exec.rb +5 -28
- data/lib/chef/mixin/properties.rb +6 -0
- data/lib/chef/node/attribute.rb +20 -3
- data/lib/chef/node/mixin/deep_merge_cache.rb +4 -4
- data/lib/chef/node/mixin/immutablize_array.rb +1 -0
- data/lib/chef/policy_builder/expand_node_object.rb +1 -2
- data/lib/chef/policy_builder/policyfile.rb +1 -1
- data/lib/chef/property.rb +5 -3
- data/lib/chef/provider/group/windows.rb +1 -1
- data/lib/chef/provider/http_request.rb +11 -9
- data/lib/chef/provider/mount/linux.rb +5 -0
- data/lib/chef/provider/mount/mount.rb +8 -0
- data/lib/chef/provider/mount/windows.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +1 -1
- data/lib/chef/provider/package/rubygems.rb +7 -7
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
- data/lib/chef/provider/package/yum/python_helper.rb +14 -1
- data/lib/chef/provider/package/zypper/version.rb +60 -0
- data/lib/chef/provider/package/zypper.rb +47 -3
- data/lib/chef/provider/service/windows.rb +5 -5
- data/lib/chef/provider/user/aix.rb +5 -0
- data/lib/chef/provider/user/linux.rb +29 -0
- data/lib/chef/provider/user/mac.rb +1 -1
- data/lib/chef/provider/user/windows.rb +2 -2
- data/lib/chef/provider/user.rb +45 -9
- data/lib/chef/provider.rb +1 -1
- data/lib/chef/recipe.rb +1 -1
- data/lib/chef/resource/_rest_resource.rb +389 -0
- data/lib/chef/resource/alternatives.rb +0 -1
- data/lib/chef/resource/apt_package.rb +0 -1
- data/lib/chef/resource/apt_preference.rb +0 -1
- data/lib/chef/resource/apt_repository.rb +0 -1
- data/lib/chef/resource/apt_update.rb +0 -1
- data/lib/chef/resource/archive_file.rb +0 -1
- data/lib/chef/resource/bash.rb +0 -1
- data/lib/chef/resource/batch.rb +0 -1
- data/lib/chef/resource/bff_package.rb +0 -1
- data/lib/chef/resource/breakpoint.rb +0 -1
- data/lib/chef/resource/build_essential.rb +0 -1
- data/lib/chef/resource/cab_package.rb +0 -1
- data/lib/chef/resource/chef_client_config.rb +17 -14
- data/lib/chef/resource/chef_client_cron.rb +1 -2
- data/lib/chef/resource/chef_client_launchd.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +3 -3
- data/lib/chef/resource/chef_client_systemd_timer.rb +0 -1
- data/lib/chef/resource/chef_client_trusted_certificate.rb +0 -1
- data/lib/chef/resource/chef_gem.rb +0 -1
- data/lib/chef/resource/chef_handler.rb +0 -1
- data/lib/chef/resource/chef_sleep.rb +1 -3
- data/lib/chef/resource/chef_vault_secret.rb +0 -1
- data/lib/chef/resource/chocolatey_config.rb +0 -1
- data/lib/chef/resource/chocolatey_feature.rb +0 -1
- data/lib/chef/resource/chocolatey_package.rb +0 -1
- data/lib/chef/resource/chocolatey_source.rb +0 -1
- data/lib/chef/resource/cookbook_file.rb +0 -1
- data/lib/chef/resource/cron/_cron_shared.rb +0 -1
- data/lib/chef/resource/cron/cron.rb +0 -1
- data/lib/chef/resource/cron/cron_d.rb +15 -1
- data/lib/chef/resource/cron_access.rb +0 -1
- data/lib/chef/resource/csh.rb +0 -1
- data/lib/chef/resource/directory.rb +0 -1
- data/lib/chef/resource/dmg_package.rb +0 -1
- data/lib/chef/resource/dnf_package.rb +0 -1
- data/lib/chef/resource/dpkg_package.rb +0 -1
- data/lib/chef/resource/dsc_resource.rb +0 -1
- data/lib/chef/resource/dsc_script.rb +0 -1
- data/lib/chef/resource/execute.rb +0 -1
- data/lib/chef/resource/file.rb +0 -1
- data/lib/chef/resource/freebsd_package.rb +0 -1
- data/lib/chef/resource/gem_package.rb +0 -1
- data/lib/chef/resource/group.rb +25 -2
- data/lib/chef/resource/habitat/habitat_package.rb +0 -1
- data/lib/chef/resource/habitat/habitat_sup.rb +6 -7
- data/lib/chef/resource/habitat/habitat_sup_windows.rb +1 -1
- data/lib/chef/resource/habitat_config.rb +0 -1
- data/lib/chef/resource/habitat_install.rb +0 -1
- data/lib/chef/resource/habitat_service.rb +0 -1
- data/lib/chef/resource/habitat_user_toml.rb +0 -1
- data/lib/chef/resource/homebrew_cask.rb +0 -1
- data/lib/chef/resource/homebrew_package.rb +0 -1
- data/lib/chef/resource/homebrew_tap.rb +0 -1
- data/lib/chef/resource/homebrew_update.rb +0 -2
- data/lib/chef/resource/hostname.rb +0 -1
- data/lib/chef/resource/http_request.rb +0 -1
- data/lib/chef/resource/ifconfig.rb +0 -1
- data/lib/chef/resource/inspec_input.rb +0 -1
- data/lib/chef/resource/inspec_waiver.rb +0 -1
- data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -3
- data/lib/chef/resource/ips_package.rb +0 -1
- data/lib/chef/resource/kernel_module.rb +0 -1
- data/lib/chef/resource/ksh.rb +0 -1
- data/lib/chef/resource/launchd.rb +0 -1
- data/lib/chef/resource/link.rb +0 -1
- data/lib/chef/resource/locale.rb +1 -2
- data/lib/chef/resource/log.rb +0 -1
- data/lib/chef/resource/lwrp_base.rb +0 -4
- data/lib/chef/resource/macos_userdefaults.rb +0 -1
- data/lib/chef/resource/macosx_service.rb +0 -1
- data/lib/chef/resource/macports_package.rb +0 -1
- data/lib/chef/resource/mdadm.rb +0 -1
- data/lib/chef/resource/mount.rb +0 -1
- data/lib/chef/resource/msu_package.rb +0 -1
- data/lib/chef/resource/notify_group.rb +0 -2
- data/lib/chef/resource/ohai.rb +0 -1
- data/lib/chef/resource/ohai_hint.rb +0 -1
- data/lib/chef/resource/openbsd_package.rb +0 -1
- data/lib/chef/resource/openssl_dhparam.rb +0 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +0 -2
- data/lib/chef/resource/openssl_ec_public_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_public_key.rb +0 -2
- data/lib/chef/resource/openssl_x509_certificate.rb +0 -2
- data/lib/chef/resource/openssl_x509_crl.rb +0 -2
- data/lib/chef/resource/openssl_x509_request.rb +0 -2
- data/lib/chef/resource/osx_profile.rb +0 -1
- data/lib/chef/resource/package.rb +0 -1
- data/lib/chef/resource/pacman_package.rb +0 -1
- data/lib/chef/resource/paludis_package.rb +0 -1
- data/lib/chef/resource/perl.rb +0 -1
- data/lib/chef/resource/plist.rb +7 -3
- data/lib/chef/resource/portage_package.rb +0 -1
- data/lib/chef/resource/powershell_package.rb +0 -1
- data/lib/chef/resource/powershell_package_source.rb +0 -1
- data/lib/chef/resource/powershell_script.rb +0 -1
- data/lib/chef/resource/python.rb +0 -1
- data/lib/chef/resource/reboot.rb +0 -1
- data/lib/chef/resource/registry_key.rb +0 -1
- data/lib/chef/resource/remote_directory.rb +0 -1
- data/lib/chef/resource/remote_file.rb +0 -1
- data/lib/chef/resource/rhsm_errata.rb +0 -1
- data/lib/chef/resource/rhsm_errata_level.rb +0 -1
- data/lib/chef/resource/rhsm_register.rb +17 -1
- data/lib/chef/resource/rhsm_repo.rb +0 -1
- data/lib/chef/resource/rhsm_subscription.rb +0 -1
- data/lib/chef/resource/route.rb +0 -1
- data/lib/chef/resource/rpm_package.rb +0 -1
- data/lib/chef/resource/ruby.rb +0 -1
- data/lib/chef/resource/ruby_block.rb +0 -1
- data/lib/chef/resource/scm/_scm.rb +0 -2
- data/lib/chef/resource/scm/git.rb +0 -2
- data/lib/chef/resource/scm/subversion.rb +0 -2
- data/lib/chef/resource/script.rb +0 -1
- data/lib/chef/resource/selinux/common_helpers.rb +47 -0
- data/lib/chef/resource/selinux/selinux_debian.erb +18 -0
- data/lib/chef/resource/selinux/selinux_default.erb +15 -0
- data/lib/chef/resource/selinux_boolean.rb +101 -0
- data/lib/chef/resource/selinux_fcontext.rb +160 -0
- data/lib/chef/resource/selinux_install.rb +107 -0
- data/lib/chef/resource/selinux_module.rb +143 -0
- data/lib/chef/resource/selinux_permissive.rb +64 -0
- data/lib/chef/resource/selinux_port.rb +118 -0
- data/lib/chef/resource/selinux_state.rb +166 -0
- data/lib/chef/resource/service.rb +0 -1
- data/lib/chef/resource/smartos_package.rb +0 -1
- data/lib/chef/resource/snap_package.rb +0 -1
- data/lib/chef/resource/solaris_package.rb +0 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +0 -1
- data/lib/chef/resource/sudo.rb +0 -1
- data/lib/chef/resource/support/client.erb +3 -4
- data/lib/chef/resource/swap_file.rb +0 -1
- data/lib/chef/resource/sysctl.rb +1 -2
- data/lib/chef/resource/systemd_unit.rb +0 -1
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +0 -1
- data/lib/chef/resource/user/aix_user.rb +0 -1
- data/lib/chef/resource/user/linux_user.rb +0 -1
- data/lib/chef/resource/user/mac_user.rb +0 -1
- data/lib/chef/resource/user/pw_user.rb +0 -1
- data/lib/chef/resource/user/solaris_user.rb +0 -1
- data/lib/chef/resource/user/windows_user.rb +0 -1
- data/lib/chef/resource/user.rb +10 -1
- data/lib/chef/resource/user_ulimit.rb +0 -1
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +0 -1
- data/lib/chef/resource/windows_ad_join.rb +0 -2
- data/lib/chef/resource/windows_audit_policy.rb +0 -2
- data/lib/chef/resource/windows_auto_run.rb +0 -1
- data/lib/chef/resource/windows_certificate.rb +54 -43
- data/lib/chef/resource/windows_defender.rb +0 -1
- data/lib/chef/resource/windows_defender_exclusion.rb +0 -1
- data/lib/chef/resource/windows_dfs_folder.rb +0 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
- data/lib/chef/resource/windows_dfs_server.rb +0 -1
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +0 -1
- data/lib/chef/resource/windows_feature.rb +0 -1
- data/lib/chef/resource/windows_feature_dism.rb +0 -1
- data/lib/chef/resource/windows_feature_powershell.rb +0 -1
- data/lib/chef/resource/windows_firewall_profile.rb +0 -2
- data/lib/chef/resource/windows_firewall_rule.rb +0 -1
- data/lib/chef/resource/windows_font.rb +2 -3
- data/lib/chef/resource/windows_package.rb +0 -1
- data/lib/chef/resource/windows_pagefile.rb +27 -22
- data/lib/chef/resource/windows_path.rb +0 -1
- data/lib/chef/resource/windows_printer.rb +0 -1
- data/lib/chef/resource/windows_printer_port.rb +0 -1
- data/lib/chef/resource/windows_script.rb +0 -2
- data/lib/chef/resource/windows_security_policy.rb +0 -1
- data/lib/chef/resource/windows_service.rb +0 -1
- data/lib/chef/resource/windows_share.rb +0 -1
- data/lib/chef/resource/windows_shortcut.rb +1 -2
- data/lib/chef/resource/windows_task.rb +0 -1
- data/lib/chef/resource/windows_uac.rb +0 -1
- data/lib/chef/resource/windows_update_settings.rb +0 -1
- data/lib/chef/resource/windows_user_privilege.rb +36 -27
- data/lib/chef/resource/windows_workgroup.rb +0 -1
- data/lib/chef/resource/yum_package.rb +0 -1
- data/lib/chef/resource/yum_repository.rb +0 -1
- data/lib/chef/resource/zypper_package.rb +0 -1
- data/lib/chef/resource/zypper_repository.rb +0 -1
- data/lib/chef/resource.rb +13 -5
- data/lib/chef/resources.rb +7 -0
- data/lib/chef/run_context.rb +19 -3
- data/lib/chef/secret_fetcher/azure_key_vault.rb +3 -3
- data/lib/chef/secret_fetcher/hashi_vault.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/handle.rb +6 -7
- data/lib/chef/win32/registry.rb +7 -3
- data/lib/chef/win32/version.rb +2 -1
- data/spec/data/rubygems.org/sexp_processor-info +2 -1
- data/spec/functional/resource/dnf_package_spec.rb +15 -0
- data/spec/functional/resource/dsc_script_spec.rb +1 -1
- data/spec/functional/resource/group_spec.rb +10 -6
- data/spec/functional/resource/link_spec.rb +8 -8
- data/spec/functional/resource/plist_spec.rb +25 -0
- data/spec/functional/resource/user/linux_user_spec.rb +127 -0
- data/spec/functional/resource/windows_certificate_spec.rb +15 -12
- data/spec/functional/resource/windows_font_spec.rb +11 -8
- data/spec/functional/resource/windows_pagefile_spec.rb +31 -4
- data/spec/functional/resource/yum_package_spec.rb +15 -0
- data/spec/functional/resource/zypper_package_spec.rb +12 -0
- data/spec/functional/shell_spec.rb +7 -2
- data/spec/functional/version_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +82 -3
- data/spec/integration/client/exit_code_spec.rb +1 -1
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +1 -1
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/remote_directory.rb +1 -1
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +2 -1
- data/spec/integration/solo/solo_spec.rb +2 -2
- data/spec/spec_helper.rb +1 -0
- data/spec/support/platform_helpers.rb +4 -0
- data/spec/support/ruby_installer.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +2 -2
- data/spec/unit/application/client_spec.rb +0 -10
- data/spec/unit/client_spec.rb +54 -2
- data/spec/unit/cookbook/syntax_check_spec.rb +3 -0
- data/spec/unit/daemon_spec.rb +1 -5
- data/spec/unit/dsl/secret_spec.rb +127 -23
- data/spec/unit/http/authenticator_spec.rb +68 -0
- data/spec/unit/mixin/powershell_exec_spec.rb +5 -5
- data/spec/unit/platform/query_helpers_spec.rb +2 -17
- data/spec/unit/provider/http_request_spec.rb +60 -72
- data/spec/unit/provider/mount/linux_spec.rb +10 -0
- data/spec/unit/provider/package/rubygems_spec.rb +2 -2
- data/spec/unit/provider/package/zypper_spec.rb +32 -0
- data/spec/unit/provider/user/linux_spec.rb +96 -1
- data/spec/unit/provider/user_spec.rb +24 -6
- data/spec/unit/resource/archive_file_spec.rb +1 -1
- data/spec/unit/resource/chef_client_config_spec.rb +8 -0
- data/spec/unit/resource/chef_client_cron_spec.rb +5 -0
- data/spec/unit/resource/chef_client_launchd_spec.rb +5 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +5 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +1 -1
- data/spec/unit/resource/cron_d_spec.rb +37 -1
- data/spec/unit/resource/rest_resource_spec.rb +381 -0
- data/spec/unit/resource/selinux_boolean_spec.rb +92 -0
- data/spec/unit/resource/selinux_fcontext_spec.rb +65 -0
- data/spec/unit/resource/selinux_install_spec.rb +60 -0
- data/spec/unit/resource/selinux_module_spec.rb +55 -0
- data/spec/unit/resource/selinux_permissive_spec.rb +39 -0
- data/spec/unit/resource/selinux_port_spec.rb +42 -0
- data/spec/unit/resource/selinux_state_spec.rb +46 -0
- data/spec/unit/resource/sysctl_spec.rb +2 -2
- data/spec/unit/resource/user/linux_user_spec.rb +42 -0
- data/spec/unit/resource_spec.rb +21 -1
- data/spec/unit/run_context_spec.rb +16 -0
- data/spec/unit/util/dsc/local_configuration_manager_spec.rb +1 -1
- data/tasks/rspec.rb +1 -1
- metadata +93 -21
@@ -23,8 +23,6 @@ class Chef
|
|
23
23
|
require_relative "../mixin/openssl_helper"
|
24
24
|
include Chef::Mixin::OpenSSLHelper
|
25
25
|
|
26
|
-
unified_mode true
|
27
|
-
|
28
26
|
provides(:openssl_dhparam) { true }
|
29
27
|
|
30
28
|
description "Use the **openssl_dhparam** resource to generate `dhparam.pem` files. If a valid `dhparam.pem` file is found at the specified location, no new file will be created. If a file is found at the specified location but it is not a valid `dhparam.pem` file, it will be overwritten."
|
@@ -24,8 +24,6 @@ class Chef
|
|
24
24
|
require_relative "../mixin/openssl_helper"
|
25
25
|
include Chef::Mixin::OpenSSLHelper
|
26
26
|
|
27
|
-
unified_mode true
|
28
|
-
|
29
27
|
provides :openssl_ec_private_key
|
30
28
|
|
31
29
|
description "Use the **openssl_ec_private_key** resource to generate an elliptic curve (EC) private key file. If a valid EC key file can be opened at the specified location, no new file will be created. If the EC key file cannot be opened, either because it does not exist or because the password to the EC key file does not match the password in the recipe, then it will be overwritten."
|
@@ -24,8 +24,6 @@ class Chef
|
|
24
24
|
require_relative "../mixin/openssl_helper"
|
25
25
|
include Chef::Mixin::OpenSSLHelper
|
26
26
|
|
27
|
-
unified_mode true
|
28
|
-
|
29
27
|
provides :openssl_ec_public_key
|
30
28
|
|
31
29
|
description "Use the **openssl_ec_public_key** resource to generate elliptic curve (EC) public key files from a given EC private key."
|
@@ -24,8 +24,6 @@ class Chef
|
|
24
24
|
require_relative "../mixin/openssl_helper"
|
25
25
|
include Chef::Mixin::OpenSSLHelper
|
26
26
|
|
27
|
-
unified_mode true
|
28
|
-
|
29
27
|
provides :openssl_x509_crl
|
30
28
|
|
31
29
|
description "Use the **openssl_x509_crl** resource to generate PEM-formatted x509 certificate revocation list (CRL) files."
|
@@ -24,8 +24,6 @@ class Chef
|
|
24
24
|
require_relative "../mixin/openssl_helper"
|
25
25
|
include Chef::Mixin::OpenSSLHelper
|
26
26
|
|
27
|
-
unified_mode true
|
28
|
-
|
29
27
|
provides :openssl_x509_request
|
30
28
|
|
31
29
|
description "Use the **openssl_x509_request** resource to generate PEM-formatted x509 certificates requests. If no existing key is specified, the resource will automatically generate a passwordless key with the certificate."
|
data/lib/chef/resource/perl.rb
CHANGED
data/lib/chef/resource/plist.rb
CHANGED
@@ -22,7 +22,6 @@ class Chef
|
|
22
22
|
class Resource
|
23
23
|
|
24
24
|
class PlistResource < Chef::Resource # we name this PlistResource to avoid confusion with Plist from the plist gem
|
25
|
-
unified_mode true
|
26
25
|
|
27
26
|
provides :plist
|
28
27
|
|
@@ -85,7 +84,7 @@ class Chef
|
|
85
84
|
converge_if_changed :path do
|
86
85
|
converge_by "create new plist: '#{new_resource.path}'" do
|
87
86
|
file new_resource.path do
|
88
|
-
content
|
87
|
+
content({}.to_plist)
|
89
88
|
owner new_resource.owner
|
90
89
|
group new_resource.group
|
91
90
|
mode new_resource.mode if property_is_set?(:mode)
|
@@ -189,7 +188,12 @@ class Chef
|
|
189
188
|
sep = " "
|
190
189
|
arg = case subcommand.to_s
|
191
190
|
when "add"
|
192
|
-
|
191
|
+
if value.is_a?(Hash)
|
192
|
+
sep = ":"
|
193
|
+
value.map { |k, v| "#{k} #{type_to_commandline_string(v)}" }
|
194
|
+
else
|
195
|
+
type_to_commandline_string(value)
|
196
|
+
end
|
193
197
|
when "set"
|
194
198
|
if value.is_a?(Hash)
|
195
199
|
sep = ":"
|
data/lib/chef/resource/python.rb
CHANGED
data/lib/chef/resource/reboot.rb
CHANGED
@@ -20,7 +20,6 @@ require_relative "../resource"
|
|
20
20
|
class Chef
|
21
21
|
class Resource
|
22
22
|
class RhsmErrata < Chef::Resource
|
23
|
-
unified_mode true
|
24
23
|
provides(:rhsm_errata) { true }
|
25
24
|
|
26
25
|
description "Use the **rhsm_errata** resource to install packages associated with a given Red Hat Subscription Manager Errata ID. This is helpful if packages to mitigate a single vulnerability must be installed on your hosts."
|
@@ -20,7 +20,6 @@ require_relative "../resource"
|
|
20
20
|
class Chef
|
21
21
|
class Resource
|
22
22
|
class RhsmErrataLevel < Chef::Resource
|
23
|
-
unified_mode true
|
24
23
|
provides(:rhsm_errata_level) { true }
|
25
24
|
|
26
25
|
description "Use the **rhsm_errata_level** resource to install all packages of a specified errata level from the Red Hat Subscription Manager. For example, you can ensure that all packages associated with errata marked at a 'Critical' security level are installed."
|
@@ -22,7 +22,6 @@ require "shellwords" unless defined?(Shellwords)
|
|
22
22
|
class Chef
|
23
23
|
class Resource
|
24
24
|
class RhsmRegister < Chef::Resource
|
25
|
-
unified_mode true
|
26
25
|
provides(:rhsm_register) { true }
|
27
26
|
|
28
27
|
description "Use the **rhsm_register** resource to register a node with the Red Hat Subscription Manager or a local Red Hat Satellite server."
|
@@ -118,12 +117,17 @@ class Chef
|
|
118
117
|
end
|
119
118
|
end
|
120
119
|
|
120
|
+
package flush_package_cache_name do
|
121
|
+
action :nothing
|
122
|
+
end
|
123
|
+
|
121
124
|
execute "Register to RHSM" do
|
122
125
|
sensitive new_resource.sensitive
|
123
126
|
command register_command
|
124
127
|
default_env true
|
125
128
|
action :run
|
126
129
|
not_if { registered_with_rhsm? } unless new_resource.force
|
130
|
+
notifies :flush_cache, "package[#{flush_package_cache_name}]", :immediately
|
127
131
|
end
|
128
132
|
|
129
133
|
if new_resource.install_katello_agent && !new_resource.satellite_host.nil?
|
@@ -132,11 +136,16 @@ class Chef
|
|
132
136
|
end
|
133
137
|
|
134
138
|
action :unregister, description: "Unregister the node from RHSM." do
|
139
|
+
package flush_package_cache_name do
|
140
|
+
action :nothing
|
141
|
+
end
|
142
|
+
|
135
143
|
execute "Unregister from RHSM" do
|
136
144
|
command "subscription-manager unregister"
|
137
145
|
default_env true
|
138
146
|
action :run
|
139
147
|
only_if { registered_with_rhsm? }
|
148
|
+
notifies :flush_cache, "package[#{flush_package_cache_name}]", :immediately
|
140
149
|
notifies :run, "execute[Clean RHSM Config]", :immediately
|
141
150
|
end
|
142
151
|
|
@@ -148,6 +157,13 @@ class Chef
|
|
148
157
|
end
|
149
158
|
|
150
159
|
action_class do
|
160
|
+
#
|
161
|
+
# @return [String]
|
162
|
+
#
|
163
|
+
def flush_package_cache_name
|
164
|
+
"rhsm_register-#{new_resource.name}-flush_cache"
|
165
|
+
end
|
166
|
+
|
151
167
|
#
|
152
168
|
# @return [Symbol] dnf_package or yum_package depending on OS release
|
153
169
|
#
|
data/lib/chef/resource/route.rb
CHANGED
data/lib/chef/resource/ruby.rb
CHANGED
@@ -23,8 +23,6 @@ class Chef
|
|
23
23
|
class Git < Chef::Resource
|
24
24
|
use "scm"
|
25
25
|
|
26
|
-
unified_mode true
|
27
|
-
|
28
26
|
provides :git
|
29
27
|
|
30
28
|
description "Use the **git** resource to manage source control resources that exist in a git repository. git version 1.6.5 (or higher) is required to use all of the functionality in the git resource."
|
@@ -24,8 +24,6 @@ class Chef
|
|
24
24
|
class Subversion < Chef::Resource
|
25
25
|
use "scm"
|
26
26
|
|
27
|
-
unified_mode true
|
28
|
-
|
29
27
|
provides :subversion
|
30
28
|
|
31
29
|
description "Use the **subversion** resource to manage source control resources that exist in a Subversion repository. Warning: The subversion resource has known bugs and may not work as expected. For more information see Chef GitHub issues, particularly [#4050](https://github.com/chef/chef/issues/4050) and [#4257](https://github.com/chef/chef/issues/4257)."
|
data/lib/chef/resource/script.rb
CHANGED
@@ -0,0 +1,47 @@
|
|
1
|
+
#
|
2
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
3
|
+
# you may not use this file except in compliance with the License.
|
4
|
+
# You may obtain a copy of the License at
|
5
|
+
#
|
6
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
7
|
+
#
|
8
|
+
# Unless required by applicable law or agreed to in writing, software
|
9
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
10
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
11
|
+
# See the License for the specific language governing permissions and
|
12
|
+
# limitations under the License.
|
13
|
+
#
|
14
|
+
class Chef
|
15
|
+
module SELinux
|
16
|
+
module CommonHelpers
|
17
|
+
def selinux_disabled?
|
18
|
+
selinux_state.eql?(:disabled)
|
19
|
+
end
|
20
|
+
|
21
|
+
def selinux_enforcing?
|
22
|
+
selinux_state.eql?(:enforcing)
|
23
|
+
end
|
24
|
+
|
25
|
+
def selinux_permissive?
|
26
|
+
selinux_state.eql?(:permissive)
|
27
|
+
end
|
28
|
+
|
29
|
+
def state_change_reboot_required?
|
30
|
+
(selinux_disabled? && %i{enforcing permissive}.include?(action)) || ((selinux_enforcing? || selinux_permissive?) && action == :disabled)
|
31
|
+
end
|
32
|
+
|
33
|
+
def selinux_state
|
34
|
+
state = shell_out!("getenforce").stdout.strip.downcase.to_sym
|
35
|
+
raise "Got unknown SELinux state #{state}" unless %i{disabled enforcing permissive}.include?(state)
|
36
|
+
|
37
|
+
state
|
38
|
+
end
|
39
|
+
|
40
|
+
def selinux_activate_required?
|
41
|
+
return false unless platform_family?("debian")
|
42
|
+
|
43
|
+
!File.read("/etc/default/grub").match?("security=selinux")
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
# Generated by Chef for <%= node['fqdn'] %>
|
2
|
+
# Do NOT modify this file by hand.
|
3
|
+
#
|
4
|
+
|
5
|
+
# This file controls the state of SELinux on the system.
|
6
|
+
# SELINUX= can take one of these three values:
|
7
|
+
# enforcing - SELinux security policy is enforced.
|
8
|
+
# permissive - SELinux prints warnings instead of enforcing.
|
9
|
+
# disabled - No SELinux policy is loaded.
|
10
|
+
SELINUX=<%= @selinux %>
|
11
|
+
# SELINUXTYPE= can take one of these three values:
|
12
|
+
# default - equivalent to the old strict and targeted policies
|
13
|
+
# mls - Multi-Level Security (for military and educational use)
|
14
|
+
# src - Custom policy built from source
|
15
|
+
SELINUXTYPE=<%= @selinuxtype %>
|
16
|
+
|
17
|
+
# SETLOCALDEFS= Check local definition changes
|
18
|
+
SETLOCALDEFS=0
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# Generated by Chef for <%= node['fqdn'] %>
|
2
|
+
# Do NOT modify this file by hand.
|
3
|
+
#
|
4
|
+
|
5
|
+
# This file controls the state of SELinux on the system.
|
6
|
+
# SELINUX= can take one of these three values:
|
7
|
+
# enforcing - SELinux security policy is enforced.
|
8
|
+
# permissive - SELinux prints warnings instead of enforcing.
|
9
|
+
# disabled - No SELinux policy is loaded.
|
10
|
+
SELINUX=<%= @selinux %>
|
11
|
+
# SELINUXTYPE= can take one of these three values:
|
12
|
+
# targeted - Targeted processes are protected,
|
13
|
+
# minimum - Modification of targeted policy. Only selected processes are protected.
|
14
|
+
# mls - Multi Level Security protection.
|
15
|
+
SELINUXTYPE=<%= @selinuxtype %>
|
@@ -0,0 +1,101 @@
|
|
1
|
+
#
|
2
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
3
|
+
# you may not use this file except in compliance with the License.
|
4
|
+
# You may obtain a copy of the License at
|
5
|
+
#
|
6
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
7
|
+
#
|
8
|
+
# Unless required by applicable law or agreed to in writing, software
|
9
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
10
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
11
|
+
# See the License for the specific language governing permissions and
|
12
|
+
# limitations under the License.
|
13
|
+
#
|
14
|
+
|
15
|
+
require_relative "../resource"
|
16
|
+
require_relative "selinux/common_helpers"
|
17
|
+
|
18
|
+
class Chef
|
19
|
+
class Resource
|
20
|
+
class SelinuxBoolean < Chef::Resource
|
21
|
+
unified_mode true
|
22
|
+
|
23
|
+
provides :selinux_boolean
|
24
|
+
|
25
|
+
description "Use **selinux_boolean** resource to set SELinux boolean values."
|
26
|
+
introduced "18.0"
|
27
|
+
examples <<~DOC
|
28
|
+
**Set ssh_keysign to true**:
|
29
|
+
|
30
|
+
```ruby
|
31
|
+
selinux_boolean 'ssh_keysign' do
|
32
|
+
value true
|
33
|
+
end
|
34
|
+
```
|
35
|
+
|
36
|
+
**Set ssh_sysadm_login to 'on'**:
|
37
|
+
|
38
|
+
```ruby
|
39
|
+
selinux_boolean 'ssh_sysadm_login' do
|
40
|
+
value 'on'
|
41
|
+
end
|
42
|
+
```
|
43
|
+
DOC
|
44
|
+
|
45
|
+
property :boolean, String,
|
46
|
+
name_property: true,
|
47
|
+
description: "SELinux boolean to set."
|
48
|
+
|
49
|
+
property :value, [Integer, String, true, false],
|
50
|
+
required: true,
|
51
|
+
equal_to: %w{on off},
|
52
|
+
coerce: proc { |p| selinux_bool(p) },
|
53
|
+
description: "SELinux boolean value."
|
54
|
+
|
55
|
+
property :persistent, [true, false],
|
56
|
+
default: true,
|
57
|
+
desired_state: false,
|
58
|
+
description: "Set to true for value setting to survive reboot."
|
59
|
+
|
60
|
+
load_current_value do |new_resource|
|
61
|
+
value shell_out!("getsebool", new_resource.boolean).stdout.split("-->").map(&:strip).last
|
62
|
+
end
|
63
|
+
|
64
|
+
action_class do
|
65
|
+
include Chef::SELinux::CommonHelpers
|
66
|
+
end
|
67
|
+
|
68
|
+
action :set , description: "Set the state of the boolean." do
|
69
|
+
if selinux_disabled?
|
70
|
+
Chef::Log.warn("Unable to set SELinux boolean #{new_resource.name} as SELinux is disabled")
|
71
|
+
return
|
72
|
+
end
|
73
|
+
|
74
|
+
converge_if_changed do
|
75
|
+
cmd = "setsebool"
|
76
|
+
cmd += " -P" if new_resource.persistent
|
77
|
+
cmd += " #{new_resource.boolean} #{new_resource.value}"
|
78
|
+
|
79
|
+
shell_out!(cmd)
|
80
|
+
end
|
81
|
+
end
|
82
|
+
|
83
|
+
private
|
84
|
+
|
85
|
+
#
|
86
|
+
# Validate and return input boolean value in required format
|
87
|
+
# @param bool [String, Integer, Boolean] Input boolean value in allowed formats
|
88
|
+
#
|
89
|
+
# @return [String] [description] Boolean value in required format
|
90
|
+
def selinux_bool(bool)
|
91
|
+
if ["on", "true", "1", true, 1].include?(bool)
|
92
|
+
"on"
|
93
|
+
elsif ["off", "false", "0", false, 0].include?(bool)
|
94
|
+
"off"
|
95
|
+
else
|
96
|
+
raise ArgumentError, "selinux_bool: Invalid selinux boolean value #{bool}"
|
97
|
+
end
|
98
|
+
end
|
99
|
+
end
|
100
|
+
end
|
101
|
+
end
|