chef 18.3.0 → 18.4.12

Sign up to get free protection for your applications and to get access to all the features.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile +2 -1
  3. data/chef.gemspec +2 -2
  4. data/lib/chef/chef_fs/file_pattern.rb +1 -1
  5. data/lib/chef/chef_fs/path_utils.rb +7 -9
  6. data/lib/chef/cookbook/synchronizer.rb +2 -3
  7. data/lib/chef/delayed_evaluator.rb +4 -0
  8. data/lib/chef/file_access_control/windows.rb +4 -1
  9. data/lib/chef/guard_interpreter/resource_guard_interpreter.rb +2 -0
  10. data/lib/chef/mixin/homebrew_user.rb +6 -3
  11. data/lib/chef/monkey_patches/net-http.rb +5 -5
  12. data/lib/chef/node/attribute_collections.rb +2 -1
  13. data/lib/chef/node/immutable_collections.rb +2 -1
  14. data/lib/chef/node/mixin/state_tracking_array.rb +41 -0
  15. data/lib/chef/node.rb +23 -1
  16. data/lib/chef/provider/package/apt.rb +11 -2
  17. data/lib/chef/provider/package/chocolatey.rb +228 -24
  18. data/lib/chef/provider/package/zypper.rb +5 -0
  19. data/lib/chef/provider/powershell_script.rb +96 -6
  20. data/lib/chef/provider/service/systemd.rb +23 -8
  21. data/lib/chef/provider/service/windows.rb +1 -0
  22. data/lib/chef/provider/service.rb +14 -0
  23. data/lib/chef/provider/user.rb +5 -1
  24. data/lib/chef/recipe.rb +3 -11
  25. data/lib/chef/resource/_rest_resource.rb +1 -1
  26. data/lib/chef/resource/apt_package.rb +19 -0
  27. data/lib/chef/resource/apt_repository.rb +2 -1
  28. data/lib/chef/resource/chef_client_systemd_timer.rb +1 -1
  29. data/lib/chef/resource/chocolatey_installer.rb +207 -0
  30. data/lib/chef/resource/chocolatey_package.rb +8 -0
  31. data/lib/chef/resource/homebrew_package.rb +1 -1
  32. data/lib/chef/resource/locale.rb +5 -2
  33. data/lib/chef/resource/macos_pkg.rb +111 -0
  34. data/lib/chef/resource/powershell_script.rb +5 -1
  35. data/lib/chef/resource/service.rb +3 -0
  36. data/lib/chef/resource/sudo.rb +37 -2
  37. data/lib/chef/resource/support/ulimit.erb +40 -0
  38. data/lib/chef/resource/user_ulimit.rb +38 -0
  39. data/lib/chef/resources.rb +2 -0
  40. data/lib/chef/version.rb +1 -1
  41. data/spec/data/trusted_certs/example.crt +29 -20
  42. data/spec/data/trusted_certs/example_no_cn.crt +30 -34
  43. data/spec/functional/resource/chocolatey_package_spec.rb +2 -2
  44. data/spec/functional/resource/zypper_package_spec.rb +10 -0
  45. data/spec/unit/compliance/reporter/chef_server_automate_spec.rb +1 -1
  46. data/spec/unit/delayed_evaluator_spec.rb +35 -0
  47. data/spec/unit/node_spec.rb +6 -0
  48. data/spec/unit/provider/package/apt_spec.rb +18 -13
  49. data/spec/unit/provider/package/chocolatey_spec.rb +40 -12
  50. data/spec/unit/provider/powershell_script_spec.rb +100 -4
  51. data/spec/unit/provider/service/systemd_service_spec.rb +1 -0
  52. data/spec/unit/provider/user/linux_spec.rb +10 -0
  53. data/spec/unit/resource/chef_client_systemd_timer_spec.rb +1 -1
  54. data/spec/unit/resource/chocolatey_installer_spec.rb +151 -0
  55. data/spec/unit/resource/macos_pkg_spec.rb +38 -0
  56. data/spec/unit/resource/powershell_script_spec.rb +2 -2
  57. metadata +22 -10
@@ -52,6 +52,21 @@ class Chef
52
52
  options '--no-install-recommends'
53
53
  end
54
54
  ```
55
+
56
+ **Prevent the apt_package resource from installing packages with pattern matching names**:
57
+
58
+ By default, the apt_package resource will install the named package.
59
+ If it can't find a package with the exact same name, it will treat the package name as regular expression string and match with any package that matches that regular expression.
60
+ This may lead Chef Infra Client to install one or more packages with names that match that regular expression.
61
+
62
+ In this example, `anchor_package_regex true` prevents the apt_package resource from installing matching packages if it can't find the `lua5.3` package.
63
+
64
+ ```ruby
65
+ apt_package 'lua5.3' do
66
+ version '5.3.3-1.1ubuntu2'
67
+ anchor_package_regex true
68
+ end
69
+ ```
55
70
  DOC
56
71
 
57
72
  description "Use the **apt_package** resource to manage packages on Debian, Ubuntu, and other platforms that use the APT package system."
@@ -75,6 +90,10 @@ class Chef
75
90
  description: "A Hash of response file variables in the form of {'VARIABLE' => 'VALUE'}.",
76
91
  default: {}, desired_state: false
77
92
 
93
+ property :anchor_package_regex, [TrueClass, FalseClass],
94
+ introduced: "18.3",
95
+ description: "A Boolean flag that indicates whether the package name, which can be a regular expression, must match the entire name of the package (true) or if the regular expression is allowed to match a subset of the name (false).",
96
+ default: false
78
97
  end
79
98
  end
80
99
  end
@@ -99,6 +99,7 @@ class Chef
99
99
  ```
100
100
 
101
101
  **Add repository that needs custom options**:
102
+
102
103
  ```ruby
103
104
  apt_repository 'corretto' do
104
105
  uri 'https://apt.corretto.aws'
@@ -172,7 +173,7 @@ class Chef
172
173
  default: true, desired_state: false
173
174
 
174
175
  property :options, [String, Array],
175
- description: "Additional options to set for the repository",
176
+ description: "Additional options to set for the repository.",
176
177
  default: [], coerce: proc { |x| Array(x) }
177
178
 
178
179
  default_action :add
@@ -176,7 +176,7 @@ class Chef
176
176
  }
177
177
 
178
178
  unit["Service"]["ConditionACPower"] = "true" unless new_resource.run_on_battery
179
- unit["Service"]["CPUQuota"] = new_resource.cpu_quota if new_resource.cpu_quota
179
+ unit["Service"]["CPUQuota"] = "#{new_resource.cpu_quota}%" if new_resource.cpu_quota
180
180
  unit["Service"]["Environment"] = new_resource.environment.collect { |k, v| "\"#{k}=#{v}\"" } unless new_resource.environment.empty?
181
181
  unit
182
182
  end
@@ -0,0 +1,207 @@
1
+ class Chef
2
+ class Resource
3
+ class ChocolateyInstaller < Chef::Resource
4
+ provides :chocolatey_installer
5
+
6
+ description "Use the chocolatey_installer resource to ensure that Chocolatey itself is installed to your specification. Use the Chocolatey Feature resource to customize your install. Then use the Chocolatey Package resource to install packages on Windows via Chocolatey."
7
+ introduced "18.3"
8
+ examples <<~DOC
9
+ **Install Chocolatey**
10
+
11
+ ```ruby
12
+ chocolatey_installer 'latest' do
13
+ action :install
14
+ end
15
+ ```
16
+
17
+ **Uninstall Chocolatey**
18
+
19
+ ```ruby
20
+ chocolatey_installer 'Some random verbiage' do
21
+ action :uninstall
22
+ end
23
+ ```
24
+
25
+ **Install Chocolatey with Parameters**
26
+
27
+ ```ruby
28
+ chocolatey_installer 'latest' do
29
+ action :install
30
+ download_url "https://www.contoso.com/foo"
31
+ chocolatey_version '2.12.24'
32
+ end
33
+ ```
34
+
35
+ ```ruby
36
+ chocolatey_installer 'latest' do
37
+ action :install
38
+ download_url "c:\\foo\foo.nupkg"
39
+ chocolatey_version '2.12.24'
40
+ end
41
+ ```
42
+
43
+ **Upgrade Chocolatey with Parameters**
44
+
45
+ ```ruby
46
+ chocolatey_installer 'latest' do
47
+ action :upgrade
48
+ chocolatey_version '2.12.24'
49
+ end
50
+ ```
51
+ DOC
52
+
53
+ allowed_actions :install, :uninstall, :upgrade
54
+
55
+ property :download_url, String,
56
+ description: "The URL to download Chocolatey from. This sets the value of $env:ChocolateyDownloadUrl and causes the installer to choose an alternate download location. If this is not set, Chocolatey installs fall back to the official Chocolatey community repository to download Chocolatey from. It can also be used for offline installation by providing a path to a Chocolatey.nupkg."
57
+
58
+ property :chocolatey_version, String,
59
+ description: "Specifies a target version of Chocolatey to install. By default, the latest stable version is installed. This will use the value in $env:ChocolateyVersion by default, if that environment variable is present. This parameter is ignored if download_url is set."
60
+
61
+ property :use_native_unzip, [TrueClass, FalseClass], default: false,
62
+ description: "If set, uses built-in Windows decompression tools instead of 7zip when unpacking the downloaded nupkg. This will be set by default if use_native_unzip is set to a value other than 'false' or '0'. This parameter will be ignored in PS 5+ in favour of using the Expand-Archive built in PowerShell cmdlet directly."
63
+
64
+ property :ignore_proxy, [TrueClass, FalseClass], default: false,
65
+ description: "If set, ignores any configured proxy. This will override any proxy environment variables or parameters. This will be set by default if ignore_proxy is set to a value other than 'false' or '0'."
66
+
67
+ property :proxy_url, String,
68
+ description: "Specifies the proxy URL to use during the download."
69
+
70
+ property :proxy_user, String,
71
+ description: "The username to use to build a proxy credential with. Will be consumed by the proxy_credential property if both this property and proxy_password are set"
72
+
73
+ property :proxy_password, String,
74
+ description: "The password to use to build a proxy credential with. Will be consumed by the proxy_credential property if both this property and proxy_user are set"
75
+
76
+ load_current_value do
77
+ current_state = is_choco_installed?
78
+ current_value_does_not_exist! if current_state == false
79
+ current_state
80
+ end
81
+
82
+ def is_choco_installed?
83
+ ::File.exist?("#{ENV["ALLUSERSPROFILE"]}\\chocolatey\\bin\\choco.exe")
84
+ end
85
+
86
+ def get_choco_version
87
+ powershell_exec("choco --version").result
88
+ end
89
+
90
+ def existing_version
91
+ Gem::Version.new(get_choco_version)
92
+ end
93
+
94
+ def define_resource_requirements
95
+ requirements.assert(:install, :upgrade).each do |a|
96
+ a.assertion do
97
+ # This is an exclusive OR - XOR - we're trying to coax an error out if one, but not both,
98
+ # parameters are empty.
99
+ new_resource.proxy_user.nil? != new_resource.proxy_password.nil?
100
+ end
101
+ a.failure_message(Chef::Exceptions::ValidationFailed, "You must specify both a proxy_user and a proxy_password")
102
+ a.whyrun("Assuming that if you have configured a 'proxy_user' you must also supply a 'proxy_password'")
103
+ end
104
+ end
105
+
106
+ action :install, description: "Installs Chocolatey package manager" do
107
+ if new_resource.download_url
108
+ powershell_exec("Set-Item -path env:ChocolateyDownloadUrl -Value #{new_resource.download_url}")
109
+ end
110
+
111
+ if new_resource.chocolatey_version
112
+ powershell_exec("Set-Item -path env:ChocolateyVersion -Value #{new_resource.chocolatey_version}")
113
+ end
114
+
115
+ if new_resource.use_native_unzip
116
+ powershell_exec("Set-Item -path env:ChocolateyUseWindowsCompression -Value true")
117
+ end
118
+
119
+ if new_resource.ignore_proxy
120
+ powershell_exec("Set-Item -path env:ChocolateyIgnoreProxy -Value true")
121
+ end
122
+
123
+ if new_resource.proxy_url
124
+ powershell_exec("Set-Item -path env:ChocolateyProxyLocation -Value #{new_resource.proxy_url}")
125
+ end
126
+
127
+ if new_resource.proxy_user && new_resource.proxy_password
128
+ powershell_exec("Set-Item -path env:ChocolateyProxyUser -Value #{new_resource.proxy_user}; Set-Item -path env:ChocolateyProxyPassword -Value #{new_resource.proxy_password}")
129
+ end
130
+
131
+ # note that Invoke-Expression is being called on the downloaded script (outer parens),
132
+ # not triggering the script download (inner parens)
133
+ converge_if_changed do
134
+ powershell_exec("Invoke-Expression ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))").error!
135
+ end
136
+ end
137
+
138
+ action :upgrade, description: "Upgrades the Chocolatey package manager" do
139
+ if new_resource.chocolatey_version
140
+ proposed_version = Gem::Version.new(new_resource.chocolatey_version)
141
+ else
142
+ proposed_version = nil
143
+ end
144
+
145
+ if new_resource.download_url
146
+ powershell_exec("Set-Item -path env:ChocolateyDownloadUrl -Value #{new_resource.download_url}")
147
+ end
148
+
149
+ if new_resource.chocolatey_version
150
+ powershell_exec("Set-Item -path env:ChocolateyVersion -Value #{new_resource.chocolatey_version}")
151
+ end
152
+
153
+ if new_resource.use_native_unzip
154
+ powershell_exec("Set-Item -path env:ChocolateyUseWindowsCompression -Value true")
155
+ end
156
+
157
+ if new_resource.ignore_proxy
158
+ powershell_exec("Set-Item -path env:ChocolateyIgnoreProxy -Value true")
159
+ end
160
+
161
+ if new_resource.proxy_url
162
+ powershell_exec("Set-Item -path env:ChocolateyProxyLocation -Value #{new_resource.proxy_url}")
163
+ end
164
+
165
+ if new_resource.proxy_user && new_resource.proxy_password
166
+ powershell_exec("Set-Item -path env:ChocolateyProxyUser -Value #{new_resource.proxy_user}; Set-Item -path env:ChocolateyProxyPassword -Value #{new_resource.proxy_password}")
167
+ end
168
+
169
+ if proposed_version && existing_version < proposed_version
170
+ powershell_exec("Set-Item -path env:ChocolateyVersion -Value #{proposed_version}")
171
+ else
172
+ powershell_exec("Remove-Item -path env:ChocolateyVersion")
173
+ end
174
+
175
+ converge_by("upgrade choco version") do
176
+ powershell_exec("choco upgrade Chocolatey -y").result
177
+ end
178
+ end
179
+
180
+ action :uninstall, description: "Uninstall Chocolatey package manager" do
181
+ path = "c:\\programdata\\chocolatey\\bin"
182
+ if File.exists?(path)
183
+ converge_by("Uninstall Choco") do
184
+ powershell_code = <<~CODE
185
+ Remove-Item $env:ALLUSERSPROFILE\\chocolatey -Recurse -Force
186
+ [Environment]::SetEnvironmentVariable("ChocolateyLastPathUpdate", $null ,"User")
187
+ [Environment]::SetEnvironmentVariable("ChocolateyToolsLocation", $null ,"User")
188
+ [Environment]::SetEnvironmentVariable("ChocolateyInstall", $null ,"Machine")
189
+ $path = [System.Environment]::GetEnvironmentVariable(
190
+ 'PATH',
191
+ 'Machine'
192
+ )
193
+ $path = ($path.Split(';') | Where-Object { $_ -ne "#{path}" }) -join ";"
194
+ [System.Environment]::SetEnvironmentVariable(
195
+ 'PATH',
196
+ $path,
197
+ 'Machine'
198
+ )
199
+ CODE
200
+ powershell_exec(powershell_code).error!
201
+ end
202
+ end
203
+ Chef::Log.warn("Chocolatey is already uninstalled.")
204
+ end
205
+ end
206
+ end
207
+ end
@@ -67,6 +67,14 @@ class Chef
67
67
  description: "The name of the package. Default value: the name of the resource block.",
68
68
  coerce: proc { |x| [x].flatten }
69
69
 
70
+ property :bulk_query, [TrueClass, FalseClass],
71
+ description: "Bulk query the chocolatey server? This will cause the provider to list all packages instead of doing individual queries.",
72
+ default: false
73
+
74
+ property :use_choco_list, [TrueClass, FalseClass],
75
+ description: "Use choco list for getting the locally installed packages, rather than reading the nupkg database directly? This defaults to false, since reading the package data is faster.",
76
+ default: false
77
+
70
78
  property :version, [String, Array],
71
79
  description: "The version of a package to be installed or upgraded.",
72
80
  coerce: proc { |x| [x].flatten }
@@ -63,7 +63,7 @@ class Chef
63
63
  allowed_actions :install, :upgrade, :remove, :purge
64
64
 
65
65
  property :homebrew_user, [ String, Integer ],
66
- description: "The name or uid of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command.\n\n#{ChefUtils::Dist::Infra::PRODUCT}, by default, will attempt to execute a Homebrew command as the owner of the `/usr/local/bin/brew` executable on x86_64 machines or `/opt/homebrew/bin/brew` executable on arm64 machines. If that executable does not exist, #{ChefUtils::Dist::Infra::PRODUCT} will attempt to find the user by executing `which brew`. If that executable cannot be found, #{ChefUtils::Dist::Infra::PRODUCT} will print an error message: `Could not find the 'brew' executable in /usr/local/bin, /opt/homebrew/bin, or anywhere on the path.`.\n\nSet this property to specify the Homebrew owner for situations where Chef Infra Client cannot automatically detect the correct owner.'"
66
+ description: "The name or UID of the Homebrew owner to be used by #{ChefUtils::Dist::Infra::PRODUCT} when executing a command.\n\n#{ChefUtils::Dist::Infra::PRODUCT}, by default, will attempt to execute a Homebrew command as the owner of the `/usr/local/bin/brew` executable on x86_64 machines or `/opt/homebrew/bin/brew` executable on arm64 machines. If that executable doesn't exist, #{ChefUtils::Dist::Infra::PRODUCT} will attempt to find the user by executing `which brew`. If that executable can't be found, #{ChefUtils::Dist::Infra::PRODUCT} will print an error message: `Couldn't find the 'brew' executable anywhere on the path.`.\n\nSet this property to specify the Homebrew owner for situations where Chef Infra Client cannot automatically detect the correct owner.'"
67
67
 
68
68
  end
69
69
  end
@@ -112,8 +112,11 @@ class Chef
112
112
  end
113
113
 
114
114
  requirements.assert(:all_actions) do |a|
115
- # RHEL/CentOS type platforms don't have locale-gen
116
- a.assertion { which("locale-gen") }
115
+ a.assertion do
116
+ # RHEL/CentOS type platforms don't have locale-gen
117
+ # Windows has locale-gen as part of the install, but not in the path
118
+ which("locale-gen") || windows?
119
+ end
117
120
  a.failure_message(Chef::Exceptions::ProviderNotFound, "The locale resource requires the locale-gen tool")
118
121
  end
119
122
  end
@@ -0,0 +1,111 @@
1
+ #
2
+ # Author:: Joshua Timberman (<jtimberman@chef.io>)
3
+ # Author:: William Theaker (<william.theaker+chef@gusto.com>)
4
+ # Copyright:: Copyright (c) Chef Software Inc.
5
+ #
6
+ # Licensed under the Apache License, Version 2.0 (the "License");
7
+ # you may not use this file except in compliance with the License.
8
+ # You may obtain a copy of the License at
9
+ #
10
+ # http://www.apache.org/licenses/LICENSE-2.0
11
+ #
12
+ # Unless required by applicable law or agreed to in writing, software
13
+ # distributed under the License is distributed on an "AS IS" BASIS,
14
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15
+ # See the License for the specific language governing permissions and
16
+ # limitations under the License.
17
+ #
18
+
19
+ require_relative "../resource"
20
+
21
+ class Chef
22
+ class Resource
23
+ class MacosPkg < Chef::Resource
24
+ provides(:macos_pkg) { true }
25
+
26
+ description "Use the **macos_pkg** resource to install a macOS `.pkg` file, optionally downloading it from a remote source. A `package_id` property must be provided for idempotency. Either a `file` or `source` property is required."
27
+ introduced "18.1"
28
+ examples <<~DOC
29
+ **Install osquery**:
30
+
31
+ ```ruby
32
+ macos_pkg 'osquery' do
33
+ checksum '1fea8ac9b603851d2e76c5fc73138a468a3075a3002c8cb1fd7fff53b889c4dd'
34
+ package_id 'io.osquery.agent'
35
+ source 'https://pkg.osquery.io/darwin/osquery-5.8.2.pkg'
36
+ action :install
37
+ end
38
+ ```
39
+ DOC
40
+
41
+ allowed_actions :install
42
+ default_action :install
43
+
44
+ property :checksum, String,
45
+ description: "The sha256 checksum of the `.pkg` file to download."
46
+
47
+ property :file, String,
48
+ description: "The absolute path to the `.pkg` file on the local system."
49
+
50
+ property :headers, Hash,
51
+ description: "Allows custom HTTP headers (like cookies) to be set on the `remote_file` resource.",
52
+ desired_state: false
53
+
54
+ property :package_id, String,
55
+ description: "The package ID registered with `pkgutil` when a `pkg` or `mpkg` is installed.",
56
+ required: true
57
+
58
+ property :source, String,
59
+ description: "The remote URL used to download the `.pkg` file."
60
+
61
+ property :target, String,
62
+ description: "The device to install the package on.",
63
+ default: "/"
64
+
65
+ load_current_value do |new_resource|
66
+ if shell_out("pkgutil --pkg-info '#{new_resource.package_id}'").exitstatus == 0
67
+ Chef::Log.debug "#{new_resource.package_id} is already installed. To upgrade, try \"sudo pkgutil --forget '#{new_resource.package_id}'\""
68
+ else
69
+ current_value_does_not_exist!
70
+ end
71
+ end
72
+
73
+ action :install, description: "Installs the pkg." do
74
+ if new_resource.source.nil? && new_resource.file.nil?
75
+ raise "Must provide either a file or source property for macos_pkg resources."
76
+ end
77
+
78
+ if current_resource.nil?
79
+ if new_resource.source
80
+ remote_file pkg_file do
81
+ source new_resource.source
82
+ headers new_resource.headers if new_resource.headers
83
+ checksum new_resource.checksum if new_resource.checksum
84
+ end
85
+ end
86
+
87
+ converge_by "install #{pkg_file}" do
88
+ install_cmd = "installer -pkg #{pkg_file} -target #{new_resource.target}"
89
+
90
+ execute install_cmd do
91
+ action :run
92
+ end
93
+ end
94
+ end
95
+ end
96
+
97
+ action_class do
98
+ # @return [String] the path to the pkg file
99
+ def pkg_file
100
+ @pkg_file ||= if new_resource.file.nil?
101
+ uri = URI.parse(new_resource.source)
102
+ filename = ::File.basename(uri.path)
103
+ "#{Chef::Config[:file_cache_path]}/#{filename}"
104
+ else
105
+ new_resource.file
106
+ end
107
+ end
108
+ end
109
+ end
110
+ end
111
+ end
@@ -21,7 +21,7 @@ class Chef
21
21
  class Resource
22
22
  class PowershellScript < Chef::Resource::WindowsScript
23
23
 
24
- set_guard_inherited_attributes(:interpreter)
24
+ set_guard_inherited_attributes(:interpreter, :use_inline_powershell)
25
25
 
26
26
  provides :powershell_script, os: "windows"
27
27
 
@@ -39,6 +39,10 @@ class Chef
39
39
  equal_to: %w{powershell pwsh},
40
40
  description: "The interpreter type, `powershell` or `pwsh` (PowerShell Core)"
41
41
 
42
+ property :use_inline_powershell, [true, false],
43
+ default: false,
44
+ description: "Use inline powershell.dll rather than shelling out - this is faster, but could have different semantics to the traditional method. In particular, it does not allow for streaming output, nor does it allow for passing custom parameters to the interpreter"
45
+
42
46
  property :convert_boolean_return, [true, false],
43
47
  default: false,
44
48
  description: <<~DESC
@@ -93,6 +93,9 @@ class Chef
93
93
  # if the service is masked or not
94
94
  property :masked, [ TrueClass, FalseClass ], skip_docs: true
95
95
 
96
+ # if the service is static or not
97
+ property :static, [ TrueClass, FalseClass ], skip_docs: true
98
+
96
99
  # if the service is indirect or not
97
100
  property :indirect, [ TrueClass, FalseClass ], skip_docs: true
98
101
 
@@ -59,6 +59,41 @@ class Chef
59
59
  nopasswd true
60
60
  end
61
61
  ```
62
+
63
+ **Create command aliases and assign them to a group**
64
+
65
+ ```ruby
66
+ sudo 'webteam' do
67
+ command_aliases [
68
+ {
69
+ 'name': 'WEBTEAM_SYSTEMD_JBOSS',
70
+ 'command_list': [
71
+ '/usr/bin/systemctl start eap7-standalone.service',
72
+ '/usr/bin/systemctl start jbcs-httpd24-httpd.service', \
73
+ '/usr/bin/systemctl stop eap7-standalone.service', \
74
+ '/usr/bin/systemctl stop jbcs-httpd24-httpd.service', \
75
+ '/usr/bin/systemctl restart eap7-standalone.service', \
76
+ '/usr/bin/systemctl restart jbcs-httpd24-httpd.service', \
77
+ '/usr/bin/systemctl --full edit eap7-standalone.service', \
78
+ '/usr/bin/systemctl --full edit jbcs-httpd24-httpd.service', \
79
+ '/usr/bin/systemctl daemon-reload',
80
+ ]
81
+ },
82
+ {
83
+ 'name': 'GENERIC_SYSTEMD',
84
+ 'command_list': [
85
+ '/usr/sbin/systemctl list-unit-files',
86
+ '/usr/sbin/systemctl list-timers', \
87
+ '/usr/sbin/systemctl is-active *', \
88
+ '/usr/sbin/systemctl is-enabled *',
89
+ ]
90
+ }
91
+ ]
92
+ nopasswd true
93
+ users '%webteam'
94
+ commands [ 'WEBTEAM_SYSTEMD_JBOSS', 'GENERIC_SYSTEMD' ]
95
+ end
96
+ ```
62
97
  DOC
63
98
 
64
99
  # According to the sudo man pages sudo will ignore files in an include dir that have a `.` or `~`
@@ -79,7 +114,7 @@ class Chef
79
114
  coerce: proc { |x| coerce_groups(x) }
80
115
 
81
116
  property :commands, Array,
82
- description: "An array of full paths to commands this sudoer can execute.",
117
+ description: "An array of full paths to commands and/or command aliases this sudoer can execute.",
83
118
  default: ["ALL"]
84
119
 
85
120
  property :host, String,
@@ -110,7 +145,7 @@ class Chef
110
145
  default: []
111
146
 
112
147
  property :command_aliases, Array,
113
- description: "Command aliases that can be used as allowed commands later in the configuration.",
148
+ description: "Command aliases that can be used as allowed commands later in the configuration. The object represents an array of hashes in the following format: `[{'name':'ALIAS1','command_list': [ 'command1', 'command2' ] }, {'name':'Alias2','command_list: [ 'command3', 'command4 arg1 arg2' ]}]`",
114
149
  default: []
115
150
 
116
151
  property :setenv, [TrueClass, FalseClass],
@@ -2,6 +2,18 @@
2
2
 
3
3
  # Limits settings for <%= @ulimit_user %>
4
4
 
5
+ <% unless @as_limit.nil? -%>
6
+ <%= @ulimit_user -%> - as <%= @as_limit %>
7
+ <% else -%><% unless @as_soft_limit.nil? -%><%= @ulimit_user -%> soft as <%= @as_soft_limit %><% end -%>
8
+ <% unless @as_hard_limit.nil? -%><%= @ulimit_user -%> hard as <%= @as_hard_limit %><% end -%>
9
+ <% end -%>
10
+
11
+ <% unless @cpu_limit.nil? -%>
12
+ <%= @ulimit_user -%> - cpu <%= @cpu_limit %>
13
+ <% else -%><% unless @cpu_soft_limit.nil? -%><%= @ulimit_user -%> soft cpu <%= @cpu_soft_limit %><% end -%>
14
+ <% unless @cpu_hard_limit.nil? -%><%= @ulimit_user -%> hard cpu <%= @cpu_hard_limit %><% end -%>
15
+ <% end -%>
16
+
5
17
  <% unless @filehandle_limit.nil? -%>
6
18
  <%= @ulimit_user -%> - nofile <%= @filehandle_limit %>
7
19
  <% else -%><% unless @filehandle_soft_limit.nil? -%><%= @ulimit_user -%> soft nofile <%= @filehandle_soft_limit %><% end -%>
@@ -14,22 +26,50 @@
14
26
  <% unless @process_hard_limit.nil? -%><%= @ulimit_user -%> hard nproc <%= @process_hard_limit %><% end -%>
15
27
  <% end -%>
16
28
 
29
+ <% unless @locks_limit.nil? -%>
30
+ <%= @ulimit_user -%> - locks <%= @locks_limit %>
31
+ <% end -%>
32
+
17
33
  <% unless @memory_limit.nil? -%>
18
34
  <%= @ulimit_user -%> - memlock <%= @memory_limit %>
19
35
  <% end -%>
20
36
 
37
+ <% unless @maxlogins_limit.nil? -%>
38
+ <%= @ulimit_user -%> - maxlogins <%= @maxlogins_limit %>
39
+ <% else -%><% unless @maxlogins_soft_limit.nil? -%><%= @ulimit_user -%> soft maxlogins <%= @maxlogins_soft_limit %><% end -%>
40
+ <% unless @maxlogins_hard_limit.nil? -%><%= @ulimit_user -%> hard maxlogins <%= @maxlogins_hard_limit %><% end -%>
41
+ <% end -%>
42
+
43
+ <% unless @msgqueue_limit.nil? -%>
44
+ <%= @ulimit_user -%> - msgqueue <%= @msgqueue_limit %>
45
+ <% else -%><% unless @msgqueue_soft_limit.nil? -%><%= @ulimit_user -%> soft msgqueue <%= @msgqueue_soft_limit %><% end -%>
46
+ <% unless @msgqueue_hard_limit.nil? -%><%= @ulimit_user -%> hard msgqueue <%= @msgqueue_hard_limit %><% end -%>
47
+ <% end -%>
48
+
21
49
  <% unless @core_limit.nil? -%>
22
50
  <%= @ulimit_user -%> - core <%= @core_limit %>
23
51
  <% else -%><% unless @core_soft_limit.nil? -%><%= @ulimit_user -%> soft core <%= @core_soft_limit %><% end -%>
24
52
  <% unless @core_hard_limit.nil? -%><%= @ulimit_user -%> hard core <%= @core_hard_limit %><% end -%>
25
53
  <% end -%>
26
54
 
55
+ <% unless @sigpending_limit.nil? -%>
56
+ <%= @ulimit_user -%> - sigpending <%= @sigpending_limit %>
57
+ <% else -%><% unless @sigpending_soft_limit.nil? -%><%= @ulimit_user -%> soft sigpending <%= @sigpending_soft_limit %><% end -%>
58
+ <% unless @sigpending_hard_limit.nil? -%><%= @ulimit_user -%> hard sigpending <%= @sigpending_hard_limit %><% end -%>
59
+ <% end -%>
60
+
27
61
  <% unless @stack_limit.nil? -%>
28
62
  <%= @ulimit_user -%> - stack <%= @stack_limit %>
29
63
  <% else -%><% unless @stack_soft_limit.nil? -%><%= @ulimit_user -%> soft stack <%= @stack_soft_limit %><% end -%>
30
64
  <% unless @stack_hard_limit.nil? -%><%= @ulimit_user -%> hard stack <%= @stack_hard_limit %><% end -%>
31
65
  <% end -%>
32
66
 
67
+ <% unless @rss_limit.nil? -%>
68
+ <%= @ulimit_user -%> - rss <%= @rss_limit %>
69
+ <% else -%><% unless @rss_soft_limit.nil? -%><%= @ulimit_user -%> soft rss <%= @rss_soft_limit %><% end -%>
70
+ <% unless @rss_hard_limit.nil? -%><%= @ulimit_user -%> hard rss <%= @rss_hard_limit %><% end -%>
71
+ <% end -%>
72
+
33
73
  <% unless @rtprio_limit.nil? -%>
34
74
  <%= @ulimit_user -%> - rtprio <%= @rtprio_limit %>
35
75
  <% else -%><% unless @rtprio_soft_limit.nil? -%><%= @ulimit_user -%> soft rtprio <%= @rtprio_soft_limit %><% end -%>
@@ -56,19 +56,38 @@ class Chef
56
56
  DOC
57
57
 
58
58
  property :username, String, name_property: true
59
+ property :as_limit, [String, Integer]
60
+ property :as_soft_limit, [String, Integer]
61
+ property :as_hard_limit, [String, Integer]
59
62
  property :filehandle_limit, [String, Integer]
60
63
  property :filehandle_soft_limit, [String, Integer]
61
64
  property :filehandle_hard_limit, [String, Integer]
62
65
  property :process_limit, [String, Integer]
63
66
  property :process_soft_limit, [String, Integer]
64
67
  property :process_hard_limit, [String, Integer]
68
+ property :locks_limit, [String, Integer]
65
69
  property :memory_limit, [String, Integer]
70
+ property :maxlogins_limit, [String, Integer]
71
+ property :maxlogins_soft_limit, [String, Integer]
72
+ property :maxlogins_hard_limit, [String, Integer]
73
+ property :msgqueue_limit, [String, Integer]
74
+ property :msgqueue_soft_limit, [String, Integer]
75
+ property :msgqueue_hard_limit, [String, Integer]
66
76
  property :core_limit, [String, Integer]
67
77
  property :core_soft_limit, [String, Integer]
68
78
  property :core_hard_limit, [String, Integer]
79
+ property :cpu_limit, [String, Integer]
80
+ property :cpu_soft_limit, [String, Integer]
81
+ property :cpu_hard_limit, [String, Integer]
82
+ property :sigpending_limit, [String, Integer]
83
+ property :sigpending_soft_limit, [String, Integer]
84
+ property :sigpending_hard_limit, [String, Integer]
69
85
  property :stack_limit, [String, Integer]
70
86
  property :stack_soft_limit, [String, Integer]
71
87
  property :stack_hard_limit, [String, Integer]
88
+ property :rss_limit, [String, Integer]
89
+ property :rss_soft_limit, [String, Integer]
90
+ property :rss_hard_limit, [String, Integer]
72
91
  property :rtprio_limit, [String, Integer]
73
92
  property :rtprio_soft_limit, [String, Integer]
74
93
  property :rtprio_hard_limit, [String, Integer]
@@ -85,19 +104,38 @@ class Chef
85
104
  sensitive new_resource.sensitive
86
105
  variables(
87
106
  ulimit_user: new_resource.username,
107
+ as_limit: new_resource.as_limit,
108
+ as_soft_limit: new_resource.as_soft_limit,
109
+ as_hard_limit: new_resource.as_hard_limit,
88
110
  filehandle_limit: new_resource.filehandle_limit,
89
111
  filehandle_soft_limit: new_resource.filehandle_soft_limit,
90
112
  filehandle_hard_limit: new_resource.filehandle_hard_limit,
91
113
  process_limit: new_resource.process_limit,
92
114
  process_soft_limit: new_resource.process_soft_limit,
93
115
  process_hard_limit: new_resource.process_hard_limit,
116
+ locks_limit: new_resource.locks_limit,
94
117
  memory_limit: new_resource.memory_limit,
118
+ maxlogins_limit: new_resource.maxlogins_limit,
119
+ maxlogins_soft_limit: new_resource.maxlogins_soft_limit,
120
+ maxlogins_hard_limit: new_resource.maxlogins_hard_limit,
121
+ msgqueue_limit: new_resource.msgqueue_limit,
122
+ msgqueue_soft_limit: new_resource.msgqueue_soft_limit,
123
+ msgqueue_hard_limit: new_resource.msgqueue_hard_limit,
95
124
  core_limit: new_resource.core_limit,
96
125
  core_soft_limit: new_resource.core_soft_limit,
97
126
  core_hard_limit: new_resource.core_hard_limit,
127
+ cpu_limit: new_resource.cpu_limit,
128
+ cpu_soft_limit: new_resource.cpu_soft_limit,
129
+ cpu_hard_limit: new_resource.cpu_hard_limit,
130
+ sigpending_limit: new_resource.sigpending_limit,
131
+ sigpending_soft_limit: new_resource.sigpending_soft_limit,
132
+ sigpending_hard_limit: new_resource.sigpending_hard_limit,
98
133
  stack_limit: new_resource.stack_limit,
99
134
  stack_soft_limit: new_resource.stack_soft_limit,
100
135
  stack_hard_limit: new_resource.stack_hard_limit,
136
+ rss_limit: new_resource.rss_limit,
137
+ rss_soft_limit: new_resource.rss_soft_limit,
138
+ rss_hard_limit: new_resource.rss_hard_limit,
101
139
  rtprio_limit: new_resource.rtprio_limit,
102
140
  rtprio_soft_limit: new_resource.rtprio_soft_limit,
103
141
  rtprio_hard_limit: new_resource.rtprio_hard_limit,