chef 17.9.52 → 18.0.169
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +16 -8
- data/README.md +7 -7
- data/Rakefile +5 -24
- data/{chef-universal-mingw32.gemspec → chef-universal-mingw-ucrt.gemspec} +7 -5
- data/chef.gemspec +14 -7
- data/lib/chef/api_client.rb +1 -1
- data/lib/chef/api_client_v1.rb +9 -1
- data/lib/chef/application/exit_code.rb +3 -3
- data/lib/chef/client.rb +167 -0
- data/lib/chef/compliance/input.rb +1 -1
- data/lib/chef/compliance/input_collection.rb +1 -1
- data/lib/chef/compliance/profile.rb +1 -1
- data/lib/chef/compliance/profile_collection.rb +1 -2
- data/lib/chef/compliance/waiver.rb +1 -1
- data/lib/chef/compliance/waiver_collection.rb +1 -1
- data/lib/chef/cookbook/syntax_check.rb +2 -2
- data/lib/chef/dsl/reader_helpers.rb +1 -1
- data/lib/chef/dsl/rest_resource.rb +77 -0
- data/lib/chef/dsl/secret.rb +113 -5
- data/lib/chef/event_dispatch/base.rb +3 -0
- data/lib/chef/exceptions.rb +8 -0
- data/lib/chef/http/authenticator.rb +170 -3
- data/lib/chef/http/ssl_policies.rb +3 -3
- data/lib/chef/mixin/powershell_exec.rb +5 -28
- data/lib/chef/mixin/properties.rb +6 -0
- data/lib/chef/node/attribute.rb +20 -3
- data/lib/chef/node/mixin/deep_merge_cache.rb +4 -4
- data/lib/chef/node/mixin/immutablize_array.rb +1 -0
- data/lib/chef/policy_builder/expand_node_object.rb +1 -2
- data/lib/chef/policy_builder/policyfile.rb +1 -1
- data/lib/chef/property.rb +5 -3
- data/lib/chef/provider/group/windows.rb +1 -1
- data/lib/chef/provider/http_request.rb +11 -9
- data/lib/chef/provider/mount/linux.rb +5 -0
- data/lib/chef/provider/mount/mount.rb +8 -0
- data/lib/chef/provider/mount/windows.rb +1 -1
- data/lib/chef/provider/package/powershell.rb +1 -1
- data/lib/chef/provider/package/rubygems.rb +7 -7
- data/lib/chef/provider/package/windows/msi.rb +2 -2
- data/lib/chef/provider/package/windows/registry_uninstall_entry.rb +1 -1
- data/lib/chef/provider/package/yum/python_helper.rb +14 -1
- data/lib/chef/provider/package/zypper/version.rb +60 -0
- data/lib/chef/provider/package/zypper.rb +47 -3
- data/lib/chef/provider/service/windows.rb +5 -5
- data/lib/chef/provider/user/aix.rb +5 -0
- data/lib/chef/provider/user/linux.rb +29 -0
- data/lib/chef/provider/user/mac.rb +1 -1
- data/lib/chef/provider/user/windows.rb +2 -2
- data/lib/chef/provider/user.rb +45 -9
- data/lib/chef/provider.rb +1 -1
- data/lib/chef/recipe.rb +1 -1
- data/lib/chef/resource/_rest_resource.rb +389 -0
- data/lib/chef/resource/alternatives.rb +0 -1
- data/lib/chef/resource/apt_package.rb +0 -1
- data/lib/chef/resource/apt_preference.rb +0 -1
- data/lib/chef/resource/apt_repository.rb +0 -1
- data/lib/chef/resource/apt_update.rb +0 -1
- data/lib/chef/resource/archive_file.rb +0 -1
- data/lib/chef/resource/bash.rb +0 -1
- data/lib/chef/resource/batch.rb +0 -1
- data/lib/chef/resource/bff_package.rb +0 -1
- data/lib/chef/resource/breakpoint.rb +0 -1
- data/lib/chef/resource/build_essential.rb +0 -1
- data/lib/chef/resource/cab_package.rb +0 -1
- data/lib/chef/resource/chef_client_config.rb +17 -14
- data/lib/chef/resource/chef_client_cron.rb +1 -2
- data/lib/chef/resource/chef_client_launchd.rb +2 -2
- data/lib/chef/resource/chef_client_scheduled_task.rb +3 -3
- data/lib/chef/resource/chef_client_systemd_timer.rb +0 -1
- data/lib/chef/resource/chef_client_trusted_certificate.rb +0 -1
- data/lib/chef/resource/chef_gem.rb +0 -1
- data/lib/chef/resource/chef_handler.rb +0 -1
- data/lib/chef/resource/chef_sleep.rb +1 -3
- data/lib/chef/resource/chef_vault_secret.rb +0 -1
- data/lib/chef/resource/chocolatey_config.rb +0 -1
- data/lib/chef/resource/chocolatey_feature.rb +0 -1
- data/lib/chef/resource/chocolatey_package.rb +0 -1
- data/lib/chef/resource/chocolatey_source.rb +0 -1
- data/lib/chef/resource/cookbook_file.rb +0 -1
- data/lib/chef/resource/cron/_cron_shared.rb +0 -1
- data/lib/chef/resource/cron/cron.rb +0 -1
- data/lib/chef/resource/cron/cron_d.rb +15 -1
- data/lib/chef/resource/cron_access.rb +0 -1
- data/lib/chef/resource/csh.rb +0 -1
- data/lib/chef/resource/directory.rb +0 -1
- data/lib/chef/resource/dmg_package.rb +0 -1
- data/lib/chef/resource/dnf_package.rb +0 -1
- data/lib/chef/resource/dpkg_package.rb +0 -1
- data/lib/chef/resource/dsc_resource.rb +0 -1
- data/lib/chef/resource/dsc_script.rb +0 -1
- data/lib/chef/resource/execute.rb +0 -1
- data/lib/chef/resource/file.rb +0 -1
- data/lib/chef/resource/freebsd_package.rb +0 -1
- data/lib/chef/resource/gem_package.rb +0 -1
- data/lib/chef/resource/group.rb +25 -2
- data/lib/chef/resource/habitat/habitat_package.rb +0 -1
- data/lib/chef/resource/habitat/habitat_sup.rb +6 -7
- data/lib/chef/resource/habitat/habitat_sup_windows.rb +1 -1
- data/lib/chef/resource/habitat_config.rb +0 -1
- data/lib/chef/resource/habitat_install.rb +0 -1
- data/lib/chef/resource/habitat_service.rb +0 -1
- data/lib/chef/resource/habitat_user_toml.rb +0 -1
- data/lib/chef/resource/homebrew_cask.rb +0 -1
- data/lib/chef/resource/homebrew_package.rb +0 -1
- data/lib/chef/resource/homebrew_tap.rb +0 -1
- data/lib/chef/resource/homebrew_update.rb +0 -2
- data/lib/chef/resource/hostname.rb +0 -1
- data/lib/chef/resource/http_request.rb +0 -1
- data/lib/chef/resource/ifconfig.rb +0 -1
- data/lib/chef/resource/inspec_input.rb +0 -1
- data/lib/chef/resource/inspec_waiver.rb +0 -1
- data/lib/chef/resource/inspec_waiver_file_entry.rb +2 -3
- data/lib/chef/resource/ips_package.rb +0 -1
- data/lib/chef/resource/kernel_module.rb +0 -1
- data/lib/chef/resource/ksh.rb +0 -1
- data/lib/chef/resource/launchd.rb +0 -1
- data/lib/chef/resource/link.rb +0 -1
- data/lib/chef/resource/locale.rb +1 -2
- data/lib/chef/resource/log.rb +0 -1
- data/lib/chef/resource/lwrp_base.rb +0 -4
- data/lib/chef/resource/macos_userdefaults.rb +0 -1
- data/lib/chef/resource/macosx_service.rb +0 -1
- data/lib/chef/resource/macports_package.rb +0 -1
- data/lib/chef/resource/mdadm.rb +0 -1
- data/lib/chef/resource/mount.rb +0 -1
- data/lib/chef/resource/msu_package.rb +0 -1
- data/lib/chef/resource/notify_group.rb +0 -2
- data/lib/chef/resource/ohai.rb +0 -1
- data/lib/chef/resource/ohai_hint.rb +0 -1
- data/lib/chef/resource/openbsd_package.rb +0 -1
- data/lib/chef/resource/openssl_dhparam.rb +0 -2
- data/lib/chef/resource/openssl_ec_private_key.rb +0 -2
- data/lib/chef/resource/openssl_ec_public_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_private_key.rb +0 -2
- data/lib/chef/resource/openssl_rsa_public_key.rb +0 -2
- data/lib/chef/resource/openssl_x509_certificate.rb +0 -2
- data/lib/chef/resource/openssl_x509_crl.rb +0 -2
- data/lib/chef/resource/openssl_x509_request.rb +0 -2
- data/lib/chef/resource/osx_profile.rb +0 -1
- data/lib/chef/resource/package.rb +0 -1
- data/lib/chef/resource/pacman_package.rb +0 -1
- data/lib/chef/resource/paludis_package.rb +0 -1
- data/lib/chef/resource/perl.rb +0 -1
- data/lib/chef/resource/plist.rb +7 -3
- data/lib/chef/resource/portage_package.rb +0 -1
- data/lib/chef/resource/powershell_package.rb +0 -1
- data/lib/chef/resource/powershell_package_source.rb +0 -1
- data/lib/chef/resource/powershell_script.rb +0 -1
- data/lib/chef/resource/python.rb +0 -1
- data/lib/chef/resource/reboot.rb +0 -1
- data/lib/chef/resource/registry_key.rb +0 -1
- data/lib/chef/resource/remote_directory.rb +0 -1
- data/lib/chef/resource/remote_file.rb +0 -1
- data/lib/chef/resource/rhsm_errata.rb +0 -1
- data/lib/chef/resource/rhsm_errata_level.rb +0 -1
- data/lib/chef/resource/rhsm_register.rb +17 -1
- data/lib/chef/resource/rhsm_repo.rb +0 -1
- data/lib/chef/resource/rhsm_subscription.rb +0 -1
- data/lib/chef/resource/route.rb +0 -1
- data/lib/chef/resource/rpm_package.rb +0 -1
- data/lib/chef/resource/ruby.rb +0 -1
- data/lib/chef/resource/ruby_block.rb +0 -1
- data/lib/chef/resource/scm/_scm.rb +0 -2
- data/lib/chef/resource/scm/git.rb +0 -2
- data/lib/chef/resource/scm/subversion.rb +0 -2
- data/lib/chef/resource/script.rb +0 -1
- data/lib/chef/resource/selinux/common_helpers.rb +47 -0
- data/lib/chef/resource/selinux/selinux_debian.erb +18 -0
- data/lib/chef/resource/selinux/selinux_default.erb +15 -0
- data/lib/chef/resource/selinux_boolean.rb +101 -0
- data/lib/chef/resource/selinux_fcontext.rb +160 -0
- data/lib/chef/resource/selinux_install.rb +107 -0
- data/lib/chef/resource/selinux_module.rb +143 -0
- data/lib/chef/resource/selinux_permissive.rb +64 -0
- data/lib/chef/resource/selinux_port.rb +118 -0
- data/lib/chef/resource/selinux_state.rb +166 -0
- data/lib/chef/resource/service.rb +0 -1
- data/lib/chef/resource/smartos_package.rb +0 -1
- data/lib/chef/resource/snap_package.rb +0 -1
- data/lib/chef/resource/solaris_package.rb +0 -1
- data/lib/chef/resource/ssh_known_hosts_entry.rb +0 -1
- data/lib/chef/resource/sudo.rb +0 -1
- data/lib/chef/resource/support/client.erb +3 -4
- data/lib/chef/resource/swap_file.rb +0 -1
- data/lib/chef/resource/sysctl.rb +1 -2
- data/lib/chef/resource/systemd_unit.rb +0 -1
- data/lib/chef/resource/template.rb +0 -1
- data/lib/chef/resource/timezone.rb +0 -1
- data/lib/chef/resource/user/aix_user.rb +0 -1
- data/lib/chef/resource/user/linux_user.rb +0 -1
- data/lib/chef/resource/user/mac_user.rb +0 -1
- data/lib/chef/resource/user/pw_user.rb +0 -1
- data/lib/chef/resource/user/solaris_user.rb +0 -1
- data/lib/chef/resource/user/windows_user.rb +0 -1
- data/lib/chef/resource/user.rb +10 -1
- data/lib/chef/resource/user_ulimit.rb +0 -1
- data/lib/chef/resource/whyrun_safe_ruby_block.rb +0 -1
- data/lib/chef/resource/windows_ad_join.rb +0 -2
- data/lib/chef/resource/windows_audit_policy.rb +0 -2
- data/lib/chef/resource/windows_auto_run.rb +0 -1
- data/lib/chef/resource/windows_certificate.rb +54 -43
- data/lib/chef/resource/windows_defender.rb +0 -1
- data/lib/chef/resource/windows_defender_exclusion.rb +0 -1
- data/lib/chef/resource/windows_dfs_folder.rb +0 -1
- data/lib/chef/resource/windows_dfs_namespace.rb +0 -1
- data/lib/chef/resource/windows_dfs_server.rb +0 -1
- data/lib/chef/resource/windows_dns_record.rb +0 -1
- data/lib/chef/resource/windows_dns_zone.rb +0 -1
- data/lib/chef/resource/windows_env.rb +0 -1
- data/lib/chef/resource/windows_feature.rb +0 -1
- data/lib/chef/resource/windows_feature_dism.rb +0 -1
- data/lib/chef/resource/windows_feature_powershell.rb +0 -1
- data/lib/chef/resource/windows_firewall_profile.rb +0 -2
- data/lib/chef/resource/windows_firewall_rule.rb +0 -1
- data/lib/chef/resource/windows_font.rb +2 -3
- data/lib/chef/resource/windows_package.rb +0 -1
- data/lib/chef/resource/windows_pagefile.rb +27 -22
- data/lib/chef/resource/windows_path.rb +0 -1
- data/lib/chef/resource/windows_printer.rb +0 -1
- data/lib/chef/resource/windows_printer_port.rb +0 -1
- data/lib/chef/resource/windows_script.rb +0 -2
- data/lib/chef/resource/windows_security_policy.rb +0 -1
- data/lib/chef/resource/windows_service.rb +0 -1
- data/lib/chef/resource/windows_share.rb +0 -1
- data/lib/chef/resource/windows_shortcut.rb +1 -2
- data/lib/chef/resource/windows_task.rb +0 -1
- data/lib/chef/resource/windows_uac.rb +0 -1
- data/lib/chef/resource/windows_update_settings.rb +0 -1
- data/lib/chef/resource/windows_user_privilege.rb +36 -27
- data/lib/chef/resource/windows_workgroup.rb +0 -1
- data/lib/chef/resource/yum_package.rb +0 -1
- data/lib/chef/resource/yum_repository.rb +0 -1
- data/lib/chef/resource/zypper_package.rb +0 -1
- data/lib/chef/resource/zypper_repository.rb +0 -1
- data/lib/chef/resource.rb +13 -5
- data/lib/chef/resources.rb +7 -0
- data/lib/chef/run_context.rb +19 -3
- data/lib/chef/secret_fetcher/azure_key_vault.rb +3 -3
- data/lib/chef/secret_fetcher/hashi_vault.rb +1 -1
- data/lib/chef/version.rb +1 -1
- data/lib/chef/win32/handle.rb +6 -7
- data/lib/chef/win32/registry.rb +7 -3
- data/lib/chef/win32/version.rb +2 -1
- data/spec/data/rubygems.org/sexp_processor-info +2 -1
- data/spec/functional/resource/dnf_package_spec.rb +15 -0
- data/spec/functional/resource/dsc_script_spec.rb +1 -1
- data/spec/functional/resource/group_spec.rb +10 -6
- data/spec/functional/resource/link_spec.rb +8 -8
- data/spec/functional/resource/plist_spec.rb +25 -0
- data/spec/functional/resource/user/linux_user_spec.rb +127 -0
- data/spec/functional/resource/windows_certificate_spec.rb +15 -12
- data/spec/functional/resource/windows_font_spec.rb +11 -8
- data/spec/functional/resource/windows_pagefile_spec.rb +31 -4
- data/spec/functional/resource/yum_package_spec.rb +15 -0
- data/spec/functional/resource/zypper_package_spec.rb +12 -0
- data/spec/functional/shell_spec.rb +7 -2
- data/spec/functional/version_spec.rb +1 -1
- data/spec/integration/client/client_spec.rb +82 -3
- data/spec/integration/client/exit_code_spec.rb +1 -1
- data/spec/integration/client/ipv6_spec.rb +1 -1
- data/spec/integration/compliance/compliance_spec.rb +1 -1
- data/spec/integration/recipes/accumulator_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_inline_resources_spec.rb +1 -1
- data/spec/integration/recipes/lwrp_spec.rb +1 -1
- data/spec/integration/recipes/notifies_spec.rb +1 -1
- data/spec/integration/recipes/notifying_block_spec.rb +1 -1
- data/spec/integration/recipes/remote_directory.rb +1 -1
- data/spec/integration/recipes/unified_mode_spec.rb +1 -1
- data/spec/integration/recipes/use_partial_spec.rb +2 -1
- data/spec/integration/solo/solo_spec.rb +2 -2
- data/spec/spec_helper.rb +1 -0
- data/spec/support/platform_helpers.rb +4 -0
- data/spec/support/ruby_installer.rb +1 -1
- data/spec/support/shared/functional/windows_script.rb +2 -2
- data/spec/unit/application/client_spec.rb +0 -10
- data/spec/unit/client_spec.rb +54 -2
- data/spec/unit/cookbook/syntax_check_spec.rb +3 -0
- data/spec/unit/daemon_spec.rb +1 -5
- data/spec/unit/dsl/secret_spec.rb +127 -23
- data/spec/unit/http/authenticator_spec.rb +68 -0
- data/spec/unit/mixin/powershell_exec_spec.rb +5 -5
- data/spec/unit/platform/query_helpers_spec.rb +2 -17
- data/spec/unit/provider/http_request_spec.rb +60 -72
- data/spec/unit/provider/mount/linux_spec.rb +10 -0
- data/spec/unit/provider/package/rubygems_spec.rb +2 -2
- data/spec/unit/provider/package/zypper_spec.rb +32 -0
- data/spec/unit/provider/user/linux_spec.rb +96 -1
- data/spec/unit/provider/user_spec.rb +24 -6
- data/spec/unit/resource/archive_file_spec.rb +1 -1
- data/spec/unit/resource/chef_client_config_spec.rb +8 -0
- data/spec/unit/resource/chef_client_cron_spec.rb +5 -0
- data/spec/unit/resource/chef_client_launchd_spec.rb +5 -0
- data/spec/unit/resource/chef_client_scheduled_task_spec.rb +5 -0
- data/spec/unit/resource/chef_client_systemd_timer_spec.rb +1 -1
- data/spec/unit/resource/cron_d_spec.rb +37 -1
- data/spec/unit/resource/rest_resource_spec.rb +381 -0
- data/spec/unit/resource/selinux_boolean_spec.rb +92 -0
- data/spec/unit/resource/selinux_fcontext_spec.rb +65 -0
- data/spec/unit/resource/selinux_install_spec.rb +60 -0
- data/spec/unit/resource/selinux_module_spec.rb +55 -0
- data/spec/unit/resource/selinux_permissive_spec.rb +39 -0
- data/spec/unit/resource/selinux_port_spec.rb +42 -0
- data/spec/unit/resource/selinux_state_spec.rb +46 -0
- data/spec/unit/resource/sysctl_spec.rb +2 -2
- data/spec/unit/resource/user/linux_user_spec.rb +42 -0
- data/spec/unit/resource_spec.rb +21 -1
- data/spec/unit/run_context_spec.rb +16 -0
- data/spec/unit/util/dsc/local_configuration_manager_spec.rb +1 -1
- data/tasks/rspec.rb +1 -1
- metadata +93 -21
@@ -21,7 +21,6 @@ class Chef
|
|
21
21
|
class Resource
|
22
22
|
class WindowsFont < Chef::Resource
|
23
23
|
require_relative "../util/path_helper"
|
24
|
-
unified_mode true
|
25
24
|
|
26
25
|
provides(:windows_font) { true }
|
27
26
|
|
@@ -83,7 +82,7 @@ class Chef
|
|
83
82
|
|
84
83
|
# install the font into the appropriate fonts directory
|
85
84
|
def install_font
|
86
|
-
require "win32ole" if RUBY_PLATFORM.match?(/mswin|
|
85
|
+
require "win32ole" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
87
86
|
fonts_dir = Chef::Util::PathHelper.join(ENV["windir"], "fonts")
|
88
87
|
folder = WIN32OLE.new("Shell.Application").Namespace(fonts_dir)
|
89
88
|
converge_by("install font #{new_resource.font_name} to #{fonts_dir}") do
|
@@ -95,7 +94,7 @@ class Chef
|
|
95
94
|
#
|
96
95
|
# @return [Boolean] Is the font is installed?
|
97
96
|
def font_exists?
|
98
|
-
require "win32ole" if RUBY_PLATFORM.match?(/mswin|
|
97
|
+
require "win32ole" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
99
98
|
fonts_dir = WIN32OLE.new("WScript.Shell").SpecialFolders("Fonts")
|
100
99
|
fonts_dir_local = Chef::Util::PathHelper.join(ENV["home"], "AppData/Local/Microsoft/Windows/fonts")
|
101
100
|
logger.trace("Seeing if the font at #{Chef::Util::PathHelper.join(fonts_dir, new_resource.font_name)} exists")
|
@@ -20,7 +20,6 @@ require_relative "../resource"
|
|
20
20
|
class Chef
|
21
21
|
class Resource
|
22
22
|
class WindowsPagefile < Chef::Resource
|
23
|
-
unified_mode true
|
24
23
|
|
25
24
|
provides(:windows_pagefile) { true }
|
26
25
|
|
@@ -88,7 +87,7 @@ class Chef
|
|
88
87
|
if automatic_managed
|
89
88
|
set_automatic_managed unless automatic_managed?
|
90
89
|
elsif automatic_managed == false
|
91
|
-
unset_automatic_managed
|
90
|
+
unset_automatic_managed
|
92
91
|
else
|
93
92
|
pagefile = clarify_pagefile_name
|
94
93
|
initial_size = new_resource.initial_size
|
@@ -149,10 +148,12 @@ class Chef
|
|
149
148
|
def exists?(pagefile)
|
150
149
|
@exists ||= begin
|
151
150
|
logger.trace("Checking if #{pagefile} exists by running: Get-CimInstance Win32_PagefileSetting | Where-Object { $_.name -eq $($pagefile)} ")
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
151
|
+
powershell_code = <<~CODE
|
152
|
+
$page_file_name = '#{pagefile}';
|
153
|
+
$pagefile = Get-CimInstance Win32_PagefileSetting | Where-Object { $_.name -eq $($page_file_name)}
|
154
|
+
if ([string]::IsNullOrEmpty($pagefile)) { return $false } else { return $true }
|
155
|
+
CODE
|
156
|
+
powershell_exec!(powershell_code).result
|
156
157
|
end
|
157
158
|
end
|
158
159
|
|
@@ -164,13 +165,16 @@ class Chef
|
|
164
165
|
# @return [Boolean]
|
165
166
|
def max_and_min_set?(pagefile, min, max)
|
166
167
|
logger.trace("Checking if #{pagefile} has max and initial disk size values set")
|
167
|
-
|
168
|
-
|
169
|
-
|
170
|
-
|
171
|
-
|
172
|
-
|
173
|
-
|
168
|
+
powershell_code = <<-CODE
|
169
|
+
$page_file = '#{pagefile}';
|
170
|
+
$driveLetter = $page_file.split(':')[0];
|
171
|
+
$page_file_settings = Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -Property * -ErrorAction Stop;
|
172
|
+
if ($page_file_settings.InitialSize -eq #{min} -and $page_file_settings.MaximumSize -eq #{max})
|
173
|
+
{ return $true }
|
174
|
+
else
|
175
|
+
{ return $false }
|
176
|
+
CODE
|
177
|
+
powershell_exec!(powershell_code).result
|
174
178
|
end
|
175
179
|
|
176
180
|
# create a pagefile
|
@@ -225,12 +229,14 @@ class Chef
|
|
225
229
|
|
226
230
|
# turn off automatic management of all pagefiles by Windows
|
227
231
|
def unset_automatic_managed
|
228
|
-
|
229
|
-
|
230
|
-
|
231
|
-
|
232
|
-
|
233
|
-
|
232
|
+
if automatic_managed?
|
233
|
+
converge_by("Turn off Automatically Managed on pagefiles") do
|
234
|
+
logger.trace("Running Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$false} -PassThru")
|
235
|
+
powershell_exec! <<~EOH
|
236
|
+
$sys = Get-CimInstance Win32_ComputerSystem -Property *
|
237
|
+
Set-CimInstance -InputObject $sys -Property @{AutomaticManagedPagefile=$false} -PassThru
|
238
|
+
EOH
|
239
|
+
end
|
234
240
|
end
|
235
241
|
end
|
236
242
|
|
@@ -240,14 +246,13 @@ class Chef
|
|
240
246
|
# @param [String] min the minimum size of the pagefile
|
241
247
|
# @param [String] max the minimum size of the pagefile
|
242
248
|
def set_custom_size(pagefile, min, max)
|
249
|
+
unset_automatic_managed
|
243
250
|
converge_by("set #{pagefile} to InitialSize=#{min} & MaximumSize=#{max}") do
|
244
251
|
logger.trace("Set-CimInstance -Property @{InitialSize = #{min} MaximumSize = #{max}")
|
245
252
|
powershell_exec! <<~EOD
|
246
253
|
$page_file = "#{pagefile}"
|
247
254
|
$driveLetter = $page_file.split(':')[0]
|
248
|
-
Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop | Set-CimInstance -Property @{
|
249
|
-
InitialSize = #{min}
|
250
|
-
MaximumSize = #{max}}
|
255
|
+
Get-CimInstance -ClassName Win32_PageFileSetting -Filter "SettingID='pagefile.sys @ $($driveLetter):'" -ErrorAction Stop | Set-CimInstance -Property @{InitialSize = #{min}; MaximumSize = #{max};}
|
251
256
|
EOD
|
252
257
|
end
|
253
258
|
end
|
@@ -27,7 +27,6 @@ class Chef
|
|
27
27
|
# 2. Fail with a warning if the port can't be found and create_port is false
|
28
28
|
# 3. Fail with helpful messaging if the printer driver can't be installed
|
29
29
|
class WindowsPrinter < Chef::Resource
|
30
|
-
unified_mode true
|
31
30
|
|
32
31
|
autoload :Resolv, "resolv"
|
33
32
|
|
@@ -24,8 +24,6 @@ class Chef
|
|
24
24
|
class WindowsScript < Chef::Resource::Script
|
25
25
|
include Chef::Mixin::WindowsArchitectureHelper
|
26
26
|
|
27
|
-
unified_mode true
|
28
|
-
|
29
27
|
# This is an abstract resource meant to be subclasses; thus no 'provides'
|
30
28
|
|
31
29
|
set_guard_inherited_attributes(:architecture)
|
@@ -21,7 +21,6 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsShortcut < Chef::Resource
|
24
|
-
unified_mode true
|
25
24
|
|
26
25
|
provides(:windows_shortcut) { true }
|
27
26
|
|
@@ -58,7 +57,7 @@ class Chef
|
|
58
57
|
description: "Icon to use for the shortcut. Accepts the format of `path, index`, where index is the icon file to use. See Microsoft's [documentation](https://msdn.microsoft.com/en-us/library/3s9bx7at.aspx) for details"
|
59
58
|
|
60
59
|
load_current_value do |new_resource|
|
61
|
-
require "win32ole" if RUBY_PLATFORM.match?(/mswin|
|
60
|
+
require "win32ole" if RUBY_PLATFORM.match?(/mswin|mingw|windows/)
|
62
61
|
|
63
62
|
link = WIN32OLE.new("WScript.Shell").CreateShortcut(new_resource.shortcut_name)
|
64
63
|
name new_resource.shortcut_name
|
@@ -21,10 +21,9 @@ require_relative "../resource"
|
|
21
21
|
class Chef
|
22
22
|
class Resource
|
23
23
|
class WindowsUserPrivilege < Chef::Resource
|
24
|
-
unified_mode true
|
25
24
|
|
26
25
|
provides :windows_user_privilege
|
27
|
-
description "The windows_user_privilege resource allows to add
|
26
|
+
description "The windows_user_privilege resource allows to add a privilege to a principal or (User/Group).\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment"
|
28
27
|
|
29
28
|
introduced "16.0"
|
30
29
|
|
@@ -39,23 +38,32 @@ class Chef
|
|
39
38
|
end
|
40
39
|
```
|
41
40
|
|
42
|
-
**
|
41
|
+
**Provide only the Builtin Guests and Administrator Groups with the SeCreatePageFile Privilege**:
|
42
|
+
|
43
|
+
```ruby
|
44
|
+
windows_user_privilege 'Create Pagefile' do
|
45
|
+
privilege 'SeCreatePagefilePrivilege'
|
46
|
+
users ['BUILTIN\\Guests', 'BUILTIN\\Administrators']
|
47
|
+
action :set
|
48
|
+
end
|
49
|
+
```
|
50
|
+
|
51
|
+
**Add the SeDenyRemoteInteractiveLogonRight Privilege to the 'Remote interactive logon' principal**:
|
43
52
|
|
44
53
|
```ruby
|
45
54
|
windows_user_privilege 'Remote interactive logon' do
|
46
55
|
privilege 'SeDenyRemoteInteractiveLogonRight'
|
47
|
-
users ['Builtin\\Guests', 'NT AUTHORITY\\Local Account']
|
48
56
|
action :add
|
49
57
|
end
|
50
58
|
```
|
51
59
|
|
52
|
-
**
|
60
|
+
**Add to the Builtin Guests Group the SeCreatePageFile Privilege**:
|
53
61
|
|
54
62
|
```ruby
|
55
|
-
windows_user_privilege 'Create Pagefile' do
|
63
|
+
windows_user_privilege 'Guests add Create Pagefile' do
|
64
|
+
principal 'BUILTIN\\Guests'
|
56
65
|
privilege 'SeCreatePagefilePrivilege'
|
57
|
-
|
58
|
-
action :set
|
66
|
+
action :add
|
59
67
|
end
|
60
68
|
```
|
61
69
|
|
@@ -90,6 +98,7 @@ class Chef
|
|
90
98
|
SeCreateSymbolicLinkPrivilege
|
91
99
|
SeCreateTokenPrivilege
|
92
100
|
SeDebugPrivilege
|
101
|
+
SeDelegateSessionUserImpersonatePrivilege
|
93
102
|
SeDenyBatchLogonRight
|
94
103
|
SeDenyInteractiveLogonRight
|
95
104
|
SeDenyNetworkLogonRight
|
@@ -126,20 +135,20 @@ class Chef
|
|
126
135
|
}.freeze
|
127
136
|
|
128
137
|
property :principal, String,
|
129
|
-
|
130
|
-
|
138
|
+
description: "An optional property to add the privilege for given principal. Use only with add and remove action. Principal can either be a User/Group or one of special identities found here Ref: https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/special-identities",
|
139
|
+
name_property: true
|
131
140
|
|
132
141
|
property :users, [Array, String],
|
133
|
-
|
134
|
-
|
142
|
+
description: "An optional property to set the privilege for given users. Use only with set action.",
|
143
|
+
coerce: proc { |v| Array(v) }
|
135
144
|
|
136
145
|
property :privilege, [Array, String],
|
137
|
-
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
146
|
+
description: "One or more privileges to set for principal or users/groups. For more information on what each privilege does Ref: https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment",
|
147
|
+
required: true,
|
148
|
+
coerce: proc { |v| Array(v) },
|
149
|
+
callbacks: {
|
150
|
+
"Privilege property restricted to the following values: #{PRIVILEGE_OPTS}" => lambda { |n| (n - PRIVILEGE_OPTS).empty? },
|
151
|
+
}, identity: true
|
143
152
|
|
144
153
|
load_current_value do |new_resource|
|
145
154
|
if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove))
|
@@ -147,15 +156,15 @@ class Chef
|
|
147
156
|
end
|
148
157
|
end
|
149
158
|
|
150
|
-
action :add, description: "Add a
|
151
|
-
([*new_resource.privilege] - [*current_resource.privilege]).each do |
|
152
|
-
converge_by("adding
|
153
|
-
Chef::ReservedNames::Win32::Security.add_account_right(new_resource.principal,
|
159
|
+
action :add, description: "Add a privileges to a principal." do
|
160
|
+
([*new_resource.privilege] - [*current_resource.privilege]).each do |principal_right|
|
161
|
+
converge_by("adding principal '#{new_resource.principal}' privilege #{principal_right}") do
|
162
|
+
Chef::ReservedNames::Win32::Security.add_account_right(new_resource.principal, principal_right)
|
154
163
|
end
|
155
164
|
end
|
156
165
|
end
|
157
166
|
|
158
|
-
action :set, description: "Set the privileges that are listed in the `privilege` property for only the users listed in the `users` property." do
|
167
|
+
action :set, description: "Set the privileges that are listed in the `privilege` property for only the users listed in the `users` property. All other users not listed with given privilege will be have the privilege removed." do
|
159
168
|
if new_resource.users.nil? || new_resource.users.empty?
|
160
169
|
raise Chef::Exceptions::ValidationFailed, "Users are required property with set action."
|
161
170
|
end
|
@@ -204,7 +213,7 @@ class Chef
|
|
204
213
|
end
|
205
214
|
end
|
206
215
|
|
207
|
-
action :remove, description: "Remove a
|
216
|
+
action :remove, description: "Remove a principal privilege" do
|
208
217
|
curr_res_privilege = current_resource.privilege
|
209
218
|
missing_res_privileges = (new_resource.privilege - curr_res_privilege)
|
210
219
|
|
@@ -212,9 +221,9 @@ class Chef
|
|
212
221
|
Chef::Log.info("User \'#{new_resource.principal}\' for Privilege: #{missing_res_privileges.join(", ")} not found. Nothing to remove.")
|
213
222
|
end
|
214
223
|
|
215
|
-
(new_resource.privilege - missing_res_privileges).each do |
|
216
|
-
converge_by("removing
|
217
|
-
Chef::ReservedNames::Win32::Security.remove_account_right(new_resource.principal,
|
224
|
+
(new_resource.privilege - missing_res_privileges).each do |principal_right|
|
225
|
+
converge_by("removing principal #{new_resource.principal} from privilege #{principal_right}") do
|
226
|
+
Chef::ReservedNames::Win32::Security.remove_account_right(new_resource.principal, principal_right)
|
218
227
|
end
|
219
228
|
end
|
220
229
|
end
|
data/lib/chef/resource.rb
CHANGED
@@ -660,8 +660,8 @@ class Chef
|
|
660
660
|
text << "#{resource_name}(\"#{name}\") do\n"
|
661
661
|
|
662
662
|
all_props = {}
|
663
|
-
self.class.state_properties.map do |p|
|
664
663
|
|
664
|
+
self.class.sensitive_properties.map do |p|
|
665
665
|
all_props[p.name.to_s] = p.sensitive? ? '"*sensitive value suppressed*"' : value_to_text(p.get(self))
|
666
666
|
rescue Chef::Exceptions::ValidationFailed
|
667
667
|
# This space left intentionally blank, the property was probably required or had an invalid default.
|
@@ -1498,10 +1498,18 @@ class Chef
|
|
1498
1498
|
# @param partial [String] the code fragment to eval against the class
|
1499
1499
|
#
|
1500
1500
|
def self.use(partial)
|
1501
|
-
|
1502
|
-
|
1503
|
-
|
1504
|
-
|
1501
|
+
if partial =~ /^core::(.*)/
|
1502
|
+
partial = $1
|
1503
|
+
dirname = ::File.dirname(partial)
|
1504
|
+
basename = ::File.basename(partial, ".rb")
|
1505
|
+
basename = basename[1..] if basename.start_with?("_")
|
1506
|
+
class_eval IO.read(::File.expand_path("resource/#{dirname}/_#{basename}.rb", __dir__))
|
1507
|
+
else
|
1508
|
+
dirname = ::File.dirname(partial)
|
1509
|
+
basename = ::File.basename(partial, ".rb")
|
1510
|
+
basename = basename[1..] if basename.start_with?("_")
|
1511
|
+
class_eval IO.read(::File.expand_path("#{dirname}/_#{basename}.rb", ::File.dirname(caller_locations.first.path)))
|
1512
|
+
end
|
1505
1513
|
end
|
1506
1514
|
|
1507
1515
|
# The cookbook in which this Resource was defined (if any).
|
data/lib/chef/resources.rb
CHANGED
@@ -124,6 +124,13 @@ require_relative "resource/route"
|
|
124
124
|
require_relative "resource/ruby"
|
125
125
|
require_relative "resource/ruby_block"
|
126
126
|
require_relative "resource/script"
|
127
|
+
require_relative "resource/selinux_boolean"
|
128
|
+
require_relative "resource/selinux_fcontext"
|
129
|
+
require_relative "resource/selinux_install"
|
130
|
+
require_relative "resource/selinux_module"
|
131
|
+
require_relative "resource/selinux_permissive"
|
132
|
+
require_relative "resource/selinux_port"
|
133
|
+
require_relative "resource/selinux_state"
|
127
134
|
require_relative "resource/service"
|
128
135
|
require_relative "resource/sudo"
|
129
136
|
require_relative "resource/sysctl"
|
data/lib/chef/run_context.rb
CHANGED
@@ -145,6 +145,16 @@ class Chef
|
|
145
145
|
#
|
146
146
|
attr_accessor :input_collection
|
147
147
|
|
148
|
+
#
|
149
|
+
# @return [Symbol, nil]
|
150
|
+
#
|
151
|
+
attr_accessor :default_secret_service
|
152
|
+
|
153
|
+
#
|
154
|
+
# @return [Hash<Symbol,Object>]
|
155
|
+
#
|
156
|
+
attr_accessor :default_secret_config
|
157
|
+
|
148
158
|
# Pointer back to the Chef::Runner that created this
|
149
159
|
#
|
150
160
|
attr_accessor :runner
|
@@ -222,6 +232,8 @@ class Chef
|
|
222
232
|
@input_collection = Chef::Compliance::InputCollection.new(events)
|
223
233
|
@waiver_collection = Chef::Compliance::WaiverCollection.new(events)
|
224
234
|
@profile_collection = Chef::Compliance::ProfileCollection.new(events)
|
235
|
+
@default_secret_service = nil
|
236
|
+
@default_secret_config = {}
|
225
237
|
|
226
238
|
initialize_child_state
|
227
239
|
end
|
@@ -401,9 +413,9 @@ class Chef
|
|
401
413
|
logger.warn(<<~ERROR_MESSAGE)
|
402
414
|
MissingCookbookDependency:
|
403
415
|
Recipe `#{recipe_name}` is not in the run_list, and cookbook '#{cookbook_name}'
|
404
|
-
is not a dependency of any cookbook in the run_list.
|
405
|
-
first add a dependency
|
406
|
-
|
416
|
+
is not a dependency of any cookbook in the run_list. To load this recipe,
|
417
|
+
first add a dependency of the cookbook '#{cookbook_name}' into the metadata
|
418
|
+
of the cookbook which depends on '#{cookbook_name}'.
|
407
419
|
ERROR_MESSAGE
|
408
420
|
end
|
409
421
|
|
@@ -693,6 +705,10 @@ class Chef
|
|
693
705
|
cookbook_collection
|
694
706
|
cookbook_collection=
|
695
707
|
cookbook_compiler
|
708
|
+
default_secret_config
|
709
|
+
default_secret_config=
|
710
|
+
default_secret_service
|
711
|
+
default_secret_service=
|
696
712
|
definitions
|
697
713
|
events
|
698
714
|
events=
|
@@ -59,7 +59,7 @@ class Chef
|
|
59
59
|
end
|
60
60
|
|
61
61
|
def validate!
|
62
|
-
raise Chef::Exceptions::Secret::ConfigurationInvalid, "You may only specify one (these are mutually exclusive): :object_id, :client_id, or :mi_res_id" if [
|
62
|
+
raise Chef::Exceptions::Secret::ConfigurationInvalid, "You may only specify one (these are mutually exclusive): :object_id, :client_id, or :mi_res_id" if [config_object_id, client_id, mi_res_id].count { |x| !x.nil? } > 1
|
63
63
|
end
|
64
64
|
|
65
65
|
private
|
@@ -87,7 +87,7 @@ class Chef
|
|
87
87
|
"https://vault.azure.net"
|
88
88
|
end
|
89
89
|
|
90
|
-
def
|
90
|
+
def config_object_id
|
91
91
|
config[:object_id]
|
92
92
|
end
|
93
93
|
|
@@ -104,7 +104,7 @@ class Chef
|
|
104
104
|
p = {}
|
105
105
|
p["api-version"] = api_version
|
106
106
|
p["resource"] = resource
|
107
|
-
p["object_id"] =
|
107
|
+
p["object_id"] = config_object_id if config_object_id
|
108
108
|
p["client_id"] = client_id if client_id
|
109
109
|
p["mi_res_id"] = mi_res_id if mi_res_id
|
110
110
|
URI.encode_www_form(p)
|