chef 18.1.29 → 18.2.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01fc036d9cbe5a20b0ca17c3d09db60986f92c4759ce2b20212e0b34d9a57535
-  data.tar.gz: 16f9392fddd572bf0d5e58c35d2018a423ee20858038af6bc0d49aa5cdd55626
+  metadata.gz: ae48a568217d00b159123bf621bdaee21412909ef553f400719f251559c8a4d4
+  data.tar.gz: 553c80d44e9babb553588b0d01beac0a413aec6b0d21fdbaaf754cc1b3fa0928
 SHA512:
-  metadata.gz: e7ca0d1982af93db302d882654d42544dee4344ee9c9025c8ea857e2bf6fcb9f6dfdebd7b8eb78dd559e88d4597a6153d3acd04397eb708cc419ca0f782ed380
-  data.tar.gz: 673c088d0f223b34daa9cf14a7598d80d0b5c7276e6478d54a93e64c12550235a05c10d39cba1d9d522a5b42fa654c113d943e618c1e4eea9cf45bae9ec81ae2
+  metadata.gz: 3b2df041625cd266ae86c1a899c69493190f09018714cf281486291958268a669d65103555b63f0104345b5e281248d9bf7a2157a2de3632d92f84b4ed72c99c
+  data.tar.gz: 54b4391ec722faa770d54b7d5c6650285ab3dfdb933eed86938d579fb92b1501ad4bf3848e3f17950316eb5c8d9bc2bc99e044368246940321b10f3ddaaa1e97

data/chef-universal-mingw-ucrt.gemspec

@@ -15,9 +15,9 @@ gemspec.add_dependency "wmi-lite", "~> 1.0"
 gemspec.add_dependency "win32-taskscheduler", "~> 2.0"
 gemspec.add_dependency "iso8601", ">= 0.12.1", "< 0.14" # validate 0.14 when it comes out
 gemspec.add_dependency "win32-certstore", "~> 0.6.15" # 0.5+ required for specifying user vs. system store
-gemspec.add_dependency "chef-powershell", "~> 1.0.12" # The guts of the powershell_exec code have been moved to its own gem, chef-powershell. It's part of the chef-powershell-shim repo.
+gemspec.add_dependency "chef-powershell", "~> 18.0.0" # The guts of the powershell_exec code have been moved to its own gem, chef-powershell. It's part of the chef-powershell-shim repo.
 
 gemspec.extensions << "ext/win32-eventlog/Rakefile"
 gemspec.files += Dir.glob("{distro,ext}/**/*")
 
-gemspec
+gemspec

data/chef.gemspec

@@ -49,8 +49,7 @@ Gem::Specification.new do |s|
   s.add_dependency "net-ftp" # remote_file resource
   s.add_dependency "erubis", "~> 2.7" # template resource / cookbook syntax check
   s.add_dependency "diff-lcs", ">= 1.2.4", "!= 1.4.0", "< 1.6.0" # 1.4 breaks output. Used in lib/chef/util/diff
-  # s.add_dependency "ffi-libarchive", "~> 1.0", ">= 1.0.3" # archive_file resource
-  s.add_dependency "ffi-libarchive", "~> 1.1", ">= 1.1.3"
+  s.add_dependency "ffi-libarchive", "~> 1.0", ">= 1.0.3" # archive_file resource
   s.add_dependency "chef-zero", ">= 14.0.11"
   s.add_dependency "chef-vault" # chef-vault resources and helpers
 

data/lib/chef/http/authenticator.rb

@@ -124,11 +124,11 @@ class Chef
       end
 
       def self.get_cert_user
-        Chef::Config[:auth_key_registry_type] == "user" ? store = "CurrentUser" : store = "LocalMachine"
+        Chef::Config[:auth_key_registry_type] == "user" ? "CurrentUser" : "LocalMachine"
       end
 
       def self.get_registry_user
-        Chef::Config[:auth_key_registry_type] == "user" ? store = "HKEY_CURRENT_USER" : store = "HKEY_LOCAL_MACHINE"
+        Chef::Config[:auth_key_registry_type] == "user" ? "HKEY_CURRENT_USER" : "HKEY_LOCAL_MACHINE"
       end
 
       def self.check_certstore_for_key(client_name)

data/lib/chef/mixin/proxified_socket.rb

@@ -15,7 +15,7 @@
 # limitations under the License.
 #
 
-require "proxifier2"
+require "proxifier"
 require "chef-config/mixin/fuzzy_hostname_matcher"
 
 class Chef

data/lib/chef/platform/query_helpers.rb

@@ -17,11 +17,14 @@
 #
 
 require "chef-utils" unless defined?(ChefUtils::CANARY)
+require_relative "../mixin/powershell_exec"
 
 class Chef
   class Platform
 
     class << self
+      include Chef::Mixin::PowershellExec
+
       def windows?
         ChefUtils.windows?
       end
@@ -58,8 +61,7 @@ class Chef
       end
 
       def dsc_refresh_mode_disabled?(node)
-        require_relative "../powershell"
-        exec = Chef::PowerShell.new("Get-DscLocalConfigurationManager")
+        exec = powershell_exec!("Get-DscLocalConfigurationManager")
         exec.error!
         exec.result["RefreshMode"] == "Disabled"
       end

data/lib/chef/resource/macos_userdefaults.rb

@@ -50,15 +50,17 @@ class Chef
         end
         ```
 
-        **Specifying the type of a key to skip automatic type detection**
+        **Setting a value for specific user and hosts**
 
         ```ruby
-        macos_userdefaults 'Finder expanded save dialogs' do
-          key 'NSNavPanelExpandedStateForSaveMode'
-          value 'TRUE'
-          type 'bool'
+        macos_userdefaults 'Enable macOS firewall' do
+          key 'globalstate'
+          value 1
+          user 'jane'
+          host :current
         end
         ```
+
       DOC
 
       property :domain, String,
@@ -79,6 +81,7 @@ class Chef
 
       property :host, [String, Symbol],
         description: "Set either :current, :all or a hostname to set the user default at the host level.",
+        default: :all,
         desired_state: false,
         introduced: "16.3"
 
@@ -94,6 +97,7 @@ class Chef
 
       property :user, [String, Symbol],
         description: "The system user that the default will be applied to. Set :current for current user, :all for all users or pass a valid username",
+        default: :current,
         desired_state: false
 
       property :sudo, [TrueClass, FalseClass],

data/lib/chef/resource/selinux_login.rb

@@ -0,0 +1,129 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative "../resource"
+require_relative "selinux/common_helpers"
+
+class Chef
+  class Resource
+    class SelinuxLogin < Chef::Resource
+      unified_mode true
+
+      provides :selinux_login
+
+      description "Use the **selinux_login** resource to add, update, or remove SELinux user to OS login mappings."
+      introduced "18.1"
+      examples <<~DOC
+      **Manage test OS user mapping with a range of s0 and associated SELinux user test_u**:
+
+      ```ruby
+      selinux_login 'test' do
+        user 'test_u'
+        range 's0'
+      end
+      ```
+      DOC
+
+      property :login, String,
+                name_property: true,
+                description: "An optional property to set the OS user login value if it differs from the resource block's name."
+
+      property :user, String,
+                description: "SELinux user to be mapped."
+
+      property :range, String,
+                description: "MLS/MCS security range for the SELinux user."
+
+      load_current_value do |new_resource|
+        logins = shell_out!("semanage login -l").stdout.split("\n")
+
+        current_login = logins.grep(/^#{Regexp.escape(new_resource.login)}\s+/) do |l|
+          l.match(/^(?<login>[^\s]+)\s+(?<user>[^\s]+)\s+(?<range>[^\s]+)/)
+          # match returns [<Match 'data'>] or [], shift converts that to <Match 'data'> or nil
+        end.shift
+
+        current_value_does_not_exist! unless current_login
+
+        # Existing resources should maintain their current configuration unless otherwise specified
+        new_resource.user ||= current_login[:user]
+        new_resource.range ||= current_login[:range]
+
+        user current_login[:user]
+        range current_login[:range]
+      end
+
+      action_class do
+        include Chef::SELinux::CommonHelpers
+
+        def semanage_login_args
+          # Generate arguments for semanage login -a or -m
+          args = ""
+
+          args += " -s #{new_resource.user}" if new_resource.user
+          args += " -r #{new_resource.range}" if new_resource.range
+
+          args
+        end
+      end
+
+      action :manage, description: "Sets the SELinux login mapping to the desired settings regardless of previous state." do
+        run_action(:add)
+        run_action(:modify)
+      end
+
+      # Create if doesn't exist, do not touch if user already exists
+      action :add, description: "Creates the SELinux login mapping if not previously created." do
+        raise "The user property must be populated to create a new SELinux login" if new_resource.user.to_s.empty?
+
+        if selinux_disabled?
+          Chef::Log.warn("Unable to add SELinux login #{new_resource.login} as SELinux is disabled")
+          return
+        end
+
+        unless current_resource
+          converge_if_changed do
+            shell_out!("semanage login -a#{semanage_login_args} #{new_resource.login}")
+          end
+        end
+      end
+
+      # Only modify port if it exists & doesn't have the correct context already
+      action :modify, description: "Updates the SELinux login mapping if previously created." do
+        if selinux_disabled?
+          Chef::Log.warn("Unable to modify SELinux login #{new_resource.login} as SELinux is disabled")
+          return
+        end
+
+        if current_resource
+          converge_if_changed do
+            shell_out!("semanage login -m#{semanage_login_args} #{new_resource.login}")
+          end
+        end
+      end
+
+      # Delete if exists
+      action :delete, description: "Removes the SELinux login mapping if previously created." do
+        if selinux_disabled?
+          Chef::Log.warn("Unable to delete SELinux login #{new_resource.login} as SELinux is disabled")
+          return
+        end
+
+        if current_resource
+          converge_by "deleting SELinux login #{new_resource.login}" do
+            shell_out!("semanage login -d #{new_resource.login}")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/resource/selinux_user.rb

@@ -0,0 +1,137 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require_relative "../resource"
+require_relative "selinux/common_helpers"
+
+class Chef
+  class Resource
+    class SelinuxUser < Chef::Resource
+      unified_mode true
+
+      provides :selinux_user
+
+      description "Use the **selinux_user** resource to add, update, or remove SELinux users."
+      introduced "18.1"
+      examples <<~DOC
+      **Manage test_u SELinux user with a level and range of s0 and roles sysadm_r and staff_r**:
+
+      ```ruby
+      selinux_user 'test_u' do
+        level 's0'
+        range 's0'
+        roles %w(sysadm_r staff_r)
+      end
+      ```
+      DOC
+
+      property :user, String,
+                name_property: true,
+                description: "An optional property to set the SELinux user value if it differs from the resource block's name."
+
+      property :level, String,
+                description: "MLS/MCS security level for the SELinux user."
+
+      property :range, String,
+                description: "MLS/MCS security range for the SELinux user."
+
+      property :roles, Array,
+                description: "Associated SELinux roles for the user.",
+                coerce: proc { |r| Array(r).sort }
+
+      load_current_value do |new_resource|
+        users = shell_out!("semanage user -l").stdout.split("\n")
+
+        current_user = users.grep(/^#{Regexp.escape(new_resource.user)}\s+/) do |u|
+          u.match(/^(?<user>[^\s]+)\s+(?<prefix>[^\s]+)\s+(?<level>[^\s]+)\s+(?<range>[^\s]+)\s+(?<roles>.*)$/)
+          # match returns [<Match 'data'>] or [], shift converts that to <Match 'data'> or nil
+        end.shift
+
+        current_value_does_not_exist! unless current_user
+
+        # Existing resources should maintain their current configuration unless otherwise specified
+        new_resource.level ||= current_user[:level]
+        new_resource.range ||= current_user[:range]
+        new_resource.roles ||= current_user[:roles].to_s.split.sort
+
+        level current_user[:level]
+        range current_user[:range]
+        roles current_user[:roles].to_s.split.sort
+      end
+
+      action_class do
+        include Chef::SELinux::CommonHelpers
+
+        def semanage_user_args
+          # Generate arguments for semanage user -a or -m
+          args = ""
+
+          args += " -L #{new_resource.level}" if new_resource.level
+          args += " -r #{new_resource.range}" if new_resource.range
+          args += " -R '#{new_resource.roles.join(" ")}'" unless new_resource.roles.to_a.empty?
+
+          args
+        end
+      end
+
+      action :manage, description: "Sets the SELinux user to the desired settings regardless of previous state." do
+        run_action(:add)
+        run_action(:modify)
+      end
+
+      # Create if doesn't exist, do not touch if user already exists
+      action :add, description: "Creates the SELinux user if not previously created." do
+        raise "The roles property must be populated to create a new SELinux user" if new_resource.roles.to_a.empty?
+
+        if selinux_disabled?
+          Chef::Log.warn("Unable to add SELinux user #{new_resource.user} as SELinux is disabled")
+          return
+        end
+
+        unless current_resource
+          converge_if_changed do
+            shell_out!("semanage user -a#{semanage_user_args} #{new_resource.user}")
+          end
+        end
+      end
+
+      # Only modify port if it exists & doesn't have the correct context already
+      action :modify, description: "Updates the SELinux user if previously created." do
+        if selinux_disabled?
+          Chef::Log.warn("Unable to modify SELinux user #{new_resource.user} as SELinux is disabled")
+          return
+        end
+
+        if current_resource
+          converge_if_changed do
+            shell_out!("semanage user -m#{semanage_user_args} #{new_resource.user}")
+          end
+        end
+      end
+
+      # Delete if exists
+      action :delete, description: "Removes the SELinux user if previously created." do
+        if selinux_disabled?
+          Chef::Log.warn("Unable to delete SELinux user #{new_resource.user} as SELinux is disabled")
+          return
+        end
+
+        if current_resource
+          converge_by "deleting SELinux user #{new_resource.user}" do
+            shell_out!("semanage user -d #{new_resource.user}")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/resources.rb

@@ -127,10 +127,12 @@ require_relative "resource/script"
 require_relative "resource/selinux_boolean"
 require_relative "resource/selinux_fcontext"
 require_relative "resource/selinux_install"
+require_relative "resource/selinux_login"
 require_relative "resource/selinux_module"
 require_relative "resource/selinux_permissive"
 require_relative "resource/selinux_port"
 require_relative "resource/selinux_state"
+require_relative "resource/selinux_user"
 require_relative "resource/service"
 require_relative "resource/sudo"
 require_relative "resource/sysctl"

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("18.1.29")
+  VERSION = Chef::VersionString.new("18.2.7")
 end
 
 #

data/spec/data/trusted_certs/intermediate.pem

@@ -1,27 +1,38 @@
------BEGIN CERTIFICATE-----
-MIIEjzCCA3egAwIBAgIQBp4dt3/PHfupevXlyaJANzANBgkqhkiG9w0BAQUFADBh
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
-QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaMEgxCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxIjAgBgNVBAMTGURpZ2lDZXJ0IFNlY3Vy
-ZSBTZXJ2ZXIgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC7V+Qh
-qdWbYDd+jqFhf4HiGsJ1ZNmRUAvkNkQkbjDSm3on+sJqrmpwCTi5IArIZRBKiKwx
-8tyS8mOhXYBjWYCSIxzm73ZKUDXJ2HE4ue3w5kKu0zgmeTD5IpTG26Y/QXiQ2N5c
-fml9+JAVOtChoL76srIZodgr0c6/a91Jq6OS/rWryME+7gEA2KlEuEJziMNh9atK
-gygK0tRJ+mqxzd9XLJTl4sqDX7e6YlwvaKXwwLn9K9HpH9gaYhW9/z2m98vv5ttl
-LyU47PvmIGZYljQZ0hXOIdMkzNkUb9j+Vcfnb7YPGoxJvinyulqagSY3JG/XSBJs
-Lln1nBi72fZo4t9FAgMBAAGjggFaMIIBVjASBgNVHRMBAf8ECDAGAQH/AgEAMA4G
-A1UdDwEB/wQEAwIBhjA0BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6
-Ly9vY3NwLmRpZ2ljZXJ0LmNvbTB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3Js
-My5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3JsMDegNaAzhjFo
-dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRHbG9iYWxSb290Q0EuY3Js
-MD0GA1UdIAQ2MDQwMgYEVR0gADAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5k
-aWdpY2VydC5jb20vQ1BTMB0GA1UdDgQWBBSQcds363PI79zVHhK2NLorWqCmkjAf
-BgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTANBgkqhkiG9w0BAQUFAAOC
-AQEAMM7RlVEArgYLoQ4CwBestn+PIPZAdXQczHixpE/q9NDEnaLegQcmH0CIUfAf
-z7dMQJnQ9DxxmHOIlywZ126Ej6QfnFog41FcsMWemWpPyGn3EP9OrRnZyVizM64M
-2ZYpnnGycGOjtpkWQh1l8/egHn3F1GUUsmKE1GxcCAzYbJMrtHZZitF//wPYwl24
-LyLWOPD2nGt9RuuZdPfrSg6ppgTre87wXGuYMVqYQOtpxAX0IKjKCDplbDgV9Vws
-slXkLGtB8L5cRspKKaBIXiDSRf8F3jSvcEuBOeLKB1d8tjHcISnivpcOd5AUUUDh
-v+PMGxmcJcqnBrJT3yOyzxIZow==
------END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIGrTCCBJWgAwIBAgIQDo0oQK5IJZBWGLOoqeF6RzANBgkqhkiG9w0BAQwFADBJ
+MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xITAfBgNVBAMT
+GERpZ2lDZXJ0IFJTQTQwOTYgUm9vdCBHNTAeFw0yMTA0MTQwMDAwMDBaFw0zMTA0
+MTMyMzU5NTlaMFQxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5j
+LjEsMCoGA1UEAxMjRGlnaUNlcnQgRzUgUlNBNDA5NiBTSEEzODQgMjAyMSBDQTEw
+ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDCwLlUmeGwUTj93uzejg2I
+tHjaSqm+knZ8az09cBAZFLFU9sKDzBHgf43/GpIWIHGLDUGXXZkKtkjJhl6POqda
+XWt/4avSsQgkELz2uefSxhzELBl4o1U50EULTlri3zUBQ11Jr/hfJLxdMAJqKv21
+iVD8GfFDs12Hy08h7IxuA5ROVdBQS2OiU/6Vd4A3uVpzyjaxQsfAvkwz9+3jsozf
+G+kWW+6Fxa3Vt4EbX+3afaBLeIyBlQvPd3pUY8irY3T6MHlglEblraxyGZ3ifvFu
+Vt7S98D5+U4CMFzzGSzCCqMxTkgasTMhP8+PjXRN+mL56xyfw/uVmN9vRPqgbRUD
+g95zx+CRFXgpUQ8yslpl+ECSqCe0cYxm+jWz00VFWtUZAwpE4REGOVdmNGrfNR16
+h7dggpFVfeFy7qCwd9up/sWkBmkZB1zL9ENjg68EH5aEbh+jlbF6HuLv4+jibVlD
+/r+ZW/vJgnMXmUYW1gDl3L//vQ/V4ElqRYzxsSVsq3dwW0SYzI31PKFEb8sqI5IN
+P10MtFtZ1DgISF9I8LJ35dBDqguoonGC0/d+iq2S7ipcpFIo/u3tK/Nu0QvKMEN6
+Dlx6Yhssscj2PhiADKjhRnweWUj/2eKuX8Cb6UmXvh+R4Dm0iEIGop1/r37GUo0z
+nqNszrYZz1zd4GWG6puFWQIDAQABo4IBhDCCAYAwEgYDVR0TAQH/BAgwBgEB/wIB
+ADAdBgNVHQ4EFgQUbYE39zhEfkdCe1al7Lt3ZyEJ9DwwHwYDVR0jBBgwFoAUYm23
+kU/E6qNiYI+g0L61jwZ8aAAwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsG
+AQUFBwMBBggrBgEFBQcDAjB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0
+dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2Vy
+dHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0UlNBNDA5NlJvb3RHNS5jcnQwQwYDVR0f
+BDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0UlNB
+NDA5NlJvb3RHNS5jcmwwPQYDVR0gBDYwNDALBglghkgBhv1sAgEwBwYFZ4EMAQEw
+CAYGZ4EMAQIBMAgGBmeBDAECAjAIBgZngQwBAgMwDQYJKoZIhvcNAQEMBQADggIB
+AGHJE9aY60MSsfdEfqIcrdE0c1dXxis9E1l9at6g18Jpyc1C6PsUHdmo6rJWq8Xe
+NNPkD/4fKhJsrd9TRlUlpIgKiJZW1ituKHV6Ghm7DIRSyx0aMpP9NJ3heV3CIgZr
+MLtJEFuG5WfolWIfu7sle2lYjA3HxA/xQo803jGOhxbEDX/BTzHo/1X7YGvwpRqJ
++7J1B+2l+TA1r9vAlLfIDQRazVYRNxHpJDOwU0ffKaEPbRrgPtogO+8hLSml9Zoe
+Y8w94f31XbvBFxSbSVpX+/QctNdwx2VuIoRcT8WZ0lZ9aenna5q5AE1C8oTtbw2T
+qoz4NCaM5XPgjvb0DGPBeH8jWveNo1BmClQA2qYXL55f00m8AZ4Hf6oYANt/zbuM
+QPhAoSHWwW4V4Pug3XPXM70LlY50y9kPD/57eHryhO2oXQLLx+l6mg8xzL6vKsHT
+E30whFM32vVTpjejLZ9hJBAJURFaUrH2TZyAmoVbCNy50yuHYQ6FooYpbsbnpYPi
+KW/E9bc201rqm/GQOWJ4zOJ8a5Etn3zY+rlPaxjJvxc3pSMfgtwwrm9KGXHsI1Gf
+ULMwUbXclKV2qR8d6ECtUOIRxoQKutN85lmwB05yddu6uQQg0hHeaGFUk7EU90SV
+ib/FA/op9sXfS3CkOnHQISY0JbWxrzC6eHaKeQi6lR1I
+-----END CERTIFICATE-----

data/spec/data/trusted_certs/opscode.pem

@@ -1,57 +1,36 @@
 -----BEGIN CERTIFICATE-----
-MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh
+MIIGTjCCBTagAwIBAgIQBK55YGZmkBq5xX+mbFvczTANBgkqhkiG9w0BAQsFADBl
 MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
-QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT
-MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg
-U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83
-nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd
-KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f
-/ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX
-kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0
-/RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C
-AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY
-aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6
-Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1
-oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD
-QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
-d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh
-xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB
-CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl
-5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA
-8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC
-2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit
-c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0
-j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFDTCCA/WgAwIBAgIQBZ8R1sZP2Lbc8x554UUQ2DANBgkqhkiG9w0BAQsFADBN
-MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
-aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTQxMTEwMDAwMDAwWhcN
-MTcxMTE0MTIwMDAwWjBlMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
-bjEQMA4GA1UEBxMHU2VhdHRsZTEbMBkGA1UEChMSQ2hlZiBTb2Z0d2FyZSwgSW5j
-MRIwEAYDVQQDDAkqLmNoZWYuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQC3xCIczkV10O5jTDpbd4YlPLC6kfnVoOkno2N/OOlcLQu3ulj/Lj1j4r6e
-2XthJLcFgTO+y+1/IKnnpLKDfkx1YngWEBXEBP+MrrpDUKKs053s45/bI9QBPISA
-tXgnYxMH9Glo6FWWd13TUq++OKGw1p1wazH64XK4MAf5y/lkmWXIWumNuO35ZqtB
-ME3wJISwVHzHB2CQjlDklt+Mb0APEiIFIZflgu9JNBYzLdvUtxiz15FUZQI7SsYL
-TfXOD1KBNMWqN8snG2e5gRAzB2D161DFvAZt8OiYUe+3QurNlTYVzeHv1ok6UqgM
-ZcLzg8m801rRip0D7FCGvMCU/ktdAgMBAAGjggHPMIIByzAfBgNVHSMEGDAWgBQP
-gGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUwldjw4Pb4HV+wxGZ7MSSRh+d
-pm4wHQYDVR0RBBYwFIIJKi5jaGVmLmlvggdjaGVmLmlvMA4GA1UdDwEB/wQEAwIF
-oDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2g
-K4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nMy5jcmwwL6At
-oCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzMuY3JsMEIG
-A1UdIAQ7MDkwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3
-LmRpZ2ljZXJ0LmNvbS9DUFMwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzABhhho
-dHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9jYWNl
-cnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5jcnQw
-DAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAvcTWenNuvvrhX2omm8LQ
-zWOuu8jqpoflACwD4lOSZ4TgOe4pQGCjXq8aRBD5k+goqQrPVf9lHnelUHFQac0Q
-5WT4YUmisUbF0S4uY5OGQymM52MvUWG4ODL4gaWhFvN+HAXrDPP/9iitsjV0QOnl
-CDq7Q4/XYRYW3opu5nLLbfW6v4QvF5yzZagEACGs7Vt32p6l391UcU8f6wiB3uMD
-eioCvjpv/+2YOUNlDPCM3uBubjUhHOwO817wBxXkzdk1OSRe4jzcw/uX6wL7birt
-fbaSkpilvVX529pSzB2Lvi9xWOoGMM578dpQ0h3PwhmmvKhhCWP+pI05k3oSkYCP
-ng==
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJv
+b3QgQ0EwHhcNMTMxMTA1MTIwMDAwWhcNMjgxMTA1MTIwMDAwWjBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNl
+cnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgQ0EwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDc+BEjP2q178AneRstBYeiEEMx
+3w7UFRtPd6Qizj6McPC+B47dJyq8AR22LArK3WlYH0HtagUf2mN4WR4iLCv4un7J
+NTtW8R98Qn4lsCMZxkU41z1E+SB8YK4csFoYBL6PO/ep8JSapgxjSbZBF1NAMr1P
+5lB6UB8lRejxia/N/17/UPPwFxH/vcWJ9b1iudj7jkUEhW2ZzcVITf0mqwI2Reo2
+119q4hqCQQrc6dn1kReOxiGtODwT5h5/ZpzVTdlG2vbPUqd9OyTDtMFRNcab69Tv
+fuR7A+FEvXoLN+BPy4KKDXEY5KbgiSwb87JzPMGwkp4Yfb2rfcV9CKEswp9zAgMB
+AAGjggL4MIIC9DASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjA0
+BggrBgEFBQcBAQQoMCYwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0
+LmNvbTCBgQYDVR0fBHoweDA6oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29t
+L0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMu
+ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDAdBgNVHSUE
+FjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwggGzBgNVHSAEggGqMIIBpjCCAaIGCmCG
+SAGG/WwAAgQwggGSMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5j
+b20vQ1BTMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4AeQAgAHUAcwBlACAAbwBm
+ACAAdABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABp
+AHQAdQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAg
+AEQAaQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAg
+AFIAZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAg
+AHcAaABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBu
+AGQAIABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBp
+AG4AIABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMB0GA1UdDgQWBBTnAiOAAE/Y
+17yUC9k/dDlJMjyKeTAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAN
+BgkqhkiG9w0BAQsFAAOCAQEATtSJJ7n9HYd3fg8oBZDxCi/JOz69k5yQxq/6kVGH
+MlRr6MrBcVFcmY61+uBiGZmmB5p8Eyfb5QKihBLZFfYKRFfENI9tcx861qABPd7j
+guRFa7LrJf2AXh05kL5bQvbOkWDj+aBWDEgQzjNoe82Tq/Bqy09YD7l7XRsEgZ6n
+IuJXSSfukpMIvmkIUwI6Ll3IGfRQgE4C2bBdkbSTh/mWloFVQI5m7YLYuyhf7Uxh
+7QZYKBlTEUS8RyApsgRs2IlUmTt122d4LB6SeMZVPVgSETJuvUMMTTTbe8ZC2+y+
+q5thTAaS447fISpQVwTAYKI11SSeZjcJSc/V+GWz4OJuwg==
 -----END CERTIFICATE-----

data/spec/functional/resource/macos_userdefaults_spec.rb

@@ -38,12 +38,12 @@ describe Chef::Resource::MacosUserDefaults, :macos_only do
       expect(resource.domain).to eq("NSGlobalDomain")
     end
 
-    it "nil for the host property" do
-      expect(resource.host).to be_nil
+    it ":all for the host property" do
+      expect(resource.host).to eq(:all)
     end
 
-    it "nil for the user property" do
-      expect(resource.user).to be_nil
+    it ":current for the user property" do
+      expect(resource.user).to eq(:current)
     end
 
     it ":write for resource action" do

data/spec/unit/resource/macos_user_defaults_spec.rb

@@ -39,12 +39,12 @@ describe Chef::Resource::MacosUserDefaults, :macos_only do
       expect(resource.domain).to eq("NSGlobalDomain")
     end
 
-    it "nil for the host property" do
-      expect(resource.host).to be_nil
+    it ":all for the host property" do
+      expect(resource.host).to eq(:all)
     end
 
-    it "nil for the user property" do
-      expect(resource.user).to be_nil
+    it ":current for the user property" do
+      expect(resource.user).to eq(:current)
     end
 
     it ":write for resource action" do

data/spec/unit/resource/selinux_login_spec.rb

@@ -0,0 +1,73 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::SelinuxLogin do
+  let(:node) { Chef::Node.new }
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:run_context) { Chef::RunContext.new(node, {}, events) }
+  let(:resource) { Chef::Resource::SelinuxLogin.new("fakey_fakerton", run_context) }
+  let(:provider) { resource.provider_for_action(:manage) }
+
+  it "sets login property as name_property" do
+    expect(resource.login).to eql("fakey_fakerton")
+  end
+
+  it "sets the default action as :manage" do
+    expect(resource.action).to eql([:manage])
+  end
+
+  it "supports :manage, :add, :modify, :delete actions" do
+    expect { resource.action :manage }.not_to raise_error
+    expect { resource.action :add }.not_to raise_error
+    expect { resource.action :modify }.not_to raise_error
+    expect { resource.action :delete }.not_to raise_error
+  end
+
+  describe "#semanage_login_args" do
+    let(:provider) { resource.provider_for_action(:modify) }
+
+    context "when no parameters are provided" do
+      it "returns an empty string" do
+        expect(provider.semanage_login_args).to eq("")
+      end
+    end
+
+    context "when all parameters are provided" do
+      it "returns all params" do
+        resource.user "user_u"
+        resource.range "s0"
+        expect(provider.semanage_login_args).to eq(" -s user_u -r s0")
+      end
+    end
+
+    context "when no user is provided" do
+      it "returns range param" do
+        resource.range "s0"
+        expect(provider.semanage_login_args).to eq(" -r s0")
+      end
+    end
+
+    context "when no range is provided" do
+      it "returns user param" do
+        resource.user "user_u"
+        expect(provider.semanage_login_args).to eq(" -s user_u")
+      end
+    end
+  end
+end

data/spec/unit/resource/selinux_user_spec.rb

@@ -0,0 +1,92 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::SelinuxUser do
+  let(:node) { Chef::Node.new }
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:run_context) { Chef::RunContext.new(node, {}, events) }
+  let(:resource) { Chef::Resource::SelinuxUser.new("fakey_fakerton", run_context) }
+  let(:provider) { resource.provider_for_action(:manage) }
+  let(:semanage_list) { double("shellout", stdout: "") }
+
+  it "sets user property as name_property" do
+    expect(resource.user).to eql("fakey_fakerton")
+  end
+
+  it "sets the default action as :manage" do
+    expect(resource.action).to eql([:manage])
+  end
+
+  it "supports :manage, :add, :modify, :delete actions" do
+    expect { resource.action :manage }.not_to raise_error
+    expect { resource.action :add }.not_to raise_error
+    expect { resource.action :modify }.not_to raise_error
+    expect { resource.action :delete }.not_to raise_error
+  end
+
+  it "sorts roles property values" do
+    expect { resource.roles %w{c a b} }.not_to raise_error
+    expect(resource.roles).to eq(%w{a b c})
+  end
+
+  describe "#semanage_user_args" do
+    let(:provider) { resource.provider_for_action(:modify) }
+
+    context "when no parameters are provided" do
+      it "returns an empty string" do
+        expect(provider.semanage_user_args).to eq("")
+      end
+    end
+
+    context "when all parameters are provided" do
+      it "returns all params" do
+        resource.level "s0"
+        resource.range "s0"
+        resource.roles %w{sysadm_r staff_r}
+        expect(provider.semanage_user_args).to eq(" -L s0 -r s0 -R 'staff_r sysadm_r'")
+      end
+    end
+
+    context "when no roles are provided" do
+      it "returns level and range params" do
+        resource.level "s0"
+        resource.range "s0"
+        resource.roles []
+
+        expect(provider.semanage_user_args).to eq(" -L s0 -r s0")
+      end
+    end
+
+    context "when no range is provided" do
+      it "returns level and roles params" do
+        resource.level "s0"
+        resource.roles %w{sysadm_r staff_r}
+        expect(provider.semanage_user_args).to eq(" -L s0 -R 'staff_r sysadm_r'")
+      end
+    end
+
+    context "when no level is provided" do
+      it "returns range and roles params" do
+        resource.range "s0"
+        resource.roles %w{sysadm_r staff_r}
+        expect(provider.semanage_user_args).to eq(" -r s0 -R 'staff_r sysadm_r'")
+      end
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: chef
 version: !ruby/object:Gem::Version
-  version: 18.1.29
+  version: 18.2.7
 platform: ruby
 authors:
 - Adam Jacob
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-03-07 00:00:00.000000000 Z
+date: 2023-04-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: chef-config
@@ -16,28 +16,28 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 18.1.29
+        version: 18.2.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 18.1.29
+        version: 18.2.7
 - !ruby/object:Gem::Dependency
   name: chef-utils
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 18.1.29
+        version: 18.2.7
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 18.1.29
+        version: 18.2.7
 - !ruby/object:Gem::Dependency
   name: train-core
   requirement: !ruby/object:Gem::Requirement
@@ -336,20 +336,20 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.3
+        version: 1.0.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.0'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.1.3
+        version: 1.0.3
 - !ruby/object:Gem::Dependency
   name: chef-zero
   requirement: !ruby/object:Gem::Requirement
@@ -887,7 +887,6 @@ files:
 - lib/chef/policy_builder/dynamic.rb
 - lib/chef/policy_builder/expand_node_object.rb
 - lib/chef/policy_builder/policyfile.rb
-- lib/chef/powershell.rb
 - lib/chef/property.rb
 - lib/chef/provider.rb
 - lib/chef/provider/batch.rb
@@ -1162,10 +1161,12 @@ files:
 - lib/chef/resource/selinux_boolean.rb
 - lib/chef/resource/selinux_fcontext.rb
 - lib/chef/resource/selinux_install.rb
+- lib/chef/resource/selinux_login.rb
 - lib/chef/resource/selinux_module.rb
 - lib/chef/resource/selinux_permissive.rb
 - lib/chef/resource/selinux_port.rb
 - lib/chef/resource/selinux_state.rb
+- lib/chef/resource/selinux_user.rb
 - lib/chef/resource/service.rb
 - lib/chef/resource/smartos_package.rb
 - lib/chef/resource/snap_package.rb
@@ -2324,10 +2325,12 @@ files:
 - spec/unit/resource/selinux_boolean_spec.rb
 - spec/unit/resource/selinux_fcontext_spec.rb
 - spec/unit/resource/selinux_install_spec.rb
+- spec/unit/resource/selinux_login_spec.rb
 - spec/unit/resource/selinux_module_spec.rb
 - spec/unit/resource/selinux_permissive_spec.rb
 - spec/unit/resource/selinux_port_spec.rb
 - spec/unit/resource/selinux_state_spec.rb
+- spec/unit/resource/selinux_user_spec.rb
 - spec/unit/resource/service_spec.rb
 - spec/unit/resource/smartos_package_spec.rb
 - spec/unit/resource/snap_package_spec.rb

data/lib/chef/powershell.rb

@@ -1,81 +0,0 @@
-#
-# Author:: Stuart Preston (<stuart@chef.io>)
-# Copyright:: Copyright (c) Chef Software Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-require "ffi" unless defined?(FFI)
-require_relative "json_compat"
-
-class Chef
-  class PowerShell
-    extend FFI::Library
-
-    attr_reader :result
-    attr_reader :errors
-    attr_reader :verbose
-
-    # Run a command under PowerShell via FFI
-    # This implementation requires the managed dll and native wrapper to be in the library search
-    # path on Windows (i.e. c:\windows\system32 or in the same location as ruby.exe).
-    #
-    # Requires: .NET Framework 4.0 or higher on the target machine.
-    #
-    # @param script [String] script to run
-    # @param timeout [Integer, nil] timeout in seconds.
-    # @return [Object] output
-    def initialize(script, timeout: -1)
-      # This Powershell DLL source lives here: https://github.com/chef/chef-powershell-shim
-      # Every merge into that repo triggers a Habitat build and promotion. Running
-      # the rake :update_chef_exec_dll task in this (chef/chef) repo will pull down
-      # the built packages and copy the binaries to distro/ruby_bin_folder. Bundle install
-      # ensures that the correct architecture binaries are installed into the path.
-      @dll ||= "Chef.PowerShell.Wrapper.dll"
-      exec(script, timeout: timeout)
-    end
-
-    #
-    # Was there an error running the command
-    #
-    # @return [Boolean]
-    #
-    def error?
-      return true if errors.count > 0
-
-      false
-    end
-
-    class CommandFailed < RuntimeError; end
-
-    #
-    # @raise [Chef::PowerShell::CommandFailed] raise if the command failed
-    #
-    def error!
-      raise Chef::PowerShell::CommandFailed, "Unexpected exit in PowerShell command: #{@errors}" if error?
-    end
-
-    private
-
-    def exec(script, timeout: -1)
-      FFI.ffi_lib @dll
-      FFI.attach_function :execute_powershell, :ExecuteScript, %i{string int}, :pointer
-      timeout = -1 if timeout == 0 || timeout.nil?
-      execution = FFI.execute_powershell(script, timeout).read_utf16string
-      hashed_outcome = Chef::JSONCompat.parse(execution)
-      @result = Chef::JSONCompat.parse(hashed_outcome["result"])
-      @errors = hashed_outcome["errors"]
-      @verbose = hashed_outcome["verbose"]
-    end
-  end
-end