chef 18.4.12 → 18.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d054a5d4b494b34b37e06e230641502c973712e05466d2112b3bbd69be500d26
-  data.tar.gz: 8217503105a7dc435ad2928a1760ee6403102bdeba006d3d959f368bef3fa8bd
+  metadata.gz: 9758afdcd61880d10d2e6fcbd0097a3dc94ead3ce67004ba317ed1754cf529d2
+  data.tar.gz: 2ea4ff22776735a4ec71531e3c188769328e3dab07f1930ab4f59c6c2032a9b4
 SHA512:
-  metadata.gz: fca7e74fe02c2070fd34f30a58c5206a56ed35fc11dc378a9d60cad12dd17cc5a3ef3f293f4ca4e218b54edc9b62ce186fb7328883786261995846a696e1e54f
-  data.tar.gz: 59dceca64109ceb153dee38a72b1865f0a582c1b48f257d14462c6450ae97a3d52febb946d37b15afba21d5bb9132c32fc1df751a081b977a883add135d1629e
+  metadata.gz: 6f54220fa4591d43a562055250981453252a30db5bed94473ba0350b4d147ae0eb517da7ab371ef5963b8c7675b06206a5366585a86234ef0ede60a2d92ebf28
+  data.tar.gz: d096c1a73764313a572382cb45963efac685f4a33655225b447b8f58f9dbcfb4abf732da9c7bd2c855bf526a28d195a2a3af49e36029b9f7941bbe4b2ad6682b

data/Gemfile

@@ -2,7 +2,7 @@ source "https://rubygems.org"
 
 gem "chef", path: "."
 
-gem "ohai", git: "https://github.com/chef/ohai.git", branch: "main"
+gem "ohai", git: "https://github.com/chef/ohai.git", branch: "18-stable"
 
 # Nwed to file a bug with rest-client. In the meantime, we can use this until they accept the update.
 gem "rest-client", git: "https://github.com/chef/rest-client", branch: "jfm/ucrt_update1"
@@ -11,6 +11,13 @@ gem "ffi", ">= 1.15.5"
 gem "chef-utils", path: File.expand_path("chef-utils", __dir__) if File.exist?(File.expand_path("chef-utils", __dir__))
 gem "chef-config", path: File.expand_path("chef-config", __dir__) if File.exist?(File.expand_path("chef-config", __dir__))
 
+# required for FIPS or bundler will pick up default openssl
+install_if -> { RUBY_PLATFORM !~ /darwin/ } do
+  gem "openssl", "= 3.2.0"
+end
+
+gem "rdoc", "~> 6.4.1" # 6.4.1.1 required for CVE-2024-27281, allow patch upgrades
+
 if File.exist?(File.expand_path("chef-bin", __dir__))
   # bundling in a git checkout
   gem "chef-bin", path: File.expand_path("chef-bin", __dir__)
@@ -49,7 +56,7 @@ group(:knife_windows_deps) do
 end
 
 group(:development, :test) do
-  gem "rake"
+  gem "rake", ">= 12.3.3"
   gem "rspec"
   gem "webmock"
   gem "crack", "< 0.4.6" # due to https://github.com/jnunemaker/crack/pull/75

data/chef-universal-mingw-ucrt.gemspec

@@ -1,6 +1,6 @@
 gemspec = instance_eval(File.read(File.expand_path("chef.gemspec", __dir__)))
 
-gemspec.platform = Gem::Platform.new(%w{x64-mingw-ucrt})
+gemspec.platform = Gem::Platform.new(%w{universal mingw-ucrt})
 
 gemspec.add_dependency "win32-api", "~> 1.10.0"
 gemspec.add_dependency "win32-event", "~> 0.6.1"

data/chef.gemspec

@@ -2,12 +2,12 @@ $:.unshift(File.dirname(__FILE__) + "/lib")
 vs_path = File.expand_path("chef-utils/lib/chef-utils/version_string.rb", __dir__)
 
 if File.exist?(vs_path)
-  # this is the moral equivalent of a require_relative since bundler makes require_relative here fail hard
-  eval(IO.read(vs_path))
-else
-  # if the path doesn't exist then we're just in the wild gem and not in the git repo
-  require "chef-utils/version_string"
+  # include chef-utils/lib in the path if we're inside of chef vs. chef-utils gem
+  # but add it to the end of the search path
+  $: << (File.dirname(__FILE__) + "/chef-utils/lib")
 end
+# if the path doesn't exist then we're just in the wild gem and not in the git repo
+require "chef-utils/version_string"
 require "chef/version"
 
 Gem::Specification.new do |s|
@@ -30,7 +30,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency "chef-config", "= #{Chef::VERSION}"
   s.add_dependency "chef-utils", "= #{Chef::VERSION}"
-  s.add_dependency "train-core", "~> 3.10" # 3.2.28 fixes sudo prompts. See https://github.com/chef/chef/pull/9635
+  s.add_dependency "train-core", "~> 3.10", "<= 3.12.7"
   s.add_dependency "train-winrm", ">= 0.2.5"
   s.add_dependency "train-rest", ">= 0.4.1" # target mode with rest APIs
 
@@ -43,7 +43,7 @@ Gem::Specification.new do |s|
   s.add_dependency "ohai", "~> 18.0"
   s.add_dependency "inspec-core", ">= 5", "< 6"
 
-  s.add_dependency "ffi", ">= 1.15.5"
+  s.add_dependency "ffi", ">= 1.15.5", "<= 1.16.3"
   s.add_dependency "ffi-yajl", "~> 2.2"
   s.add_dependency "net-sftp", ">= 2.1.2", "< 5.0" # remote_file resource
   s.add_dependency "net-ftp" # remote_file resource
@@ -65,7 +65,7 @@ Gem::Specification.new do |s|
 
   s.add_dependency "aws-sdk-s3", "~> 1.91" # s3 recipe-url support
   s.add_dependency "aws-sdk-secretsmanager", "~> 1.46"
-  s.add_dependency "vault", "~> 0.16" # hashi vault official client gem
+  s.add_dependency "vault", "~> 0.18.2" # hashi vault official client gem
   s.bindir       = "bin"
   s.executables  = %w{ }
 

data/lib/chef/client.rb

@@ -305,8 +305,6 @@ class Chef
         # keep this inside the main loop to get exception backtraces
         end_profiling
 
-        warn_if_eol
-
         # rebooting has to be the last thing we do, no exceptions.
         Chef::Platform::Rebooter.reboot_if_needed!(node)
       rescue Exception => run_error
@@ -335,19 +333,6 @@ class Chef
     # @todo make this stuff protected or private
     #
 
-    # @api private
-    def warn_if_eol
-      require_relative "version"
-
-      # We make a release every year so take the version you're on + 2006 and you get
-      # the year it goes EOL
-      eol_year = 2006 + Gem::Version.new(Chef::VERSION).segments.first
-
-      if Time.now > Time.new(eol_year, 5, 01)
-        logger.warn("This release of #{ChefUtils::Dist::Infra::PRODUCT} became end of life (EOL) on May 1st #{eol_year}. Please update to a supported release to receive new features, bug fixes, and security updates.")
-      end
-    end
-
     # @api private
     def configure_formatters
       formatters_for_run.map do |formatter_name, output_path|

data/lib/chef/cookbook/chefignore.rb

@@ -50,7 +50,10 @@ class Chef
         ignore_globs = []
         if @ignore_file && readable_file_or_symlink?(@ignore_file)
           File.foreach(@ignore_file) do |line|
-            ignore_globs << line.strip unless COMMENTS_AND_WHITESPACE.match?(line)
+            unless COMMENTS_AND_WHITESPACE.match?(line)
+              line.strip!
+              ignore_globs << line
+            end
           end
         else
           Chef::Log.debug("No chefignore file found. No files will be ignored!")

data/lib/chef/cookbook/cookbook_version_loader.rb

@@ -215,7 +215,7 @@ class Chef
         Dir.entries(cookbook_path).each do |top_filename|
           # Skip top-level directories starting with "."
           top_path = File.join(cookbook_path, top_filename)
-          next if File.directory?(top_path) && top_filename.start_with?(".")
+          next if top_filename.start_with?(".") && File.directory?(top_path)
 
           # Use Find.find because it:
           # (a) returns any children, recursively

data/lib/chef/cookbook/remote_file_vendor.rb

@@ -43,9 +43,10 @@ class Chef
           raise "get_filename: Cannot determine segment/filename for incoming filename #{filename}"
         end
 
-        raise "No such segment #{segment} in cookbook #{@cookbook_name}" unless @manifest.files_for(segment)
+        files_for_segment = @manifest.files_for(segment)
+        raise "No such segment #{segment} in cookbook #{@cookbook_name}" unless files_for_segment
 
-        found_manifest_record = @manifest.files_for(segment).find { |manifest_record| manifest_record[:path] == filename }
+        found_manifest_record = files_for_segment.find { |manifest_record| manifest_record[:path] == filename }
         raise "No such file #{filename} in #{@cookbook_name}" unless found_manifest_record
 
         cache_filename = File.join("cookbooks", @cookbook_name, found_manifest_record["path"])

data/lib/chef/cookbook/synchronizer.rb

@@ -280,8 +280,9 @@ class Chef
     end
 
     def ensure_cookbook_paths
+      cookbook_path = File.join(Chef::Config[:file_cache_path], "cookbooks")
       cookbooks.each do |cookbook|
-        cb_dir = File.join(Chef::Config[:file_cache_path], "cookbooks", cookbook.name)
+        cb_dir = File.join(cookbook_path, cookbook.name)
         cookbook.root_paths = Array(cb_dir)
       end
     end

data/lib/chef/cookbook_manifest.rb

@@ -173,9 +173,9 @@ class Chef
     def files_for(part)
       return root_files if part.to_s == "root_files"
 
+      part_match = "#{part}/"
       manifest[:all_files].select do |file|
-        seg = file[:name].split("/")[0]
-        part.to_s == seg
+        file[:name].start_with?(part_match)
       end
     end
 

data/lib/chef/exceptions.rb

@@ -170,7 +170,7 @@ class Chef
     class PowershellCmdletException < RuntimeError; end
     class LCMParser < RuntimeError; end
 
-    class CannotDetermineHomebrewOwner < Package; end
+    class CannotDetermineHomebrewPath < Package; end
     class CannotDetermineWindowsInstallerType < Package; end
     class NoWindowsPackageSource < Package; end
 

data/lib/chef/file_cache.rb

@@ -159,9 +159,24 @@ class Chef
       # [String] - An array of file cache keys matching the glob
       def find(glob_pattern)
         keys = []
-        Dir[File.join(Chef::Util::PathHelper.escape_glob_dir(file_cache_path), glob_pattern)].each do |f|
+        file_cache_dir = Chef::Util::PathHelper.escape_glob_dir(file_cache_path)
+        first_filename = Dir[file_cache_dir].first # directory of the cache
+        return keys unless first_filename
+
+        # TODO: The usage of Regexp.escape and the match here is likely
+        # vestigial, but since it's only getting called once per method, the
+        # effort needed to confirm that its removal won't break something else
+        # isn't worth it. A task for a brave soul ;-)
+        regexp_pattern = /^(#{Regexp.escape(first_filename) + File::Separator}).+/
+
+        files = Dir[File.join(file_cache_dir, glob_pattern)]
+        until files.empty?
+          f = files.shift
           if File.file?(f)
-            keys << f[/^#{Regexp.escape(Dir[Chef::Util::PathHelper.escape_glob_dir(file_cache_path)].first) + File::Separator}(.+)/, 1]
+            # We remove the cache directory from the string of each entry
+            path_to_remove ||= f[regexp_pattern, 1]
+            f.delete_prefix!(path_to_remove)
+            keys << f
           end
         end
         keys

data/lib/chef/formatters/doc.rb

@@ -57,7 +57,7 @@ class Chef
         # Print out deprecations.
         unless deprecations.empty?
           puts_line ""
-          puts_line "Deprecation warnings that must be addressed before upgrading to Chef Infra #{Chef::VERSION.to_i + 1}:"
+          puts_line "Deprecation warnings that must be addressed before upgrading to #{ChefUtils::Dist::Infra::PRODUCT} #{Chef::VERSION.to_i + 1}:"
           puts_line ""
           deprecations.each do |message, details|
             locations = details[:locations]

data/lib/chef/mixin/{homebrew_user.rb → homebrew.rb}

@@ -27,7 +27,7 @@ require "etc" unless defined?(Etc)
 
 class Chef
   module Mixin
-    module HomebrewUser
+    module Homebrew
       include Chef::Mixin::ShellOut
 
       ##
@@ -57,15 +57,19 @@ class Chef
         @homebrew_owner_username
       end
 
+      # Use homebrew_bin_path to return the path to the brew binary
+      # @param [String, Array(String)] brew_bin_path
+      # @return [String] path to the brew binary
       def homebrew_bin_path(brew_bin_path = nil)
         if brew_bin_path && ::File.exist?(brew_bin_path)
           brew_bin_path
         else
-          [which("brew"), "/opt/homebrew/bin/brew", "/usr/local/bin/brew", "/home/linuxbrew/.linuxbrew/bin/brew"].uniq.select do |x|
-            next if x == false
+          brew_path = which("brew", prepend_path: %w{/opt/homebrew/bin /usr/local/bin /home/linuxbrew/.linuxbrew/bin})
+          unless brew_path
+            raise Chef::Exceptions::CannotDetermineHomebrewPath, 'Couldn\'t find the "brew" executable anywhere on the path.'
+          end
 
-            ::File.exist?(x) && ::File.executable?(x)
-          end.first || nil
+          brew_path
         end
       end
 
@@ -73,18 +77,11 @@ class Chef
 
       def calculate_owner
         brew_path = homebrew_bin_path
-        if brew_path
-          # By default, this follows symlinks which is what we want
-          owner = ::File.stat(brew_path).uid
-        else
-          raise Chef::Exceptions::CannotDetermineHomebrewOwner,
-            'Couldn\'t find the "brew" executable anywhere on the path.'
-        end
-
-        Chef::Log.debug "Found Homebrew owner #{Etc.getpwuid(owner).name}; executing `brew` commands as them"
-        owner
+        # By default, this follows symlinks which is what we want
+        owner_uid = ::File.stat(brew_path).uid
+        Chef::Log.debug "Found Homebrew owner #{Etc.getpwuid(owner_uid).name}; executing `brew` commands as them"
+        owner_uid
       end
-
     end
   end
 end

data/lib/chef/mixin/openssl_helper.rb

@@ -157,7 +157,7 @@ class Chef
         raise TypeError, "curve must be a string" unless curve.is_a?(String)
         raise ArgumentError, "Specified curve is not available on this system" unless %w{prime256v1 secp384r1 secp521r1}.include?(curve)
 
-        ::OpenSSL::PKey::EC.new(curve).generate_key
+        ::OpenSSL::PKey::EC.generate(curve)
       end
 
       # generate pem format of the public key given a private key
@@ -170,18 +170,7 @@ class Chef
         key_content = ::File.exist?(priv_key) ? File.read(priv_key) : priv_key
         key = ::OpenSSL::PKey::EC.new key_content, priv_key_password
 
-        # Get curve type (prime256v1...)
-        group = ::OpenSSL::PKey::EC::Group.new(key.group.curve_name)
-        # Get Generator point & public point (priv * generator)
-        generator = group.generator
-        pub_point = generator.mul(key.private_key)
-        key.public_key = pub_point
-
-        # Public Key in pem
-        public_key = ::OpenSSL::PKey::EC.new
-        public_key.group = group
-        public_key.public_key = pub_point
-        public_key.to_pem
+        key.public_to_pem
       end
 
       # generate a pem file given a cipher, key, an optional key_password

data/lib/chef/node/attribute.rb

@@ -570,7 +570,7 @@ class Chef
         ]
 
         ret = components.inject(NIL) do |merged, component|
-          hash_only_merge!(merged, component)
+          component == NIL ? merged : hash_only_merge!(merged, component)
         end
         ret == NIL ? nil : ret
       end
@@ -584,7 +584,7 @@ class Chef
       def merge_defaults(path)
         DEFAULT_COMPONENTS.inject(NIL) do |merged, component_ivar|
           component_value = apply_path(instance_variable_get(component_ivar), path)
-          deep_merge!(merged, component_value)
+          component_value == NIL ? merged : deep_merge!(merged, component_value)
         end
       end
 
@@ -597,7 +597,7 @@ class Chef
       def merge_overrides(path)
         OVERRIDE_COMPONENTS.inject(NIL) do |merged, component_ivar|
           component_value = apply_path(instance_variable_get(component_ivar), path)
-          deep_merge!(merged, component_value)
+          component_value == NIL ? merged : deep_merge!(merged, component_value)
         end
       end
 
@@ -628,10 +628,6 @@ class Chef
         elsif merge_onto.is_a?(Array) && merge_with.is_a?(Array)
           merge_onto |= merge_with
 
-        # If merge_with is NIL, don't replace merge_onto
-        elsif merge_with == NIL
-          merge_onto
-
         # In all other cases, replace merge_onto with merge_with
         else
           if merge_with.is_a?(Hash)
@@ -661,10 +657,6 @@ class Chef
           end
           merge_onto
 
-        # If merge_with is NIL, don't replace merge_onto
-        elsif merge_with == NIL
-          merge_onto
-
         # In all other cases, replace merge_onto with merge_with
         else
           if merge_with.is_a?(Hash)

data/lib/chef/node/immutable_collections.rb

@@ -33,18 +33,25 @@ class Chef
       end
 
       def convert_value(value)
-        # The order in this case statement is *important*.
-        # ImmutableMash and ImmutableArray should be tested first,
-        # as this saves unnecessary creation of intermediate objects
         case value
-        when ImmutableMash, ImmutableArray
-          value
         when Hash
-          ImmutableMash.new(value, __root__, __node__, __precedence__)
+          if ImmutableMash === value
+            # Save an object creation
+            value
+          else
+            ImmutableMash.new(value, __root__, __node__, __precedence__)
+          end
         when Array
-          ImmutableArray.new(value, __root__, __node__, __precedence__)
+          if ImmutableArray === value
+            # Save an object creation
+            value
+          else
+            ImmutableArray.new(value, __root__, __node__, __precedence__)
+          end
         else
-          safe_dup(value).freeze
+          # We return any already frozen strings, since that's common over the course of a run.
+          # Check `frozen?` first since that's faster than a Class comparison
+          value.frozen? && String === value ? value : safe_dup(value).freeze
         end
       end
 

data/lib/chef/node/mixin/state_tracking.rb

@@ -37,7 +37,8 @@ class Chef
         def [](*args)
           ret = super
           key = args.first
-          next_path = [ __path__, convert_key(key) ].flatten.compact
+          next_path = [ __path__, convert_key(key) ].flatten
+          next_path.compact!
           copy_state_to(ret, next_path)
         end
 
@@ -45,7 +46,8 @@ class Chef
           ret = super
           key = args.first
           value = args.last
-          next_path = [ __path__, convert_key(key) ].flatten.compact
+          next_path = [ __path__, convert_key(key) ].flatten
+          next_path.compact!
           send_attribute_changed_event(next_path, value)
           copy_state_to(ret, next_path)
         end
@@ -77,7 +79,8 @@ class Chef
         end
 
         def send_reset_cache(path = nil, key = nil)
-          next_path = [ path, key ].flatten.compact
+          next_path = [ path, key ].flatten
+          next_path.compact!
           __root__.reset_cache(next_path.first) if !__root__.nil? && __root__.respond_to?(:reset_cache)
         end
 

data/lib/chef/policy_builder/policyfile.rb

@@ -132,6 +132,9 @@ class Chef
 
         node.consume_external_attrs(ohai_data, json_attribs)
 
+        # Preserve the fall back to loading an unencrypted data bag item if the item we're trying to load isn't actually a vault item.
+        set_databag_fallback
+
         setup_run_list_override
 
         expand_run_list
@@ -191,6 +194,11 @@ class Chef
         run_context
       end
 
+      # Preserve the fall back to loading an unencrypted data bag item if the item we're trying to load isn't actually a vault item.
+      def set_databag_fallback
+        node.default["chef-vault"]["databag_fallback"] = ChefUtils.kitchen?(node)
+      end
+
       # Sets `run_list` on the node from the policy, sets `roles` and `recipes`
       # attributes on the node accordingly.
       #

data/lib/chef/provider/package/chocolatey.rb

@@ -144,12 +144,16 @@ class Chef
         def check_resource_semantics!; end
 
         def get_choco_version
-          @get_choco_version ||= powershell_exec!("#{choco_exe} --version").result
+          # We need a different way to get the version than by simply calling "choco --version".
+          # If the license file is installed (for business customers) but not the Chocolatey.Extension (because you're using the choco resource to install it)
+          # then you get a license error. This method bypasses that by getting the version from the exe directly instead of invoking it.
+          # deprecated: @get_choco_version ||= powershell_exec!("#{choco_exe} --version").result
+          @get_choco_version ||= powershell_exec!("Get-ItemProperty #{choco_exe} | select-object -expandproperty versioninfo | select-object -expandproperty productversion").result
         end
 
         # Choco V2 uses 'Search' for remote repositories and 'List' for local packages
         def query_command
-          return "list" if get_choco_version.match?(/^1/)
+          return "list" if Gem::Dependency.new("", "< 1.4.0").match?("", get_choco_version)
 
           "search"
         end
@@ -167,22 +171,34 @@ class Chef
           true
         end
 
-        # walk the collection to find peer resources to ensure that
-        # we get as much of the cache this run as possible.  Unified mode
-        # sub-resources will, of course, be incremental with this, since we can't
-        # grab them in advance, but even in that case we're still way, way
-        # more efficient with our queries...
+        # Find the set of packages to ask the chocolatey server about
+        #
+        # if walk_resource_tree is true, this finds _all_ of the packages that
+        # we have referenced anywhere in our recipes - this is so we can
+        # attempt to query them all in a single transaction.  However,
+        # currently we don't do that - see the comment on available_packages
+        # for details of the why, but the TL;DR is that the public chocolatey
+        # servers do not support `or` type queries properly.
+        #
+        # If walk_resource_tree is false, we don't do any of that - we just filter
+        # the package list based on cache data.  This is the default due to reasons
+        # explained in the comment on available_packages - the goal is to eventually
+        # turn this back on, hence the default false parameter here.
         #
         # @return [Array] List of chocolatey packages referenced in the run list
-        def collect_package_requests(ignore_list: [])
+        def collect_package_requests(ignore_list: [], walk_resource_tree: false)
           return ["*"] if new_resource.bulk_query || Chef::Config[:always_use_bulk_chocolatey_package_list]
 
-          # Get to the root of the resource collection
-          rc = run_context.parent_run_context || run_context
-          rc = rc.parent_run_context while rc.parent_run_context
+          if walk_resource_tree
+            # Get to the root of the resource collection
+            rc = run_context.parent_run_context || run_context
+            rc = rc.parent_run_context while rc.parent_run_context
 
-          package_collection = package_name_array
-          package_collection += nested_package_resources(rc.resource_collection)
+            package_collection = package_name_array
+            package_collection += nested_package_resources(rc.resource_collection)
+          else
+            package_collection = package_name_array
+          end
           # downcase the array and uniq.  sorted for easier testing...
           package_collection.uniq.sort.filter { |pkg| !ignore_list.include?(pkg) }
         end
@@ -224,7 +240,7 @@ class Chef
           @choco_exe ||= begin
               # if this check is in #define_resource_requirements, it won't get
               # run before choco.exe gets called from #load_current_resource.
-              exe_path = ::File.join(choco_install_path, "bin", "choco.exe")
+              exe_path = ::File.join(choco_install_path, "choco.exe")
               raise Chef::Exceptions::MissingLibrary, CHOCO_MISSING_MSG unless ::File.exist?(exe_path)
 
               exe_path
@@ -339,22 +355,33 @@ class Chef
             @@choco_available_packages[new_resource.list_options] = {}
           end
 
-          # Attempt to get everything we need in a single query.
-          # Grab 25 packages at a time at most, to avoid hurting servers too badly
+          # This would previously grab 25 packages at a time, which previously worked - however,
+          # upstream changed and it turns out this was only working by accident - see
+          # https://github.com/chocolatey/choco/issues/2116 for this.  So the TL;DR ends up
+          # being that this can be re-enabled when the chocolatey server actually supports an
+          # or operator.  So it makes sense to leave the logic here for this split, while we
+          # work with upstream to get this to be a working feature there
+          #
+          # Foot guns: there is a --id-starts-with for chocolatey, which you'd think would work,
+          # but that actually fails on public chocolatey as well, because it seems to do the filtering
+          # locally. Which means it too will omit a lot of results (this is also corroborated by
+          # the 2116 issue above).
           #
-          # For v1 we actually used to grab the entire list of packages, but we found
-          # that it could cause undue load on really large package lists
+          # collect_package_requests, however, continues to be useful here because it filters
+          # the already cached things from the list.  However, for now it will no longer walk the
+          # resource tree until 2116 can be sorted out.  When we regain that ability, we should
+          # re-evaluate this, since it does save a LOT of API requests!
           collect_package_requests(
             ignore_list: @@choco_available_packages[new_resource.list_options].keys
-          ).each_slice(25) do |pkg_set|
+          ).each do |pkg_set|
             available_versions =
               begin
               cmd = [ query_command, "-r" ]
 
               # Chocolatey doesn't actually take a wildcard for this query, however
               # it will return all packages when using '*' as a query
-              unless pkg_set == ["*"]
-                cmd += pkg_set
+              unless pkg_set == "*"
+                cmd << pkg_set
               end
               cmd += common_options
               cmd.push( new_resource.list_options ) if new_resource.list_options
@@ -383,10 +410,12 @@ class Chef
         #
         # @return [Hash] name-to-version mapping of installed packages
         def installed_packages
-          if new_resource.use_choco_list == false || !Chef::Config[:always_use_choco_list]
-            installed_packages_via_choco
-          else
+          # Logic here must be either use_choco_list is false _and_ always_use_choco_list is
+          # falsy, since the global overrides the local
+          if new_resource.use_choco_list == false && !Chef::Config[:always_use_choco_list]
             installed_packages_via_disk
+          else
+            installed_packages_via_choco
           end
         end
 
@@ -413,8 +442,8 @@ class Chef
             # that contains all possible package folders, and so we push our
             # guess to the front as an optimization.
             target_dirs << targets.first.downcase if targets.length == 1
-            if targets.downcase is_a?(String)
-              target_dirs << targets
+            if targets.is_a?(String)
+              target_dirs << targets.downcase
             end
             target_dirs += get_local_pkg_dirs(choco_lib_path)
             fetch_package_versions(choco_lib_path, target_dirs, targets)
@@ -465,6 +494,7 @@ class Chef
         # Fetch the local package versions from chocolatey
         def fetch_package_versions(base_dir, target_dirs, targets)
           pkg_versions = {}
+          targets = [targets] if targets.is_a?(String)
           target_dirs.each do |dir|
             pkg_versions.merge!(get_pkg_data(::File.join(base_dir, dir)))
             # return early if we found the single package version we were looking for