chef 18.10.17 → 19.2.12

data/lib/chef/resource/breakpoint.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Daniel DeLeo (<dan@kallistec.com>)
-# Copyright:: Copyright (c) Chef Software Inc.
+# Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,65 +24,66 @@ class Chef
     class Breakpoint < Chef::Resource
 
       provides :breakpoint, target_mode: true
+      target_mode support: :full, introduced: "15.1"
 
       description "Use the **breakpoint** resource to add breakpoints to recipes. Run the #{ChefUtils::Dist::Infra::SHELL} in #{ChefUtils::Dist::Infra::PRODUCT} mode, and then use those breakpoints to debug recipes. Breakpoints are ignored by the #{ChefUtils::Dist::Infra::CLIENT} during an actual #{ChefUtils::Dist::Infra::CLIENT} run. That said, breakpoints are typically used to debug recipes only when running them in a non-production environment, after which they are removed from those recipes before the parent cookbook is uploaded to the Chef server."
       introduced "12.0"
       examples <<~DOC
-        **A recipe without a breakpoint**
+      **A recipe without a breakpoint**
 
-        ```ruby
-        yum_key node['yum']['elrepo']['key'] do
-          url  node['yum']['elrepo']['key_url']
-          action :add
-        end
+      ```ruby
+      yum_key node['yum']['elrepo']['key'] do
+        url  node['yum']['elrepo']['key_url']
+        action :add
+      end
 
-        yum_repository 'elrepo' do
-          description 'ELRepo.org Community Enterprise Linux Extras Repository'
-          key node['yum']['elrepo']['key']
-          mirrorlist node['yum']['elrepo']['url']
-          includepkgs node['yum']['elrepo']['includepkgs']
-          exclude node['yum']['elrepo']['exclude']
-          action :create
-        end
-        ```
+      yum_repository 'elrepo' do
+        description 'ELRepo.org Community Enterprise Linux Extras Repository'
+        key node['yum']['elrepo']['key']
+        mirrorlist node['yum']['elrepo']['url']
+        includepkgs node['yum']['elrepo']['includepkgs']
+        exclude node['yum']['elrepo']['exclude']
+        action :create
+      end
+      ```
 
-        **The same recipe with breakpoints**
+      **The same recipe with breakpoints**
 
-        In the following example, the name of each breakpoint is an arbitrary string.
+      In the following example, the name of each breakpoint is an arbitrary string.
 
-        ```ruby
-        breakpoint "before yum_key node['yum']['repo_name']['key']" do
-          action :break
-        end
+      ```ruby
+      breakpoint "before yum_key node['yum']['repo_name']['key']" do
+        action :break
+      end
 
-        yum_key node['yum']['repo_name']['key'] do
-          url  node['yum']['repo_name']['key_url']
-          action :add
-        end
+      yum_key node['yum']['repo_name']['key'] do
+        url  node['yum']['repo_name']['key_url']
+        action :add
+      end
 
-        breakpoint "after yum_key node['yum']['repo_name']['key']" do
-          action :break
-        end
+      breakpoint "after yum_key node['yum']['repo_name']['key']" do
+        action :break
+      end
 
-        breakpoint "before yum_repository 'repo_name'" do
-          action :break
-        end
+      breakpoint "before yum_repository 'repo_name'" do
+        action :break
+      end
 
-        yum_repository 'repo_name' do
-          description 'description'
-          key node['yum']['repo_name']['key']
-          mirrorlist node['yum']['repo_name']['url']
-          includepkgs node['yum']['repo_name']['includepkgs']
-          exclude node['yum']['repo_name']['exclude']
-          action :create
-        end
+      yum_repository 'repo_name' do
+        description 'description'
+        key node['yum']['repo_name']['key']
+        mirrorlist node['yum']['repo_name']['url']
+        includepkgs node['yum']['repo_name']['includepkgs']
+        exclude node['yum']['repo_name']['exclude']
+        action :create
+      end
 
-        breakpoint "after yum_repository 'repo_name'" do
-          action :break
-        end
-        ```
+      breakpoint "after yum_repository 'repo_name'" do
+        action :break
+      end
+      ```
 
-        In the previous examples, the names are used to indicate if the breakpoint is before or after a resource and also to specify which resource it is before or after.
+      In the previous examples, the names are used to indicate if the breakpoint is before or after a resource and also to specify which resource it is before or after.
       DOC
 
       default_action :break

data/lib/chef/resource/build_essential.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright (c) Chef Software Inc.
+# Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.

data/lib/chef/resource/cab_package.rb

@@ -1,6 +1,6 @@
 #
 # Author:: Vasundhara Jagdale (<vasundhara.jagdale@msystechnologies.com>)
-# Copyright:: Copyright (c) Chef Software Inc.
+# Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -29,33 +29,33 @@ class Chef
       description "Use the **cab_package** resource to install or remove Microsoft Windows cabinet (.cab) packages."
       introduced "12.15"
       examples <<~'DOC'
-        **Using local path in source**
+      **Using local path in source**
 
-        ```ruby
-        cab_package 'Install .NET 3.5 sp1 via KB958488' do
-          source 'C:\Users\xyz\AppData\Local\Temp\Windows6.1-KB958488-x64.cab'
-          action :install
-        end
+      ```ruby
+      cab_package 'Install .NET 3.5 sp1 via KB958488' do
+        source 'C:\Users\xyz\AppData\Local\Temp\Windows6.1-KB958488-x64.cab'
+        action :install
+      end
 
-        cab_package 'Remove .NET 3.5 sp1 via KB958488' do
-          source 'C:\Users\xyz\AppData\Local\Temp\Windows6.1-KB958488-x64.cab'
-          action :remove
-        end
-        ```
+      cab_package 'Remove .NET 3.5 sp1 via KB958488' do
+        source 'C:\Users\xyz\AppData\Local\Temp\Windows6.1-KB958488-x64.cab'
+        action :remove
+      end
+      ```
 
-        **Using URL in source**
+      **Using URL in source**
 
-        ```ruby
-        cab_package 'Install .NET 3.5 sp1 via KB958488' do
-          source 'https://s3.amazonaws.com/my_bucket/Windows6.1-KB958488-x64.cab'
-          action :install
-        end
+      ```ruby
+      cab_package 'Install .NET 3.5 sp1 via KB958488' do
+        source 'https://s3.amazonaws.com/my_bucket/Windows6.1-KB958488-x64.cab'
+        action :install
+      end
 
-        cab_package 'Remove .NET 3.5 sp1 via KB958488' do
-          source 'https://s3.amazonaws.com/my_bucket/Temp\Windows6.1-KB958488-x64.cab'
-          action :remove
-        end
-        ```
+      cab_package 'Remove .NET 3.5 sp1 via KB958488' do
+        source 'https://s3.amazonaws.com/my_bucket/Temp\Windows6.1-KB958488-x64.cab'
+        action :remove
+      end
+      ```
       DOC
 
       allowed_actions :install, :remove

data/lib/chef/resource/chef_client_config.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright (c) Chef Software Inc.
+# Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -21,81 +21,82 @@ class Chef
   class Resource
     class ChefClientConfig < Chef::Resource
 
-      provides :chef_client_config
+      provides :chef_client_config, target_mode: true
+      target_mode support: :full
 
       description "Use the **chef_client_config** resource to create a client.rb file in the #{ChefUtils::Dist::Infra::PRODUCT} configuration directory. See the [client.rb docs](https://docs.chef.io/config_rb_client/) for more details on options available in the client.rb configuration file."
       introduced "16.6"
       examples <<~DOC
-        **Bare minimum #{ChefUtils::Dist::Infra::PRODUCT} client.rb**:
+      **Bare minimum #{ChefUtils::Dist::Infra::PRODUCT} client.rb**:
 
-        The absolute minimum configuration necessary for a node to communicate with the #{ChefUtils::Dist::Server::PRODUCT} is the URL of the #{ChefUtils::Dist::Server::PRODUCT}. All other configuration options either have values at the server side (Policyfiles, Roles, Environments, etc) or have default values determined at client startup.
+      The absolute minimum configuration necessary for a node to communicate with the #{ChefUtils::Dist::Server::PRODUCT} is the URL of the #{ChefUtils::Dist::Server::PRODUCT}. All other configuration options either have values at the server side (Policyfiles, Roles, Environments, etc) or have default values determined at client startup.
 
-        ```ruby
-        chef_client_config 'Create client.rb' do
-          chef_server_url 'https://chef.example.dmz'
-        end
-        ```
-
-        **More complex #{ChefUtils::Dist::Infra::PRODUCT} client.rb**:
-
-        ```ruby
-        chef_client_config 'Create client.rb' do
-          chef_server_url 'https://chef.example.dmz'
-          log_level :info
-          log_location :syslog
-          http_proxy 'proxy.example.dmz'
-          https_proxy 'proxy.example.dmz'
-          no_proxy %w(internal.example.dmz)
-        end
-        ```
-
-        **Adding additional config content to the client.rb**:
-
-        This resource aims to provide common configuration options. Some configuration options are missing and some users may want to use arbitrary Ruby code within their configuration. For this we offer an `additional_config` property that can be used to add any configuration or code to the bottom of the `client.rb` file. Also keep in mind that within the configuration directory is a `client.d` directory where you can put additional `.rb` files containing configuration options. These can be created using `file` or `template` resources within your cookbooks as necessary.
-
-        ```ruby
-        chef_client_config 'Create client.rb' do
-          chef_server_url 'https://chef.example.dmz'
-          additional_config <<~CONFIG
-            # Extra config code to safely load a gem into the client run.
-            # Since the config is Ruby you can run any Ruby code you want via the client.rb.
-            # It's a great way to break things, so be careful
-            begin
-              require 'aws-sdk'
-            rescue LoadError
-              Chef::Log.warn "Failed to load aws-sdk."
-            end
-          CONFIG
-        end
-        ```
-
-        **Setup two report handlers in the client.rb**:
-
-        ```ruby
-        chef_client_config 'Create client.rb' do
-          chef_server_url 'https://chef.example.dmz'
-          report_handlers [
-            {
-             'class' => 'ReportHandler1Class',
-             'arguments' => ["'FirstArgument'", "'SecondArgument'"],
-            },
-            {
-             'class' => 'ReportHandler2Class',
-             'arguments' => ["'FirstArgument'", "'SecondArgument'"],
-            },
-          ]
-        end
-        ```
+      ```ruby
+      chef_client_config 'Create client.rb' do
+        chef_server_url 'https://chef.example.dmz'
+      end
+      ```
+
+      **More complex #{ChefUtils::Dist::Infra::PRODUCT} client.rb**:
+
+      ```ruby
+      chef_client_config 'Create client.rb' do
+        chef_server_url 'https://chef.example.dmz'
+        log_level :info
+        log_location :syslog
+        http_proxy 'proxy.example.dmz'
+        https_proxy 'proxy.example.dmz'
+        no_proxy %w(internal.example.dmz)
+      end
+      ```
+
+      **Adding additional config content to the client.rb**:
+
+      This resource aims to provide common configuration options. Some configuration options are missing and some users may want to use arbitrary Ruby code within their configuration. For this we offer an `additional_config` property that can be used to add any configuration or code to the bottom of the `client.rb` file. Also keep in mind that within the configuration directory is a `client.d` directory where you can put additional `.rb` files containing configuration options. These can be created using `file` or `template` resources within your cookbooks as necessary.
+
+      ```ruby
+      chef_client_config 'Create client.rb' do
+        chef_server_url 'https://chef.example.dmz'
+        additional_config <<~CONFIG
+          # Extra config code to safely load a gem into the client run.
+          # Since the config is Ruby you can run any Ruby code you want via the client.rb.
+          # It's a great way to break things, so be careful
+          begin
+            require 'aws-sdk'
+          rescue LoadError
+            Chef::Log.warn "Failed to load aws-sdk."
+          end
+        CONFIG
+      end
+      ```
 
-        **Report directly to the [Chef Automate data collector endpoint](/automate/data_collection/#configure-chef-infra-client-to-use-the-data-collector-endpoint-in-chef-automate).**
+      **Setup two report handlers in the client.rb**:
 
-        ```ruby
-        chef_client_config 'Create client.rb' do
-          chef_server_url 'https://chef.example.dmz'
-          data_collector_server_url 'https://automate.example.dmz'
-          data_collector_token 'TEST_TOKEN_TEST'
-        end
-        ```
+      ```ruby
+      chef_client_config 'Create client.rb' do
+        chef_server_url 'https://chef.example.dmz'
+        report_handlers [
+          {
+           'class' => 'ReportHandler1Class',
+           'arguments' => ["'FirstArgument'", "'SecondArgument'"],
+          },
+          {
+           'class' => 'ReportHandler2Class',
+           'arguments' => ["'FirstArgument'", "'SecondArgument'"],
+          },
+        ]
+      end
+      ```
+
+      **Report directly to the [Chef Automate data collector endpoint](/automate/data_collection/#configure-chef-infra-client-to-use-the-data-collector-endpoint-in-chef-automate).**
+
+      ```ruby
+      chef_client_config 'Create client.rb' do
+        chef_server_url 'https://chef.example.dmz'
+        data_collector_server_url 'https://automate.example.dmz'
+        data_collector_token 'TEST_TOKEN_TEST'
+      end
+      ```
       DOC
 
       # @todo policy_file or policy_group being set requires the other to be set so enforce that.
@@ -141,10 +142,10 @@ class Chef
         equal_to: %i{verify_none verify_peer},
         coerce: proc { |x| string_to_symbol(x) },
         description: <<~DESC
-          Set the verify mode for HTTPS requests.
+        Set the verify mode for HTTPS requests.
 
-          * Use :verify_none for no validation of SSL certificates.
-          * Use :verify_peer for validation of all SSL certificates, including the #{ChefUtils::Dist::Server::PRODUCT} connections, S3 connections, and any HTTPS remote_file resource URLs used in #{ChefUtils::Dist::Infra::PRODUCT} runs. This is the recommended setting.
+        * Use :verify_none for no validation of SSL certificates.
+        * Use :verify_peer for validation of all SSL certificates, including the #{ChefUtils::Dist::Server::PRODUCT} connections, S3 connections, and any HTTPS remote_file resource URLs used in #{ChefUtils::Dist::Infra::PRODUCT} runs. This is the recommended setting.
         DESC
 
       property :formatters, Array,
@@ -174,7 +175,7 @@ class Chef
         description: "The proxy server to use for HTTPS connections."
 
       property :ftp_proxy, String,
-        description: "The proxy server to use for FTP connections."
+      description: "The proxy server to use for FTP connections."
 
       property :no_proxy, [String, Array],
         description: "A comma-separated list or an array of URLs that do not need a proxy.",

data/lib/chef/resource/chef_client_cron.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright (c) Chef Software Inc.
+# Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@ require_relative "../resource"
 require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 require_relative "helpers/cron_validations"
 require "digest/md5" unless defined?(Digest::MD5)
+require_relative "helpers/path_helpers"
 
 class Chef
   class Resource
@@ -28,31 +29,32 @@ class Chef
       description "Use the **chef_client_cron** resource to setup the #{ChefUtils::Dist::Infra::PRODUCT} to run as a cron job. This resource will also create the specified log directory if it doesn't already exist."
       introduced "16.0"
       examples <<~DOC
-        **Setup #{ChefUtils::Dist::Infra::PRODUCT} to run using the default 30 minute cadence**:
+      **Setup #{ChefUtils::Dist::Infra::PRODUCT} to run using the default 30 minute cadence**:
 
-        ```ruby
-        chef_client_cron 'Run #{ChefUtils::Dist::Infra::PRODUCT} as a cron job'
-        ```
+      ```ruby
+      chef_client_cron 'Run #{ChefUtils::Dist::Infra::PRODUCT} as a cron job'
+      ```
 
-        **Run #{ChefUtils::Dist::Infra::PRODUCT} twice a day**:
+      **Run #{ChefUtils::Dist::Infra::PRODUCT} twice a day**:
 
-        ```ruby
-        chef_client_cron 'Run #{ChefUtils::Dist::Infra::PRODUCT} every 12 hours' do
-          minute 0
-          hour '0,12'
-        end
-        ```
+      ```ruby
+      chef_client_cron 'Run #{ChefUtils::Dist::Infra::PRODUCT} every 12 hours' do
+        minute 0
+        hour '0,12'
+      end
+      ```
 
-        **Run #{ChefUtils::Dist::Infra::PRODUCT} with extra options passed to the client**:
+      **Run #{ChefUtils::Dist::Infra::PRODUCT} with extra options passed to the client**:
 
-        ```ruby
-        chef_client_cron 'Run an override recipe' do
-          daemon_options ['--override-runlist mycorp_base::default']
-        end
-        ```
+      ```ruby
+      chef_client_cron 'Run an override recipe' do
+        daemon_options ['--override-runlist mycorp_base::default']
+      end
+      ```
       DOC
 
       extend Chef::ResourceHelpers::CronValidations
+      extend Chef::ResourceHelpers::PathHelpers
 
       property :job_name, String,
         default: ChefUtils::Dist::Infra::CLIENT,
@@ -126,7 +128,7 @@ class Chef
         description: "Append to the log file instead of overwriting the log file on each run."
 
       property :chef_binary_path, String,
-        default: "/opt/#{ChefUtils::Dist::Infra::DIR_SUFFIX}/bin/#{ChefUtils::Dist::Infra::CLIENT}",
+        default: lazy { Chef::ResourceHelpers::PathHelpers.chef_client_hab_binary_path },
         description: "The path to the #{ChefUtils::Dist::Infra::CLIENT} binary."
 
       property :daemon_options, Array,

data/lib/chef/resource/chef_client_hab_ca_cert.rb

@@ -0,0 +1,141 @@
+#
+# Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "pathname" unless defined?(Pathname)
+require "chef-utils/dist" unless defined?(ChefUtils::Dist)
+
+class Chef
+  class Resource
+    class ChefClientHabCaCert < Chef::Resource
+
+      provides :chef_client_hab_ca_cert
+
+      description "Use the **chef_client_hab_ca_cert** resource to add certificates to habitat #{ChefUtils::Dist::Infra::PRODUCT}'s CA bundle. This allows the #{ChefUtils::Dist::Infra::PRODUCT} to communicate with internal encrypted resources without errors. To make sure these CA certs take effect the `ssl_ca_file` should be configured to point to the CA Cert file path of `core/cacerts` habitat package."
+      introduced "19.1"
+      examples <<~DOC
+      **Trust a self signed certificate**:
+
+      ```ruby
+      chef_client_hab_ca_cert 'self-signed.badssl.com' do
+        certificate <<~CERT
+        -----BEGIN CERTIFICATE-----
+        MIIDeTCCAmGgAwIBAgIJAPziuikCTox4MA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNV
+        BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNp
+        c2NvMQ8wDQYDVQQKDAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTAeFw0x
+        OTEwMDkyMzQxNTJaFw0yMTEwMDgyMzQxNTJaMGIxCzAJBgNVBAYTAlVTMRMwEQYD
+        VQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ8wDQYDVQQK
+        DAZCYWRTU0wxFTATBgNVBAMMDCouYmFkc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEB
+        BQADggEPADCCAQoCggEBAMIE7PiM7gTCs9hQ1XBYzJMY61yoaEmwIrX5lZ6xKyx2
+        PmzAS2BMTOqytMAPgLaw+XLJhgL5XEFdEyt/ccRLvOmULlA3pmccYYz2QULFRtMW
+        hyefdOsKnRFSJiFzbIRMeVXk0WvoBj1IFVKtsyjbqv9u/2CVSndrOfEk0TG23U3A
+        xPxTuW1CrbV8/q71FdIzSOciccfCFHpsKOo3St/qbLVytH5aohbcabFXRNsKEqve
+        ww9HdFxBIuGa+RuT5q0iBikusbpJHAwnnqP7i/dAcgCskgjZjFeEU4EFy+b+a1SY
+        QCeFxxC7c3DvaRhBB0VVfPlkPz0sw6l865MaTIbRyoUCAwEAAaMyMDAwCQYDVR0T
+        BAIwADAjBgNVHREEHDAaggwqLmJhZHNzbC5jb22CCmJhZHNzbC5jb20wDQYJKoZI
+        hvcNAQELBQADggEBAGlwCdbPxflZfYOaukZGCaxYK6gpincX4Lla4Ui2WdeQxE95
+        w7fChXvP3YkE3UYUE7mupZ0eg4ZILr/A0e7JQDsgIu/SRTUE0domCKgPZ8v99k3A
+        vka4LpLK51jHJJK7EFgo3ca2nldd97GM0MU41xHFk8qaK1tWJkfrrfcGwDJ4GQPI
+        iLlm6i0yHq1Qg1RypAXJy5dTlRXlCLd8ufWhhiwW0W75Va5AEnJuqpQrKwl3KQVe
+        wGj67WWRgLfSr+4QG1mNvCZb2CkjZWmxkGPuoP40/y7Yu5OFqxP5tAjj4YixCYTW
+        EVA0pmzIzgBg+JIe3PdRy27T0asgQW/F4TY61Yk=
+        -----END CERTIFICATE-----
+        CERT
+      end
+      ```
+      DOC
+
+      property :cert_name, String, name_property: true,
+        description: "The name to use for the certificate. If not provided the name of the resource block will be used instead."
+
+      property :certificate, String, required: true,
+        description: "The text of the certificate file including the BEGIN/END comment lines."
+
+      action :add, description: "Add a local certificate to habitat based #{ChefUtils::Dist::Infra::PRODUCT}'s CA bundle." do
+        return if cert_installed? new_resource.certificate
+
+        converge_by("Add new CA bundle #{new_resource.cert_name} to #{ca_cert_path}") do
+          ::File.open(ca_cert_path, "a") do |f|
+            f.puts "\nCert Bundle - #{new_resource.cert_name}"
+            f.puts "==========================="
+            f.puts new_resource.certificate
+          end
+        end
+      end
+
+      action_class do
+        #
+        # The path to the string on disk
+        #
+        # @return [String]
+        #
+        def ca_cert_path
+          return @ca_cert_path if @ca_cert_path
+
+          @ca_cert_path = ::File.join(hab_cacerts_pkg_path, "ssl", "certs", "cacert.pem")
+          Chef::Log.debug "Determined CA cert path: #{@ca_cert_path}"
+          @ca_cert_path
+        end
+
+        private
+
+        # The fully qualified ident of the cacerts package.
+        #
+        # @api private
+        #
+        def hab_cacerts_pkg_path
+          return @hab_cacerts_pkg_path if @hab_cacerts_pkg_path
+
+          # Find the current running version of chef to get THAT version's cacerts package.
+          current_chef_path = Chef::ResourceHelpers::PathHelpers.chef_client_hab_package_binary_path
+          current_hab_path = Chef::ResourceHelpers::PathHelpers.hab_executable_binary_path
+
+          # Extract package ident from path: /hab/pkgs/chef/chef-infra-client/VERSION/RELEASE/bin/chef-client
+          # or: C:\hab\pkgs\chef\chef-infra-client\VERSION\RELEASE\bin\chef-client.exe
+          # Result should be: chef/chef-infra-client/VERSION/RELEASE
+          package_ident = ::File.join(Pathname.new(current_chef_path).each_filename.to_a[2..5])
+
+          ca_pkg = shell_out("#{current_hab_path} pkg dependencies #{package_ident}")
+          if ca_pkg.error?
+            raise "Failed to determine CA Certs for the #{ChefUtils::Dist::Infra::PRODUCT}'s habitat package"
+          end
+
+          hab_cacerts_pkg = ca_pkg.stdout.scan(%r{core/cacerts.*$}).flatten.first
+
+          if hab_cacerts_pkg.nil?
+            raise "Unable to find 'core/cacerts' package in dependencies. Failed to determine CA Certs."
+          end
+
+          ca_path = shell_out("#{current_hab_path} pkg path #{hab_cacerts_pkg}")
+          if ca_path.error?
+            raise "Unable to find path for the 'core/cacerts' habitat package."
+          end
+
+          path = ca_path.stdout.lines.first
+
+          @hab_cacerts_pkg_path = path.strip
+          Chef::Log.debug "Determined cacerts package path: #{@hab_cacerts_pkg_path}"
+          @hab_cacerts_pkg_path
+        end # hab_cacerts_pkg_path
+
+        def cert_installed?(certificate)
+          chef_cacert_pem = ::File.read(ca_cert_path)
+          chef_cacert_pem.include?(certificate)
+        end
+
+      end # action_class
+    end
+  end
+end

data/lib/chef/resource/chef_client_launchd.rb

@@ -1,5 +1,5 @@
 #
-# Copyright:: Copyright (c) Chef Software Inc.
+# Copyright:: Copyright (c) 2009-2026 Progress Software Corporation and/or its subsidiaries or affiliates. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 require_relative "../resource"
 require "chef-utils/dist" unless defined?(ChefUtils::Dist)
+require_relative "helpers/path_helpers"
+
 class Chef
   class Resource
     class ChefClientLaunchd < Chef::Resource
@@ -43,6 +45,8 @@ class Chef
         ```
       DOC
 
+      extend Chef::ResourceHelpers::PathHelpers
+
       property :user, String,
         description: "The name of the user that #{ChefUtils::Dist::Infra::PRODUCT} runs as.",
         default: "root"
@@ -81,7 +85,7 @@ class Chef
 
       property :chef_binary_path, String,
         description: "The path to the #{ChefUtils::Dist::Infra::CLIENT} binary.",
-        default: "/opt/#{ChefUtils::Dist::Infra::DIR_SUFFIX}/bin/#{ChefUtils::Dist::Infra::CLIENT}"
+        default: lazy { Chef::ResourceHelpers::PathHelpers.chef_client_hab_binary_path }
 
       property :daemon_options, Array,
         description: "An array of options to pass to the #{ChefUtils::Dist::Infra::CLIENT} command.",