chef 18.4.12 → 18.5.0

data/lib/chef/provider/user/linux.rb

@@ -20,14 +20,19 @@ class Chef
   class Provider
     class User
       class Linux < Chef::Provider::User
-        provides :linux_user
-        provides :user, os: "linux"
+        provides :linux_user, target_mode: true
+        provides :user, os: "linux", target_mode: true
 
         def load_current_resource
           super
           load_shadow_options
         end
 
+        def supports_ruby_shadow?
+          # For target mode, ruby-shadow is redirected to a file-based implementation
+          true unless ChefConfig::Config.target_mode?
+        end
+
         def compare_user
           user_changed = super
 

data/lib/chef/provider/user/pw.rb

@@ -22,12 +22,12 @@ class Chef
   class Provider
     class User
       class Pw < Chef::Provider::User
-        provides :pw_user
-        provides :user, os: "freebsd"
+        provides :pw_user, target_mode: true
+        provides :user, os: "freebsd", target_mode: true
 
         def load_current_resource
           super
-          raise Chef::Exceptions::User, "Could not find binary /usr/sbin/pw for #{new_resource}" unless ::File.exist?("/usr/sbin/pw")
+          raise Chef::Exceptions::User, "Could not find binary /usr/sbin/pw for #{new_resource}" unless ::TargetIO::File.exist?("/usr/sbin/pw")
         end
 
         def create_user

data/lib/chef/provider/user/solaris.rb

@@ -24,8 +24,8 @@ class Chef
   class Provider
     class User
       class Solaris < Chef::Provider::User
-        provides :solaris_user
-        provides :user, os: %w{openindiana illumos omnios solaris2 smartos}
+        provides :solaris_user, target_mode: true
+        provides :user, os: %w{openindiana illumos omnios solaris2 smartos}, target_mode: true
 
         PASSWORD_FILE = "/etc/shadow".freeze
 
@@ -46,7 +46,7 @@ class Chef
         end
 
         def check_lock
-          user = IO.read(PASSWORD_FILE).match(/^#{Regexp.escape(new_resource.username)}:([^:]*):/)
+          user = TargetIO::IO.read(PASSWORD_FILE).match(/^#{Regexp.escape(new_resource.username)}:([^:]*):/)
 
           # If we're in whyrun mode, and the user is not created, we assume it will be
           return false if whyrun_mode? && user.nil?
@@ -122,7 +122,7 @@ class Chef
         # a pipe to passwd(1) or evaluating modern ruby-shadow.  See https://github.com/chef/chef/pull/721
         def write_shadow_file
           buffer = Tempfile.new("shadow", "/etc")
-          ::File.open(PASSWORD_FILE) do |shadow_file|
+          ::TargetIO::File.open(PASSWORD_FILE) do |shadow_file|
             shadow_file.each do |entry|
               user = entry.split(":").first
               if user == new_resource.username
@@ -140,10 +140,10 @@ class Chef
           uid  = s.uid
           gid  = s.gid
 
-          FileUtils.chown uid, gid, buffer.path
-          FileUtils.chmod mode, buffer.path
+          TargetIO::FileUtils.chown uid, gid, buffer.path
+          TargetIO::FileUtils.chmod mode, buffer.path
 
-          FileUtils.mv buffer.path, PASSWORD_FILE
+          TargetIO::FileUtils.mv buffer.path, PASSWORD_FILE
         end
 
         def updated_password(entry)

data/lib/chef/provider/user.rb

@@ -36,7 +36,7 @@ class Chef
 
       def convert_group_name
         if new_resource.gid.is_a?(String) && new_resource.gid.to_i == 0
-          new_resource.gid(Etc.getgrnam(new_resource.gid).gid)
+          new_resource.gid(TargetIO::Etc.getgrnam(new_resource.gid).gid)
         end
       rescue ArgumentError
         @group_name_resolved = false
@@ -47,7 +47,7 @@ class Chef
         current_resource.username(new_resource.username)
 
         begin
-          user_info = Etc.getpwnam(new_resource.username)
+          user_info = TargetIO::Etc.getpwnam(new_resource.username)
         rescue ArgumentError
           @user_exists = false
           logger.trace("#{new_resource} user does not exist")
@@ -68,10 +68,13 @@ class Chef
 
           begin
             require "shadow"
+
+            # Cannot use this library remotely
+            @shadow_lib_ok = false if ChefConfig::Config.target_mode?
           rescue LoadError
             @shadow_lib_ok = false
           else
-            @shadow_info = Shadow::Passwd.getspnam(new_resource.username)
+            @shadow_info = TargetIO::Shadow::Passwd.getspnam(new_resource.username)
             # This conditional remains in place until we can sort out whether we need it.
             # Currently removing it causes tests to fail, but that /seems/ to be mocking/setup issues.
             # Some notes for context:
@@ -153,11 +156,7 @@ class Chef
           new_val = new_resource.send(user_attrib)
           cur_val = current_resource.send(user_attrib)
           if !new_val.nil? && new_val.to_s != cur_val.to_s
-            if user_attrib.to_s == "password" && new_resource.sensitive
-              @change_desc << "change #{user_attrib} from ******** to ********"
-            else
-              @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
-            end
+            @change_desc << "change #{user_attrib} from #{cur_val} to #{new_val}"
           end
         end
 

data/lib/chef/provider/yum_repository.rb

@@ -25,9 +25,7 @@ class Chef
     class YumRepository < Chef::Provider
       extend Chef::Mixin::Which
 
-      provides :yum_repository do
-        which "yum"
-      end
+      provides(:yum_repository, target_mode: true) { which "yum" }
 
       def load_current_resource; end
 

data/lib/chef/provider/zypper_repository.rb

@@ -25,7 +25,7 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Provider
     class ZypperRepository < Chef::Provider
-      provides :zypper_repository, platform_family: "suse"
+      provides :zypper_repository, platform_family: "suse", target_mode: true
 
       def load_current_resource; end
 

data/lib/chef/providers.rb

@@ -74,6 +74,7 @@ require_relative "provider/package/cab"
 require_relative "provider/package/powershell"
 require_relative "provider/package/msu"
 require_relative "provider/package/snap"
+require_relative "provider/package/snap_tm"
 require_relative "provider/package/habitat"
 
 require_relative "provider/service/arch"

data/lib/chef/resource/alternatives.rb

@@ -23,7 +23,7 @@ class Chef
   class Resource
     class Alternatives < Chef::Resource
 
-      provides(:alternatives) { true }
+      provides(:alternatives, target_mode: true) { true }
 
       description "Use the **alternatives** resource to configure command alternatives in Linux using the alternatives or update-alternatives packages."
       introduced "16.0"
@@ -113,7 +113,7 @@ class Chef
 
         requirements.assert(:install, :set, :remove) do |a|
           a.assertion do
-            ::File.exist?(new_resource.path)
+            ::TargetIO::File.exist?(new_resource.path)
           end
 
           a.whyrun("Assuming file #{new_resource.path} already exists or was created already")

data/lib/chef/resource/apt_preference.rb

@@ -22,7 +22,7 @@ class Chef
   class Resource
     class AptPreference < Chef::Resource
 
-      provides(:apt_preference) { true }
+      provides(:apt_preference, target_mode: true) { true }
 
       description "Use the **apt_preference** resource to create APT [preference files](https://wiki.debian.org/AptPreferences). Preference files are used to control which package versions and sources are prioritized during installation."
       introduced "13.3"

data/lib/chef/resource/apt_repository.rb

@@ -17,7 +17,6 @@
 #
 
 require_relative "../resource"
-require_relative "../http/simple"
 require "tmpdir" unless defined?(Dir.mktmpdir)
 module Addressable
   autoload :URI, "addressable/uri"
@@ -27,7 +26,7 @@ class Chef
   class Resource
     class AptRepository < Chef::Resource
 
-      provides(:apt_repository) { true }
+      provides(:apt_repository, target_mode: true) { true }
 
       description "Use the **apt_repository** resource to specify additional APT repositories. Adding a new repository will update the APT package cache immediately."
       introduced "12.9"
@@ -99,7 +98,6 @@ class Chef
         ```
 
         **Add repository that needs custom options**:
-
         ```ruby
         apt_repository 'corretto' do
           uri          'https://apt.corretto.aws'
@@ -173,7 +171,7 @@ class Chef
         default: true, desired_state: false
 
       property :options, [String, Array],
-        description: "Additional options to set for the repository.",
+        description: "Additional options to set for the repository",
         default: [], coerce: proc { |x| Array(x) }
 
       default_action :add
@@ -289,8 +287,8 @@ class Chef
         def install_key_from_uri(key)
           key_name = key.gsub(/[^0-9A-Za-z\-]/, "_")
           cached_keyfile = ::File.join(Chef::Config[:file_cache_path], key_name)
-          tmp_dir = Dir.mktmpdir(".gpg")
-          at_exit { FileUtils.remove_entry(tmp_dir) }
+          tmp_dir = TargetIO::Dir.mktmpdir(".gpg")
+          at_exit { TargetIO::FileUtils.remove_entry(tmp_dir) }
 
           declare_resource(key_type(key), cached_keyfile) do
             source key
@@ -360,7 +358,7 @@ class Chef
         # @return [void]
         def install_ppa_key(owner, repo)
           url = "https://launchpad.net/api/1.0/~#{owner}/+archive/#{repo}"
-          key_id = Chef::HTTP::Simple.new(url).get("signing_key_fingerprint").delete('"')
+          key_id = TargetIO::HTTP.new(url).get("signing_key_fingerprint").delete('"')
           install_key_from_keyserver(key_id, "keyserver.ubuntu.com")
         rescue Net::HTTPClientException => e
           raise "Could not access Launchpad ppa API: #{e.message}"
@@ -434,7 +432,7 @@ class Chef
         # @return [void]
         def cleanup_legacy_file!
           legacy_path = "/etc/apt/sources.list.d/#{new_resource.name}.list"
-          if new_resource.name != new_resource.repo_name && ::File.exist?(legacy_path)
+          if new_resource.name != new_resource.repo_name && ::TargetIO::File.exist?(legacy_path)
             converge_by "Cleaning up legacy #{legacy_path} repo file" do
               file legacy_path do
                 action :delete
@@ -500,7 +498,7 @@ class Chef
         return unless debian?
 
         cleanup_legacy_file!
-        if ::File.exist?("/etc/apt/sources.list.d/#{new_resource.repo_name}.list")
+        if ::TargetIO::File.exist?("/etc/apt/sources.list.d/#{new_resource.repo_name}.list")
           converge_by "Removing #{new_resource.repo_name} repository from /etc/apt/sources.list.d/" do
             apt_update new_resource.name do
               ignore_failure true

data/lib/chef/resource/apt_update.rb

@@ -23,7 +23,7 @@ class Chef
   class Resource
     class AptUpdate < Chef::Resource
 
-      provides(:apt_update) { true }
+      provides(:apt_update, target_mode: true) { true }
 
       description "Use the **apt_update** resource to manage APT repository updates on Debian and Ubuntu platforms."
       introduced "12.7"
@@ -62,8 +62,8 @@ class Chef
         #
         # @return [Boolean]
         def apt_up_to_date?
-          ::File.exist?("#{STAMP_DIR}/update-success-stamp") &&
-            ::File.mtime("#{STAMP_DIR}/update-success-stamp") > Time.now - new_resource.frequency
+          ::TargetIO::File.exist?("#{STAMP_DIR}/update-success-stamp") &&
+            ::TargetIO::File.mtime("#{STAMP_DIR}/update-success-stamp") > Time.now - new_resource.frequency
         end
 
         def do_update

data/lib/chef/resource/bff_package.rb

@@ -23,7 +23,7 @@ class Chef
   class Resource
     class BffPackage < Chef::Resource::Package
 
-      provides :bff_package
+      provides :bff_package, target_mode: true
 
       description "Use the **bff_package** resource to manage packages for the AIX platform using the installp utility. When a package is installed from a local file, it must be added to the node using the **remote_file** or **cookbook_file** resources."
       introduced "12.0"

data/lib/chef/resource/chef_client_config.rb

@@ -21,7 +21,7 @@ class Chef
   class Resource
     class ChefClientConfig < Chef::Resource
 
-      provides :chef_client_config
+      provides :chef_client_config, target_mode: true
 
       description "Use the **chef_client_config** resource to create a client.rb file in the #{ChefUtils::Dist::Infra::PRODUCT} configuration directory. See the [client.rb docs](https://docs.chef.io/config_rb_client/) for more details on options available in the client.rb configuration file."
       introduced "16.6"
@@ -198,7 +198,8 @@ class Chef
         introduced: "17.3"
 
       property :minimal_ohai, [true, false],
-        description: "Run a minimal set of Ohai plugins providing data necessary for the execution of #{ChefUtils::Dist::Infra::PRODUCT}'s built-in resources. Setting this to true will skip many large and time consuming data sets such as `cloud` or `packages`. Setting this this to true may break cookbooks that assume all Ohai data will be present."
+        description: "Run a minimal set of Ohai plugins providing data necessary for the execution of #{ChefUtils::Dist::Infra::PRODUCT}'s built-in resources. Setting this to true will skip many large and time consuming data sets such as `cloud` or `packages`. Setting this to true may break cookbooks that assume all Ohai data will be present.",
+        default: false
 
       property :start_handlers, Array,
         description: %q(An array of hashes that contain a report handler class and the arguments to pass to that class on initialization. The hash should include `class` and `argument` keys where `class` is a String and `argument` is an array of quoted String values. For example: `[{'class' => 'MyHandler', %w('"argument1"', '"argument2"')}]`),

data/lib/chef/resource/chef_client_systemd_timer.rb

@@ -103,6 +103,10 @@ class Chef
         coerce: proc { |x| Integer(x) },
         callbacks: { "should be a positive Integer" => proc { |v| v > 0 } }
 
+      property :service_umask, [Integer, String],
+        description: "Fix umask for hardened systems that have a changed default umask. This changes the chef-client umask so any files or folders are created with new umask. Recommend setting to stand install default of 0022.",
+        introduced: "18.5"
+
       action :add, description: "Add a systemd timer that runs #{ChefUtils::Dist::Infra::PRODUCT}." do
         systemd_unit "#{new_resource.job_name}.service" do
           content service_content
@@ -175,6 +179,7 @@ class Chef
             "Install" => { "WantedBy" => "multi-user.target" },
           }
 
+          unit["Service"]["UMask"] = new_resource.service_umask if new_resource.service_umask
           unit["Service"]["ConditionACPower"] = "true" unless new_resource.run_on_battery
           unit["Service"]["CPUQuota"] = "#{new_resource.cpu_quota}%" if new_resource.cpu_quota
           unit["Service"]["Environment"] = new_resource.environment.collect { |k, v| "\"#{k}=#{v}\"" } unless new_resource.environment.empty?

data/lib/chef/resource/chef_gem.rb

@@ -62,7 +62,7 @@ class Chef
         end
         ```
 
-        **Install MySQL gem into #{ChefUtils::Dist::Infra::PRODUCT}***
+        **Install MySQL gem into #{ChefUtils::Dist::Infra::PRODUCT}**
         ```ruby
         apt_update
 

data/lib/chef/resource/chef_sleep.rb

@@ -20,7 +20,7 @@ require "chef-utils/dist" unless defined?(ChefUtils::Dist)
 class Chef
   class Resource
     class ChefSleep < Chef::Resource
-      provides :chef_sleep
+      provides :chef_sleep, target_mode: true
 
       description "Use the **chef_sleep** resource to pause (sleep) for a number of seconds during a #{ChefUtils::Dist::Infra::PRODUCT} run. Only use this resource when a command or service exits successfully but is not ready for the next step in a recipe."
       introduced "15.5"

data/lib/chef/resource/cookbook_file.rb

@@ -28,7 +28,7 @@ class Chef
     class CookbookFile < Chef::Resource::File
       include Chef::Mixin::Securable
 
-      provides :cookbook_file
+      provides :cookbook_file, target_mode: true
 
       description "Use the **cookbook_file** resource to transfer files from a sub-directory of COOKBOOK_NAME/files/ to a specified path located on a host that is running the #{ChefUtils::Dist::Infra::PRODUCT}. The file is selected according to file specificity, which allows different source files to be used based on the hostname, host platform (operating system, distro, or as appropriate), or platform version. Files that are located in the COOKBOOK_NAME/files/default sub-directory may be used on any platform.\n\nDuring a #{ChefUtils::Dist::Infra::PRODUCT} run, the checksum for each local file is calculated and then compared against the checksum for the same file as it currently exists in the cookbook on the #{ChefUtils::Dist::Server::PRODUCT}. A file is not transferred when the checksums match. Only files that require an update are transferred from the #{ChefUtils::Dist::Server::PRODUCT} to a node."
 

data/lib/chef/resource/cron/cron.rb

@@ -28,7 +28,7 @@ class Chef
 
       use "cron_shared"
 
-      provides :cron
+      provides :cron, target_mode: true
 
       description "Use the **cron** resource to manage cron entries for time-based job scheduling. Properties for a schedule will default to * if not provided. The cron resource requires access to a crontab program, typically cron. Warning: The cron resource should only be used to modify an entry in a crontab file. The `cron_d` resource directly manages `cron.d` files. This resource ships in #{ChefUtils::Dist::Infra::PRODUCT} 14.4 or later and can also be found in the [cron](https://github.com/chef-cookbooks/cron) cookbook) for previous #{ChefUtils::Dist::Infra::PRODUCT} releases."
 

data/lib/chef/resource/cron/cron_d.rb

@@ -26,7 +26,7 @@ class Chef
 
       use "cron_shared"
 
-      provides :cron_d
+      provides :cron_d, target_mode: true
 
       introduced "14.4"
       description "Use the **cron_d** resource to manage cron job files in the `/etc/cron.d` directory. Warning: #{ChefUtils::Dist::Infra::PRODUCT} also ships with the **cron** resource for managing the monolithic `/etc/crontab` file on platforms that lack cron.d support. See the [cron resource](/resources/cron/) for information on using that resource."

data/lib/chef/resource/cron_access.rb

@@ -23,7 +23,7 @@ require_relative "../resource"
 class Chef
   class Resource
     class CronAccess < Chef::Resource
-      provides :cron_access
+      provides :cron_access, target_mode: true
       provides(:cron_manage) # legacy name @todo in Chef 15 we should { true } this so it wins over the cookbook
 
       introduced "14.4"

data/lib/chef/resource/directory.rb

@@ -25,7 +25,7 @@ class Chef
   class Resource
     class Directory < Chef::Resource
 
-      provides :directory
+      provides :directory, target_mode: true
 
       description "Use the **directory** resource to manage a directory, which is a hierarchy"\
                   " of folders that comprises all of the information stored on a computer."\

data/lib/chef/resource/dpkg_package.rb

@@ -22,7 +22,7 @@ class Chef
   class Resource
     class DpkgPackage < Chef::Resource::Package
 
-      provides :dpkg_package
+      provides :dpkg_package, target_mode: true
 
       description "Use the **dpkg_package** resource to manage packages for the dpkg platform. When a package is installed from a local file, it must be added to the node using the **remote_file** or **cookbook_file** resources."
 

data/lib/chef/resource/execute.rb

@@ -442,14 +442,14 @@ class Chef
         NetworkService have this right when running as a service. This is necessary
         even if the user is an Administrator.
 
-        This right can be added and checked in a recipe using this example:
+        This right can be added and checked in a recipe using this example (will not take effect in the same Chef run):
 
         ```ruby
-        # Add 'SeAssignPrimaryTokenPrivilege' for the user
-        Chef::ReservedNames::Win32::Security.add_account_right('<user>', 'SeAssignPrimaryTokenPrivilege')
-
-        # Check if the user has 'SeAssignPrimaryTokenPrivilege' rights
-        Chef::ReservedNames::Win32::Security.get_account_right('<user>').include?('SeAssignPrimaryTokenPrivilege')
+        windows_user_privilege 'add assign token privilege' do
+          principal '<user>'
+          privilege 'SeAssignPrimaryTokenPrivilege'
+          action :add
+        end
         ```
 
         The following example shows how to run `mkdir test_dir` from a Chef Infra Client
@@ -492,9 +492,11 @@ class Chef
 
         **Run a command with an external input file**:
 
+        ```ruby
         execute 'md5sum' do
           input File.read(__FILE__)
         end
+        ```
       EXAMPLES
 
       # The ResourceGuardInterpreter wraps a resource's guards in another resource.  That inner resource

data/lib/chef/resource/file/verification/json.rb

@@ -37,7 +37,7 @@ class Chef
           provides :json
 
           def verify(path, opts = {})
-            Chef::JSONCompat.parse(IO.read(path))
+            Chef::JSONCompat.parse(TargetIO::IO.read(path))
             true
           rescue Chef::Exceptions::JSON::ParseError => e
             Chef::Log.error("Json syntax verify failed with : #{e.message}")

data/lib/chef/resource/file/verification/systemd_unit.rb

@@ -49,7 +49,7 @@ class Chef
 
             Dir.mktmpdir("chef-systemd-unit") do |dir|
               temp = "#{dir}/#{::File.basename(@parent_resource.path)}"
-              ::FileUtils.cp(path, temp)
+              ::TargetIO::FileUtils.cp(path, temp)
               verify_command(temp, opts)
             end
           end

data/lib/chef/resource/file/verification/yaml.rb

@@ -39,7 +39,7 @@ class Chef
           provides :yaml
 
           def verify(path, opts = {})
-            Psych.parse_file(path)
+            Psych.parse(TargetIO::IO.read(path))
             true
           rescue Psych::SyntaxError => e
             Chef::Log.error("Yaml syntax verify failed with : #{e.message}")

data/lib/chef/resource/file.rb

@@ -29,7 +29,7 @@ class Chef
     class File < Chef::Resource
       include Chef::Mixin::Securable
 
-      provides :file
+      provides :file, target_mode: true
 
       description "Use the **file** resource to manage files directly on a node. Note: Use the **cookbook_file** resource to copy a file from a cookbook's `/files` directory. Use the **template** resource to create a file based on a template in a cookbook's `/templates` directory. And use the **remote_file** resource to transfer a file to a node from a remote location."
 

data/lib/chef/resource/freebsd_package.rb

@@ -25,8 +25,8 @@ require_relative "../provider/package/freebsd/pkgng"
 class Chef
   class Resource
     class FreebsdPackage < Chef::Resource::Package
-      provides :freebsd_package
-      provides :package, platform: "freebsd"
+      provides :freebsd_package, target_mode: true
+      provides :package, platform: "freebsd", target_mode: true
 
       description "Use the **freebsd_package** resource to manage packages for the FreeBSD platform."
 

data/lib/chef/resource/group.rb

@@ -48,7 +48,7 @@ class Chef
       ```
       EXAMPLES
 
-      provides :group
+      provides :group, target_mode: true
 
       allowed_actions :create, :remove, :modify, :manage
       default_action :create

data/lib/chef/resource/habitat/habitat_package.rb

@@ -22,7 +22,7 @@ class Chef
   class Resource
     class HabitatPackage < Chef::Resource::Package
 
-      provides :habitat_package
+      provides :habitat_package, target_mode: true
       use "habitat_shared"
       description "Use the **habitat_package** to install or remove Chef Habitat packages from Habitat Builder."
       introduced "17.3"

data/lib/chef/resource/habitat/habitat_sup.rb

@@ -21,7 +21,7 @@ class Chef
   class Resource
     class HabitatSup < Chef::Resource
 
-      provides :habitat_sup do |_node|
+      provides(:habitat_sup, target_mode: true) do |_node|
         false
       end
 
@@ -186,10 +186,10 @@ class Chef
         habitat_install new_resource.name do
           license new_resource.license
           hab_version new_resource.sup_version if new_resource.sup_version
-          not_if { ::File.exist?("/bin/hab") }
-          not_if { ::File.exist?("/usr/bin/hab") }
-          not_if { ::File.exist?("c:/habitat/hab.exe") }
-          not_if { ::File.exist?("c:/ProgramData/Habitat/hab.exe") }
+          not_if { ::TargetIO::File.exist?("/bin/hab") }
+          not_if { ::TargetIO::File.exist?("/usr/bin/hab") }
+          not_if { ::TargetIO::File.exist?("c:/habitat/hab.exe") }
+          not_if { ::TargetIO::File.exist?("c:/ProgramData/Habitat/hab.exe") }
         end
 
         habitat_package "core/hab-sup" do
@@ -205,7 +205,7 @@ class Chef
         if windows?
           directory "C:/hab/sup/default/config" do
             recursive true
-            only_if { ::Dir.exist?("C:/hab") }
+            only_if { ::TargetIO::Dir.exist?("C:/hab") }
             only_if { use_toml_config }
             action :create
           end
@@ -235,14 +235,14 @@ class Chef
               keep_latest_packages: new_resource.keep_latest
             )
             only_if { use_toml_config }
-            only_if { ::Dir.exist?("C:/hab/sup/default/config") }
+            only_if { ::TargetIO::Dir.exist?("C:/hab/sup/default/config") }
           end
         else
           directory "/hab/sup/default/config" do
             mode "0755"
             recursive true
             only_if { use_toml_config }
-            only_if { ::Dir.exist?("/hab") }
+            only_if { ::TargetIO::Dir.exist?("/hab") }
             action :create
           end
 
@@ -271,7 +271,7 @@ class Chef
               keep_latest_packages: new_resource.keep_latest
             )
             only_if { use_toml_config }
-            only_if { ::Dir.exist?("/hab/sup/default/config") }
+            only_if { ::TargetIO::Dir.exist?("/hab/sup/default/config") }
           end
         end
       end

data/lib/chef/resource/habitat/habitat_sup_systemd.rb

@@ -20,8 +20,8 @@ require_relative "habitat_sup"
 class Chef
   class Resource
     class HabitatSupSystemd < HabitatSup
-      provides :habitat_sup, os: "linux"
-      provides :habitat_sup_systemd
+      provides :habitat_sup, os: "linux", target_mode: true
+      provides :habitat_sup_systemd, target_mode: true
 
       action :run do
         super()

data/lib/chef/resource/habitat_install.rb

@@ -19,7 +19,7 @@ require_relative "../resource"
 class Chef
   class Resource
     class HabitatInstall < Chef::Resource
-      provides :habitat_install
+      provides :habitat_install, target_mode: true
 
       description "Use the **habitat_install** resource to install Chef Habitat."
       introduced "17.3"
@@ -70,7 +70,7 @@ class Chef
         description: "Specify the version of `Habitat` you would like to install."
 
       action :install, description: "Installs Habitat. Does nothing if the `hab` binary is found in the default location for the system (`/bin/hab` on Linux, `/usr/local/bin/hab` on macOS, `C:/habitat/hab.exe` on Windows)" do
-        if ::File.exist?(hab_path)
+        if ::TargetIO::File.exist?(hab_path)
           cmd = shell_out!([hab_path, "--version"].flatten.compact.join(" "))
           version = %r{hab (\d*\.\d*\.\d[^\/]*)}.match(cmd.stdout)[1]
           return if version == new_resource.hab_version
@@ -94,7 +94,7 @@ class Chef
             path habfile
             destination "#{Chef::Config[:file_cache_path]}/habitat"
             action :extract
-            not_if { ::Dir.exist?("c:\\habitat") }
+            not_if { ::TargetIO::Dir.exist?("c:\\habitat") }
           end
 
           directory "c:\\habitat" do
@@ -127,6 +127,7 @@ class Chef
           remote_file ::File.join(Chef::Config[:file_cache_path], "hab-install.sh") do
             source new_resource.install_url
             sensitive true
+            mode 0755
           end
 
           execute "installing with hab-install.sh" do
@@ -235,7 +236,7 @@ class Chef
         end
 
         def hab_command
-          cmd = "bash #{Chef::Config[:file_cache_path]}/hab-install.sh"
+          cmd = "#{Chef::Config[:file_cache_path]}/hab-install.sh"
           cmd << " -v #{new_resource.hab_version} " if new_resource.hab_version
           cmd << " -t x86_64-linux-kernel2" if node["kernel"]["release"].to_i < 3
           cmd