chef 14.10.9 → 14.11.21

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32c23855c40801eb5aa7d7223ce35f627a350d732937c61021566bf24996eadd
-  data.tar.gz: fa935461c61598ca0b594ab7b28bb0fb2c9b0123fd040299dfbd06ce3c7eae0b
+  metadata.gz: 6f798de1b307dfa70ca1ce581c1a2d47848e045fb0b8ffd2560bee57617e5360
+  data.tar.gz: 0e3deab54bb4e0876692ccb8b693fa81c524c1f367d12b8687cda83527a334c0
 SHA512:
-  metadata.gz: 7b0766ff4108d69b9e3b9c7bfe2033be26ac672c18084aed7cd7b81f384fedab22dcedb96db5a09f3fe79388b8e682f5e50b4bc7fba68a746ffd25516f829c67
-  data.tar.gz: 53bf84e5225846e0538b7854d77a23248b1cfce72dae08122d1025e15f0e5dc105b1139340a804086fd2369c18b29a634748ecb728acbbaa3c882e2778f0698a
+  metadata.gz: c0ab56ed0fd49314cd2fb22bb9f3fda2765ba137e971aa865670059d5a0c674e9cdb61b8347f0776bf1115172b285c53394a898efa5840ec0728b9fb9e906fa9
+  data.tar.gz: ed3ac08a4ff1204800ce95f1480dd2545e0a51114d09c7c83b779392a4673dddb0799e5b16a6a269d74b85bf051b78974f0e7d6a234e7c584958407ffacd4047

data/chef-universal-mingw32.gemspec

@@ -16,7 +16,7 @@ gemspec.add_dependency "windows-api", "~> 0.4.4"
 gemspec.add_dependency "wmi-lite", "~> 1.0"
 gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
 gemspec.add_dependency "iso8601", "~> 0.12.1"
-gemspec.add_dependency "win32-certstore", ">= 0.1.8"
+gemspec.add_dependency "win32-certstore", "~> 0.2.4"
 gemspec.extensions << "ext/win32-eventlog/Rakefile"
 gemspec.files += Dir.glob("{distro,ext}/**/*")
 

data/lib/chef/chef_fs/file_system/repository/chef_repository_file_system_root_dir.rb

@@ -110,7 +110,8 @@ class Chef
             else
               child_paths[name].each do |path|
                 begin
-                  Dir.mkdir(path, 0700)
+                  ::FileUtils.mkdir_p(path)
+                  ::FileUtils.chmod(0700, path)
                   if Chef::Platform.windows?
                     all_mask = Chef::ReservedNames::Win32::API::Security::GENERIC_ALL
                     administrators = Chef::ReservedNames::Win32::Security::SID.Administrators

data/lib/chef/dsl/universal.rb

@@ -1,7 +1,7 @@
 #--
 # Author:: Adam Jacob (<adam@chef.io>)
 # Author:: Christopher Walters (<cw@chef.io>)
-# Copyright:: Copyright 2008-2016 Chef Software, Inc.
+# Copyright:: Copyright 2008-2019, Chef Software Inc.
 # License:: Apache License, Version 2.0
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,6 +21,7 @@ require "chef/dsl/platform_introspection"
 require "chef/mixin/powershell_exec"
 require "chef/mixin/powershell_out"
 require "chef/mixin/shell_out"
+require "chef/mixin/lazy_module_include"
 
 class Chef
   module DSL
@@ -47,6 +48,7 @@ class Chef
       include Chef::Mixin::PowershellExec
       include Chef::Mixin::PowershellOut
       include Chef::Mixin::ShellOut
+      extend Chef::Mixin::LazyModuleInclude
     end
   end
 end

data/lib/chef/knife/bootstrap/templates/chef-full.erb

@@ -171,7 +171,7 @@ do_download() {
 <% if knife_config[:bootstrap_install_command] %>
   <%= knife_config[:bootstrap_install_command] %>
 <% else %>
-  install_sh="<%= knife_config[:bootstrap_url] ? knife_config[:bootstrap_url] : "https://omnitruck-direct.chef.io/chef/install.sh" %>"
+  install_sh="<%= knife_config[:bootstrap_url] ? knife_config[:bootstrap_url] : "https://omnitruck.chef.io/chef/install.sh" %>"
   if test -f /usr/bin/chef-client; then
     echo "-----> Existing Chef installation detected"
   else

data/lib/chef/provider/mount/aix.rb

@@ -164,7 +164,7 @@ class Chef
             disable_fs
           end
           ::File.open("/etc/filesystems", "a") do |fstab|
-            fstab.puts("#{@new_resource.mount_point}:")
+            fstab.puts("\n\n#{@new_resource.mount_point}:")
             if network_device?
               device_details = device_fstab.split(":")
               fstab.puts("\tdev\t\t= #{device_details[1]}")

data/lib/chef/provider/package/chocolatey.rb

@@ -236,6 +236,8 @@ EOS
               begin
                 cmd = [ "list -r #{pkg}" ]
                 cmd.push( "-source #{new_resource.source}" ) if new_resource.source
+                cmd.push( new_resource.options ) if new_resource.options
+
                 raw = parse_list_output(*cmd)
                 raw.keys.each_with_object({}) do |name, available|
                   available[name] = desired_name_versions[name] || raw[name]

data/lib/chef/provider/windows_task.rb

@@ -116,9 +116,8 @@ class Chef
         end
 
         def action_create
-          if new_resource.command && new_resource.command.split.size > 1
-            set_command_and_arguments
-          end
+          set_command_and_arguments if new_resource.command
+
           if current_resource.exists
             logger.trace "#{new_resource} task exist."
             unless (task_needs_update?(current_resource.task)) || (new_resource.force)

data/lib/chef/resource/dmg_package.rb

@@ -27,7 +27,7 @@ class Chef
       introduced "14.0"
 
       property :app, String,
-               description: "The name of the application as it appears in the /Volumes directory, if it differs from the resource block's name.",
+               description: "The name of the application as it appears in the /Volumes directory if it differs from the resource block's name.",
                name_property: true
 
       property :source, String,
@@ -47,7 +47,7 @@ class Chef
                description: "The sha256 checksum of the .dmg file to download."
 
       property :volumes_dir, String,
-               description: "The directory under /Volumes where the dmg is mounted, if it differs from the name of the .dmg file.",
+               description: "The directory under /Volumes where the dmg is mounted if it differs from the name of the .dmg file.",
                default: lazy { |r| r.app }, default_description: "The value passed for the application name."
 
       property :dmg_name, String,

data/lib/chef/resource/openssl_dhparam.rb

@@ -57,20 +57,19 @@ class Chef
 
       action :create do
         description "Create the dhparam file."
-
+        dhparam_content = nil
         unless dhparam_pem_valid?(new_resource.path)
-          converge_by("Create a dhparam file #{new_resource.path}") do
-            dhparam_content = gen_dhparam(new_resource.key_length, new_resource.generator).to_pem
+          dhparam_content = gen_dhparam(new_resource.key_length, new_resource.generator).to_pem
+          Chef::Log.debug("Valid dhparam content not found at #{new_resource.path}, creating new")
+        end
 
-            file new_resource.path do
-              action :create
-              owner new_resource.owner unless new_resource.owner.nil?
-              group new_resource.group unless new_resource.group.nil?
-              mode new_resource.mode
-              sensitive true
-              content dhparam_content
-            end
-          end
+        file new_resource.path do
+          action :create
+          owner new_resource.owner
+          group new_resource.group
+          mode new_resource.mode
+          sensitive true
+          content dhparam_content
         end
       end
     end

data/lib/chef/resource/sudo.rb

@@ -37,7 +37,7 @@ class Chef
       # acording to the sudo man pages sudo will ignore files in an include dir that have a `.` or `~`
       # We convert either to `__`
       property :filename, String,
-               description: "The name of the sudoers.d file, if it differs from the name of the resource block",
+               description: "The name of the sudoers.d file if it differs from the name of the resource block",
                name_property: true,
                coerce: proc { |x| x.gsub(/[\.~]/, "__") }
 

data/lib/chef/resource/swap_file.rb

@@ -27,7 +27,7 @@ class Chef
       introduced "14.0"
 
       property :path, String,
-               description: "The path where the swap file will be created on the system, if it differs from the resource block's name.",
+               description: "The path where the swap file will be created on the system if it differs from the resource block's name.",
                name_property: true
 
       property :size, Integer,

data/lib/chef/resource/sysctl.rb

@@ -33,7 +33,7 @@ class Chef
       introduced "14.0"
 
       property :key, String,
-               description: "The kernel parameter key in dotted format, if it differs from the resource block's name.",
+               description: "The kernel parameter key in dotted format if it differs from the resource block's name.",
                name_property: true
 
       property :ignore_error, [TrueClass, FalseClass],

data/lib/chef/resource/timezone.rb

@@ -29,7 +29,7 @@ class Chef
       introduced "14.6"
 
       property :timezone, String,
-               description: "The timezone value to set.",
+               description: "An optional property to set the timezone value if it differs from the resource block's name.",
                name_property: true
 
       action :set do

data/lib/chef/resource/windows_ad_join.rb

@@ -30,7 +30,7 @@ class Chef
       introduced "14.0"
 
       property :domain_name, String,
-               description: "The FQDN of the Active Directory domain to join.",
+               description: "The FQDN of the Active Directory domain to join if it differs from the resource block's name.",
                validation_message: "The 'domain_name' property must be a FQDN.",
                regex: /.\../, # anything.anything
                name_property: true

data/lib/chef/resource/windows_auto_run.rb

@@ -28,7 +28,7 @@ class Chef
       introduced "14.0"
 
       property :program_name, String,
-               description: "The name of the program to run at login, if it differs from the resource block's name.",
+               description: "The name of the program to run at login if it differs from the resource block's name.",
                name_property: true
 
       property :path, String,

data/lib/chef/resource/windows_certificate.rb

@@ -32,7 +32,7 @@ class Chef
       introduced "14.7"
 
       property :source, String,
-               description: "The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete).",
+               description: "The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete) if it differs from the resource block's name.",
                name_property: true
 
       property :pfx_password, String,
@@ -53,14 +53,16 @@ class Chef
                description: ""
 
       # lazy used to set default value of sensitive to true if password is set
-      property :sensitive, [ TrueClass, FalseClass ],
+      property :sensitive, [TrueClass, FalseClass],
                description: "Ensure that sensitive resource data is not logged by the chef-client.",
                default: lazy { |r| r.pfx_password ? true : false }, skip_docs: true
 
       action :create do
         description "Creates or updates a certificate."
 
-        cert_obj = OpenSSL::X509::Certificate.new(raw_source) # A certificate object in memory
+        # Extension of the certificate
+        ext = ::File.extname(new_resource.source)
+        cert_obj = fetch_cert_object(ext) # Fetch OpenSSL::X509::Certificate object
         thumbprint = OpenSSL::Digest::SHA1.new(cert_obj.to_der).to_s # Fetch its thumbprint
 
         # Need to check if return value is Boolean:true
@@ -69,7 +71,11 @@ class Chef
           Chef::Log.debug("Certificate is already present")
         else
           converge_by("Adding certificate #{new_resource.source} into Store #{new_resource.store_name}") do
-            add_cert(cert_obj)
+            if ext == ".pfx"
+              add_pfx_cert
+            else
+              add_cert(cert_obj)
+            end
           end
         end
       end
@@ -139,6 +145,11 @@ class Chef
           store.add(cert_obj)
         end
 
+        def add_pfx_cert
+          store = ::Win32::Certstore.open(new_resource.store_name)
+          store.add_pfx(new_resource.source, new_resource.pfx_password)
+        end
+
         def delete_cert
           store = ::Win32::Certstore.open(new_resource.store_name)
           store.delete(new_resource.source)
@@ -235,6 +246,7 @@ class Chef
 
         def acl_script(hash)
           return "" if new_resource.private_key_acl.nil? || new_resource.private_key_acl.empty?
+
           # this PS came from http://blogs.technet.com/b/operationsguy/archive/2010/11/29/provide-access-to-private-keys-commandline-vs-powershell.aspx
           # and from https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx
           set_acl_script = <<-EOH
@@ -260,38 +272,43 @@ class Chef
           set_acl_script
         end
 
-        # Returns the certificate string of the given
-        # input certificate in PEM format
-        def raw_source
-          ext = ::File.extname(new_resource.source)
-          convert_pem(ext, new_resource.source)
-        end
-
-        # Uses powershell command to convert crt/der/cer/pfx & p7b certificates
-        # In PEM format and returns its certificate content
-        def convert_pem(ext, source)
-          out = case ext
-                when ".crt", ".der"
-                  powershell_out("openssl x509 -text -inform DER -in #{source} -outform PEM").stdout
-                when ".cer"
-                  powershell_out("openssl x509 -text -inform DER -in #{source} -outform PEM").stdout
-                when ".pfx"
-                  powershell_out("openssl pkcs12 -in #{source} -nodes -passin pass:'#{new_resource.pfx_password}'").stdout
-                when ".p7b"
-                  powershell_out("openssl pkcs7 -print_certs -in #{source} -outform PEM").stdout
-                end
-          out = ::File.read(source) if out.nil? || out.empty?
-          format_raw_out(out)
+        # Method returns an OpenSSL::X509::Certificate object
+        #
+        # Based on its extension, the certificate contents are used to initialize
+        # PKCS12 (PFX), PKCS7 (P7B) objects which contains OpenSSL::X509::Certificate.
+        #
+        # @note Other then PEM, all the certificates are usually in binary format, and hence
+        #       their contents are loaded by using File.binread
+        #
+        # @param ext [String] Extension of the certificate
+        #
+        # @return [OpenSSL::X509::Certificate] Object containing certificate's attributes
+        #
+        # @raise [OpenSSL::PKCS12::PKCS12Error] When incorrect password is provided for PFX certificate
+        #
+        def fetch_cert_object(ext)
+          contents = if binary_cert?
+                       ::File.binread(new_resource.source)
+                     else
+                       ::File.read(new_resource.source)
+                     end
+
+          case ext
+          when ".pfx"
+            OpenSSL::PKCS12.new(contents, new_resource.pfx_password).certificate
+          when ".p7b"
+            OpenSSL::PKCS7.new(contents).certificates.first
+          else
+            OpenSSL::X509::Certificate.new(contents)
+          end
         end
 
-        # Returns the certificate content
-        def format_raw_out(out)
-          begin_cert = "-----BEGIN CERTIFICATE-----"
-          end_cert = "-----END CERTIFICATE-----"
-          begin_cert + out[/#{begin_cert}(.*?)#{end_cert}/m, 1] + end_cert
+        # @return [Boolean] Whether the certificate file is binary encoded or not
+        #
+        def binary_cert?
+          powershell_out!("file -b --mime-encoding #{new_resource.source}").stdout.strip == "binary"
         end
       end
-
     end
   end
 end

data/lib/chef/resource/windows_env.rb

@@ -32,7 +32,7 @@ class Chef
       allowed_actions :create, :delete, :modify
 
       property :key_name, String,
-               description: "The name of the key that is to be created, deleted, or modified.",
+               description: "An optional property to set the name of the key that is to be created, deleted, or modified if it differs from the resource block's name.",
                identity: true, name_property: true
 
       property :value, String,

data/lib/chef/resource/windows_feature.rb

@@ -28,7 +28,7 @@ class Chef
       introduced "14.0"
 
       property :feature_name, [Array, String],
-               description: "The name of the feature(s) or role(s) to install, if it differs from the resource block's name. The same feature may have different names depending on the underlying installation method being used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS).",
+               description: "The name of the feature(s) or role(s) to install if they differ from the resource block's name. The same feature may have different names depending on the underlying installation method being used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS).",
                name_property: true
 
       property :source, String,

data/lib/chef/resource/windows_feature_dism.rb

@@ -29,7 +29,7 @@ class Chef
       introduced "14.0"
 
       property :feature_name, [Array, String],
-               description: "The name of the feature(s) or role(s) to install, if it differs from the resource name.",
+               description: "The name of the feature(s) or role(s) to install if they differ from the resource name.",
                coerce: proc { |x| to_formatted_array(x) },
                name_property: true
 

data/lib/chef/resource/windows_feature_powershell.rb

@@ -31,7 +31,7 @@ class Chef
       introduced "14.0"
 
       property :feature_name, [Array, String],
-               description: "The name of the feature(s) or role(s) to install, if it differs from the resource block's name.",
+               description: "The name of the feature(s) or role(s) to install if they differ from the resource block's name.",
                coerce: proc { |x| to_formatted_array(x) },
                name_property: true
 

data/lib/chef/resource/windows_firewall_rule.rb

@@ -32,7 +32,7 @@ class Chef
 
       property :rule_name, String,
                name_property: true,
-               description: "The name to assign to the firewall rule."
+               description: "An optional property to set the name of the firewall rule to assign if it differs from the resource block's name."
 
       property :description, String,
                default: "Firewall rule",

data/lib/chef/resource/windows_font.rb

@@ -29,7 +29,7 @@ class Chef
       introduced "14.0"
 
       property :font_name, String,
-               description: "The name of the font file to install, if it differs from the resource name.",
+               description: "An optional property to set the name of the font to install if it differs from the resource block's name.",
                name_property: true
 
       property :source, String,

data/lib/chef/resource/windows_pagefile.rb

@@ -28,7 +28,7 @@ class Chef
 
       property :path, String,
                coerce: proc { |x| x.tr("/", '\\') },
-               description: "The path to the pagefile if different from the resource name.",
+               description: "An optional property to set the pagefile name if it differs from the resource block's name.",
                name_property: true
 
       property :system_managed, [TrueClass, FalseClass],

data/lib/chef/resource/windows_path.rb

@@ -31,7 +31,7 @@ class Chef
       default_action :add
 
       property :path, String,
-               description: "The name of the value to add to the system path",
+               description: "An optional property to set the path value if it differs from the resource block's name.",
                name_property: true
     end
   end

data/lib/chef/resource/windows_printer.rb

@@ -31,7 +31,7 @@ class Chef
       introduced "14.0"
 
       property :device_id, String,
-               description: "Printer queue name, such as 'HP LJ 5200 in fifth floor copy room'.",
+               description: "An optional property to set the printer queue name if it differs from the resource block's name. Example: 'HP LJ 5200 in fifth floor copy room'.",
                name_property: true
 
       property :comment, String,

data/lib/chef/resource/windows_share.rb

@@ -21,6 +21,7 @@
 
 require "chef/resource"
 require "chef/json_compat"
+require "chef/util/path_helper"
 
 class Chef
   class Resource
@@ -33,7 +34,7 @@ class Chef
 
       # Specifies a name for the SMB share. The name may be composed of any valid file name characters, but must be less than 80 characters long. The names pipe and mailslot are reserved for use by the computer.
       property :share_name, String,
-               description: "The name to assign to the share.",
+               description: "An optional property to set the share name if it differs from the resource block's name.",
                name_property: true
 
       # Specifies the path of the location of the folder to share. The path must be fully qualified. Relative paths or paths that contain wildcard characters are not permitted.
@@ -184,10 +185,12 @@ class Chef
 
         converge_if_changed do
           # you can't actually change the path so you have to delete the old share first
-          delete_share if different_path?
-
-          # powershell cmdlet for create is different than updates
-          if current_resource.nil?
+          if different_path?
+            Chef::Log.debug("The path has changed so we will delete and recreate share")
+            delete_share
+            create_share
+          elsif current_resource.nil?
+            # powershell cmdlet for create is different than updates
             Chef::Log.debug("The current resource is nil so we will create a new share")
             create_share
           else
@@ -215,7 +218,7 @@ class Chef
       action_class do
         def different_path?
           return false if current_resource.nil? # going from nil to something isn't different for our concerns
-          return false if current_resource.path == new_resource.path
+          return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path)
           true
         end
 
@@ -236,7 +239,7 @@ class Chef
         def create_share
           raise "#{new_resource.path} is missing or not a directory. Shares cannot be created if the path doesn't first exist." unless ::File.directory? new_resource.path
 
-          share_cmd = "New-SmbShare -Name '#{new_resource.share_name}' -Path '#{new_resource.path}' -Description '#{new_resource.description}' -ConcurrentUserLimit #{new_resource.concurrent_user_limit} -CATimeout #{new_resource.ca_timeout} -EncryptData:#{bool_string(new_resource.encrypt_data)} -ContinuouslyAvailable:#{bool_string(new_resource.continuously_available)}"
+          share_cmd = "New-SmbShare -Name '#{new_resource.share_name}' -Path '#{Chef::Util::PathHelper.cleanpath(new_resource.path)}' -Description '#{new_resource.description}' -ConcurrentUserLimit #{new_resource.concurrent_user_limit} -CATimeout #{new_resource.ca_timeout} -EncryptData:#{bool_string(new_resource.encrypt_data)} -ContinuouslyAvailable:#{bool_string(new_resource.continuously_available)}"
           share_cmd << " -ScopeName #{new_resource.scope_name}" unless new_resource.scope_name == "*" # passing * causes the command to fail
           share_cmd << " -Temporary:#{bool_string(new_resource.temporary)}" if new_resource.temporary # only set true
 

data/lib/chef/resource/windows_shortcut.rb

@@ -28,7 +28,7 @@ class Chef
       introduced "14.0"
 
       property :shortcut_name, String,
-               description: "The name for the shortcut, if it differs from the resource name.",
+               description: "An optional property to set the shortcut name if it differs from the resource block's name.",
                name_property: true
 
       property :target, String,

data/lib/chef/resource/windows_task.rb

@@ -32,7 +32,7 @@ class Chef
       default_action :create
 
       property :task_name, String, regex: [/\A[^\/\:\*\?\<\>\|]+\z/],
-               description: "The task name, such as 'Task Name' or '/Task Name'",
+               description: "An optional property to set the task name if it differs from the resource block's name. Example: 'Task Name' or '/Task Name'",
                name_property: true
 
       property :command, String,

data/lib/chef/resource/windows_workgroup.rb

@@ -30,7 +30,7 @@ class Chef
       introduced "14.5"
 
       property :workgroup_name, String,
-               description: "The name of the workgroup for the computer.",
+               description: "An optional property to set the workgroup name if it differs from the resource block's name.",
                validation_message: "The 'workgroup_name' property must not contain spaces.",
                regex: /^\S*$/, # no spaces
                name_property: true

data/lib/chef/resource/yum_repository.rb

@@ -143,7 +143,7 @@ class Chef
                description: "Determines whether to report the instance ID when using Amazon Linux AMIs and repositories."
 
       property :repositoryid, String, regex: [/^[^\/]+$/],
-               description: "Specifies a unique name for each repository, one word. Defaults to name property.",
+               description: "An optional property to set the repository name if it differs from the resource block's name.",
                validation_message: "repositoryid property cannot contain a forward slash '/'",
                name_property: true
 

data/lib/chef/resource/zypper_repository.rb

@@ -30,7 +30,7 @@ class Chef
 
       property :repo_name, String,
                regex: [/^[^\/]+$/],
-               description: "Specifies the repository name, if it differs from the resource name.",
+               description: "An optional property to set the repository name if it differs from the resource block's name.",
                validation_message: "repo_name property cannot contain a forward slash '/'",
                name_property: true
 

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require "chef/version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("../..", __FILE__)
-  VERSION = Chef::VersionString.new("14.10.9")
+  VERSION = Chef::VersionString.new("14.11.21")
 end
 
 #

data/spec/data/windows_certificates/base64_test.cer

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDjjCCAnagAwIBAgIQNH6iXZnEKbFOEQ7D9f9iCTANBgkqhkiG9w0BAQsFADBK
+MSMwIQYDVQQDDBpBIEJhc2U2NCBEdW1teSBDZXJ0aWZpY2F0ZTEjMCEGCSqGSIb3
+DQEJARYUdGVzdGJ5cnNwZWNAY2hlZi5jb20wHhcNMTkwMjEyMDk1ODM2WhcNMjAw
+MjEyMTAxODM2WjBKMSMwIQYDVQQDDBpBIEJhc2U2NCBEdW1teSBDZXJ0aWZpY2F0
+ZTEjMCEGCSqGSIb3DQEJARYUdGVzdGJ5cnNwZWNAY2hlZi5jb20wggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSy2Qlf2k1X3y/YgEjnvD0K8NeKgXKKi62
+RHRMTJ2+6KSg+I1MqHZC+BVrfzehuJVby5kM7tGLF8FvM3q7X/5oSPg8pvLZzIV0
+pBrpVPCTYw8fnlmFKBt/+m2XOqsWyL59yP+p66SHAKmoLYTGu8dkGvgJn3dwKNen
+VFmwadteVfKs2wFW/ZwUxH4aLloCa8KSyqstIXrYQmdqqFOSuEgkynalD19dozSv
+QtkQ9FZPuFGDwNpdO7OrcjE1lTUlzuth7CqV/pj4GYJhK/PPtO8Ing/BtwZm5XB8
+2yvvLVnL7Y/hikg2ENKA9fOYk52zR/kkd7d8qoJva7WlYEXTZvpdAgMBAAGjcDBu
+MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw
+HgYDVR0RBBcwFYITd3d3LnRlc3RieXJzcGVjLmNvbTAdBgNVHQ4EFgQUuL1l247K
+h+cVH9LehmQgXuV8F6MwDQYJKoZIhvcNAQELBQADggEBAMTJW5tSZ/g2AP45EUwj
+PLDnDLY4YnsJDQ7Jo58EAY6givUc+ZnKRWxYAYNBOKcqDM5E4pXi3Fa1lKYR1vMu
+5AThPaDXhv18ljGAs21MYt9hl7PqdzbfX4ejF+jCD4UrE8bGtxuDc1WQ2HbeJtdj
+0j7BPPNXfcvPAIyX3BEOQFUPgvVAqzWMQLpdUKg+sNUJZijqKQv11xVALGHtxqGB
+1MFrdl6D/idODfhcdo2n1tBMyOGhHwEOBLqB1PTH72g5J4BVx4iwH/gh8PRmMy0P
+eJkNspgOBGPOhNpe7bhmK45MBuJpmjyl/CYCqtQvaEdpbuRQIgc2e+YRMfR71qYp
+Em8=
+-----END CERTIFICATE-----

data/spec/functional/resource/windows_certificate_spec.rb

@@ -60,7 +60,9 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do
   let(:store) { "Chef-Functional-Test" }
   let(:certificate_path) { File.expand_path(File.join(CHEF_SPEC_DATA, "windows_certificates")) }
   let(:cer_path) { File.join(certificate_path, "test.cer") }
+  let(:base64_path) { File.join(certificate_path, "base64_test.cer") }
   let(:pem_path) { File.join(certificate_path, "test.pem") }
+  let(:pfx_path) { File.join(certificate_path, "test.pfx") }
   let(:out_path) { File.join(certificate_path, "testout.pem") }
   let(:tests_thumbprint) { "3180B3E3217862600BD7B2D28067B03D41576A4F" }
   let(:other_cer_path) { File.join(certificate_path, "othertest.cer") }
@@ -157,6 +159,81 @@ describe Chef::Resource::WindowsCertificate, :windows_only, :appveyor_only do
     end
   end
 
+  describe "Works for various formats" do
+    context "Adds CER" do
+      before do
+        win_certificate.source = cer_path
+        win_certificate.run_action(:create)
+      end
+      it "Imports certificate into store" do
+        expect(no_of_certificates).to eq(1)
+      end
+      it "Idempotent: Does not converge while adding again" do
+        win_certificate.run_action(:create)
+        expect(no_of_certificates).to eq(1)
+        expect(win_certificate).not_to be_updated_by_last_action
+      end
+    end
+
+    context "Adds Base64 Encoded CER" do
+      before do
+        win_certificate.source = base64_path
+        win_certificate.run_action(:create)
+      end
+      it "Imports certificate into store" do
+        expect(no_of_certificates).to eq(1)
+      end
+      it "Idempotent: Does not converge while adding again" do
+        win_certificate.run_action(:create)
+        expect(no_of_certificates).to eq(1)
+        expect(win_certificate).not_to be_updated_by_last_action
+      end
+    end
+
+    context "Adds PEM" do
+      before do
+        win_certificate.source = pem_path
+        win_certificate.run_action(:create)
+      end
+      it "Imports certificate into store" do
+        expect(no_of_certificates).to eq(1)
+      end
+      it "Idempotent: Does not converge while adding again" do
+        win_certificate.run_action(:create)
+        expect(no_of_certificates).to eq(1)
+        expect(win_certificate).not_to be_updated_by_last_action
+      end
+    end
+
+    context "Adds PFX" do
+      context "With valid password" do
+        before do
+          win_certificate.source = pfx_path
+          win_certificate.pfx_password = password
+          win_certificate.run_action(:create)
+        end
+        it "Imports certificate into store" do
+          expect(no_of_certificates).to eq(1)
+        end
+        it "Idempotent: Does not converge while adding again" do
+          win_certificate.run_action(:create)
+          expect(no_of_certificates).to eq(1)
+          expect(win_certificate).not_to be_updated_by_last_action
+        end
+      end
+
+      context "With Invalid password" do
+        before do
+          win_certificate.source = pfx_path
+          win_certificate.pfx_password = "Invalid password"
+        end
+        it "Raises an error" do
+          expect { win_certificate.run_action(:create) }.to raise_error(OpenSSL::PKCS12::PKCS12Error)
+        end
+      end
+    end
+  end
+
   describe "action: verify" do
     context "When a certificate is not present" do
       before do

data/spec/functional/resource/windows_task_spec.rb

@@ -43,92 +43,129 @@ describe Chef::Resource::WindowsTask, :windows_only do
         new_resource
       end
 
-      it "creates scheduled task and sets command arguments" do
-        subject.command "chef-client -W"
-        call_for_create_action
-        # loading current resource again to check new task is creted and it matches task parameters
-        current_resource = call_for_load_current_resource
-        expect(current_resource.exists).to eq(true)
-        expect(current_resource.task.application_name).to eq("chef-client")
-        expect(current_resource.task.parameters).to eq("-W")
-      end
+      context "With Arguments" do
+        it "creates scheduled task and sets command arguments" do
+          subject.command "chef-client -W"
+          call_for_create_action
+          # loading current resource again to check new task is creted and it matches task parameters
+          current_resource = call_for_load_current_resource
+          expect(current_resource.exists).to eq(true)
+          expect(current_resource.task.application_name).to eq("chef-client")
+          expect(current_resource.task.parameters).to eq("-W")
+        end
 
-      it "does not converge the resource if it is already converged" do
-        subject.command "chef-client -W"
-        subject.run_action(:create)
-        subject.command "chef-client -W"
-        subject.run_action(:create)
-        expect(subject).not_to be_updated_by_last_action
-      end
+        it "does not converge the resource if it is already converged" do
+          subject.command "chef-client -W"
+          subject.run_action(:create)
+          subject.command "chef-client -W"
+          subject.run_action(:create)
+          expect(subject).not_to be_updated_by_last_action
+        end
 
-      it "creates scheduled task and sets command arguments when arguments inclusive single quotes" do
-        subject.command "chef-client -W -L 'C:\\chef\\chef-ad-join.log'"
-        call_for_create_action
-        # loading current resource again to check new task is creted and it matches task parameters
-        current_resource = call_for_load_current_resource
-        expect(current_resource.exists).to eq(true)
-        expect(current_resource.task.application_name).to eq("chef-client")
-        expect(current_resource.task.parameters).to eq("-W -L 'C:\\chef\\chef-ad-join.log'")
-      end
+        it "creates scheduled task and sets command arguments when arguments inclusive single quotes" do
+          subject.command "chef-client -W -L 'C:\\chef\\chef-ad-join.log'"
+          call_for_create_action
+          # loading current resource again to check new task is creted and it matches task parameters
+          current_resource = call_for_load_current_resource
+          expect(current_resource.exists).to eq(true)
+          expect(current_resource.task.application_name).to eq("chef-client")
+          expect(current_resource.task.parameters).to eq("-W -L 'C:\\chef\\chef-ad-join.log'")
+        end
 
-      it "does not converge the resource if it is already converged" do
-        subject.command "chef-client -W -L 'C:\\chef\\chef-ad-join.log'"
-        subject.run_action(:create)
-        subject.command "chef-client -W -L 'C:\\chef\\chef-ad-join.log'"
-        subject.run_action(:create)
-        expect(subject).not_to be_updated_by_last_action
-      end
+        it "does not converge the resource if it is already converged" do
+          subject.command "chef-client -W -L 'C:\\chef\\chef-ad-join.log'"
+          subject.run_action(:create)
+          subject.command "chef-client -W -L 'C:\\chef\\chef-ad-join.log'"
+          subject.run_action(:create)
+          expect(subject).not_to be_updated_by_last_action
+        end
 
-      it "creates scheduled task and sets command arguments with spaces in command" do
-        subject.command '"C:\\Program Files\\example\\program.exe" -arg1 --arg2'
-        call_for_create_action
-        current_resource = call_for_load_current_resource
-        expect(current_resource.exists).to eq(true)
-        expect(current_resource.task.application_name).to eq('"C:\\Program Files\\example\\program.exe"')
-        expect(current_resource.task.parameters).to eq("-arg1 --arg2")
+        it "creates scheduled task and sets command arguments with spaces in command" do
+          subject.command '"C:\\Program Files\\example\\program.exe" -arg1 --arg2'
+          call_for_create_action
+          current_resource = call_for_load_current_resource
+          expect(current_resource.exists).to eq(true)
+          expect(current_resource.task.application_name).to eq('"C:\\Program Files\\example\\program.exe"')
+          expect(current_resource.task.parameters).to eq("-arg1 --arg2")
+        end
+
+        it "does not converge the resource if it is already converged" do
+          subject.command '"C:\\Program Files\\example\\program.exe" -arg1 --arg2'
+          subject.run_action(:create)
+          subject.command '"C:\\Program Files\\example\\program.exe" -arg1 --arg2'
+          subject.run_action(:create)
+          expect(subject).not_to be_updated_by_last_action
+        end
+
+        it "creates scheduled task and sets command arguments with spaces in arguments" do
+          subject.command 'powershell.exe -file "C:\\Program Files\\app\\script.ps1"'
+          call_for_create_action
+          current_resource = call_for_load_current_resource
+          expect(current_resource.exists).to eq(true)
+          expect(current_resource.task.application_name).to eq("powershell.exe")
+          expect(current_resource.task.parameters).to eq('-file "C:\\Program Files\\app\\script.ps1"')
+        end
+
+        it "does not converge the resource if it is already converged" do
+          subject.command 'powershell.exe -file "C:\\Program Files\\app\\script.ps1"'
+          subject.run_action(:create)
+          subject.command 'powershell.exe -file "C:\\Program Files\\app\\script.ps1"'
+          subject.run_action(:create)
+          expect(subject).not_to be_updated_by_last_action
+        end
+
+        it "creates scheduled task and sets command arguments" do
+          subject.command "ping http://www.google.com"
+          call_for_create_action
+          # loading current resource again to check new task is creted and it matches task parameters
+          current_resource = call_for_load_current_resource
+          expect(current_resource.exists).to eq(true)
+          expect(current_resource.task.application_name).to eq("ping")
+          expect(current_resource.task.parameters).to eq("http://www.google.com")
+        end
+
+        it "does not converge the resource if it is already converged" do
+          subject.command "ping http://www.google.com"
+          subject.run_action(:create)
+          subject.command "ping http://www.google.com"
+          subject.run_action(:create)
+          expect(subject).not_to be_updated_by_last_action
+        end
       end
 
-      it "does not converge the resource if it is already converged" do
-        subject.command '"C:\\Program Files\\example\\program.exe" -arg1 --arg2'
-        subject.run_action(:create)
-        subject.command '"C:\\Program Files\\example\\program.exe" -arg1 --arg2'
-        subject.run_action(:create)
-        expect(subject).not_to be_updated_by_last_action
+      context "Without Arguments" do
+        it "creates scheduled task and sets command arguments" do
+          subject.command "chef-client"
+          call_for_create_action
+          # loading current resource again to check new task is creted and it matches task parameters
+          current_resource = call_for_load_current_resource
+          expect(current_resource.exists).to eq(true)
+          expect(current_resource.task.application_name).to eq("chef-client")
+          expect(current_resource.task.parameters).to be_empty
+        end
+
+        it "does not converge the resource if it is already converged" do
+          subject.command "chef-client"
+          subject.run_action(:create)
+          subject.command "chef-client"
+          subject.run_action(:create)
+          expect(subject).not_to be_updated_by_last_action
+        end
       end
 
-      it "creates scheduled task and sets command arguments with spaces in arguments" do
+      it "creates scheduled task and Re-sets command arguments" do
         subject.command 'powershell.exe -file "C:\\Program Files\\app\\script.ps1"'
-        call_for_create_action
+        subject.run_action(:create)
         current_resource = call_for_load_current_resource
-        expect(current_resource.exists).to eq(true)
         expect(current_resource.task.application_name).to eq("powershell.exe")
         expect(current_resource.task.parameters).to eq('-file "C:\\Program Files\\app\\script.ps1"')
-      end
 
-      it "does not converge the resource if it is already converged" do
-        subject.command 'powershell.exe -file "C:\\Program Files\\app\\script.ps1"'
-        subject.run_action(:create)
-        subject.command 'powershell.exe -file "C:\\Program Files\\app\\script.ps1"'
+        subject.command "powershell.exe"
         subject.run_action(:create)
-        expect(subject).not_to be_updated_by_last_action
-      end
-
-      it "creates scheduled task and sets command arguments" do
-        subject.command "ping http://www.google.com"
-        call_for_create_action
-        # loading current resource again to check new task is creted and it matches task parameters
         current_resource = call_for_load_current_resource
-        expect(current_resource.exists).to eq(true)
-        expect(current_resource.task.application_name).to eq("ping")
-        expect(current_resource.task.parameters).to eq("http://www.google.com")
-      end
-
-      it "does not converge the resource if it is already converged" do
-        subject.command "ping http://www.google.com"
-        subject.run_action(:create)
-        subject.command "ping http://www.google.com"
-        subject.run_action(:create)
-        expect(subject).not_to be_updated_by_last_action
+        expect(current_resource.task.application_name).to eq("powershell.exe")
+        expect(current_resource.task.parameters).to be_empty
+        expect(subject).to be_updated_by_last_action
       end
     end
 

data/spec/unit/knife/bootstrap_spec.rb

@@ -442,6 +442,7 @@ describe Chef::Knife::Bootstrap do
     end
 
     it "doesn't create /etc/chef/trusted_certs if :trusted_certs_dir is empty" do
+      allow(Dir).to receive(:glob).and_call_original
       expect(Dir).to receive(:glob).with(File.join(trusted_certs_dir, "*.{crt,pem}")).and_return([])
       expect(rendered_template).not_to match(%r{mkdir -p /etc/chef/trusted_certs})
     end

data/spec/unit/provider/mount/aix_spec.rb

@@ -202,12 +202,20 @@ WRONG
     it "should enable mount if it is mounted and not enabled" do
       @new_resource.options("nodev,rw")
       stub_mounted_enabled(@provider, @mounted_output, "")
+      # Add existing mount to test enable action appends additional mount with seperating blank line
       filesystems = StringIO.new
+      filesystems.puts <<~ETCFILESYSTEMS
+        /tmp/abc:
+          dev   = /dev/sdz2
+          vfs   = jfs2
+          mount   = true
+          options   = rw
+      ETCFILESYSTEMS
       allow(::File).to receive(:open).with("/etc/filesystems", "a").and_yield(filesystems)
 
       @provider.run_action(:enable)
 
-      expect(filesystems.string).to match(%r{^/tmp/foo:\n\tdev\t\t= /dev/sdz1\n\tvfs\t\t= jfs2\n\tmount\t\t= false\n\toptions\t\t= nodev,rw\n$})
+      expect(filesystems.string).to match(%r{^\n\n/tmp/foo:\n\tdev\t\t= /dev/sdz1\n\tvfs\t\t= jfs2\n\tmount\t\t= false\n\toptions\t\t= nodev,rw\n$})
     end
 
     it "should not enable mount if it is mounted and already enabled and mount options are unchanged" do

data/spec/unit/provider/package/chocolatey_spec.rb

@@ -282,7 +282,7 @@ describe Chef::Provider::Package::Chocolatey do
     end
 
     it "should pass options into the install command" do
-      allow_remote_list(["git"])
+      allow_remote_list(["git"], " -force")
       new_resource.options("-force")
       provider.load_current_resource
       expect(provider).to receive(:shell_out_compacted!).with("#{choco_exe} install -y -force git", { returns: [0], timeout: timeout }).and_return(double)
@@ -313,6 +313,35 @@ describe Chef::Provider::Package::Chocolatey do
         expect { provider.run_action(:install) }.to raise_error(Chef::Exceptions::Package)
       end
     end
+
+    context "private source" do
+      it "installing a package without auth options throws an error" do
+        allow_remote_list(["package-without-auth"], " -source auth_source")
+        new_resource.package_name("package-without-auth")
+        new_resource.source("auth_source")
+        provider.load_current_resource
+        expect { provider.run_action(:install) }.to raise_error(Chef::Exceptions::Package)
+      end
+
+      it "installing a package with invalid credentials throws an error" do
+        allow_remote_list(["package-invalid-auth"], " -source auth_source -u user -p password")
+        new_resource.package_name("package-invalid-auth")
+        new_resource.source("auth_source")
+        new_resource.options("-u user -p password")
+        provider.load_current_resource
+        expect { provider.run_action(:install) }.to raise_error(Chef::Exceptions::Package)
+      end
+
+      it "installing a package with valid credentials" do
+        allow_remote_list(["git"], " -source auth_source -u user -p password")
+        new_resource.source("auth_source")
+        new_resource.options("-u user -p password")
+        provider.load_current_resource
+        expect(provider).to receive(:shell_out_compacted!).with("#{choco_exe} install -y -u user -p password -source auth_source git", { returns: [0], timeout: timeout }).and_return(double)
+        provider.run_action(:install)
+        expect(new_resource).to be_updated_by_last_action
+      end
+    end
   end
 
   describe "#action_upgrade" do

data/spec/unit/resource/openssl_dhparam.rb

@@ -53,4 +53,9 @@ describe Chef::Resource::OpensslDhparam do
     expect { resource.key_length 1234 }.to raise_error(ArgumentError)
   end
 
+  it "sets the mode which user provides for existing file" do
+    resource.mode "0600"
+    expect(resource.mode).to eql("0600")
+  end
+
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 14.10.9
+  version: 14.11.21
 platform: ruby
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-29 00:00:00.000000000 Z
+date: 2019-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 14.10.9
+        version: 14.11.21
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 14.10.9
+        version: 14.11.21
 - !ruby/object:Gem::Dependency
   name: mixlib-cli
   requirement: !ruby/object:Gem::Requirement
@@ -1696,6 +1696,7 @@ files:
 - spec/data/trusted_certs/intermediate.pem
 - spec/data/trusted_certs/opscode.pem
 - spec/data/trusted_certs/root.pem
+- spec/data/windows_certificates/base64_test.cer
 - spec/data/windows_certificates/othertest.cer
 - spec/data/windows_certificates/test.cer
 - spec/data/windows_certificates/test.pem
@@ -2556,7 +2557,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 2.7.9
 signing_key: 
 specification_version: 4
 summary: A systems integration framework, built to bring the benefits of configuration