diff options
| author | Lamont Granquist <lamont@scriptkiddie.org> | 2020-08-04 11:30:44 -0700 |
|---|---|---|
| committer | Lamont Granquist <lamont@scriptkiddie.org> | 2020-08-04 11:30:44 -0700 |
| commit | b4d57ddf14d8dabebea50ff2dc3e64647fc32c25 (patch) | |
| tree | d2ba5261c1c719a2f0b6e451597c122ea31d86a8 /lib | |
| parent | 69bd023b9617c5bdf0fcbaa5606bfd0a22b1db44 (diff) | |
| download | chef-b4d57ddf14d8dabebea50ff2dc3e64647fc32c25.tar.gz | |
Convert windows custom resources to unified_mode
Tiny bit of code rage included to wipe out a completely unnecessary
nodoc property I found in two of these.
There are 7 other non-custom-resource-style windows resources that
need converting that are all that is left.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
Diffstat (limited to 'lib')
24 files changed, 105 insertions, 45 deletions
diff --git a/lib/chef/resource/windows_ad_join.rb b/lib/chef/resource/windows_ad_join.rb index 5eb93579c3..40bf6ed3bb 100644 --- a/lib/chef/resource/windows_ad_join.rb +++ b/lib/chef/resource/windows_ad_join.rb @@ -23,6 +23,8 @@ class Chef class WindowsAdJoin < Chef::Resource provides :windows_ad_join + unified_mode true + description "Use the **windows_ad_join** resource to join a Windows Active Directory domain." introduced "14.0" examples <<~DOC diff --git a/lib/chef/resource/windows_audit_policy.rb b/lib/chef/resource/windows_audit_policy.rb index c7873dad09..230dd3eb80 100644 --- a/lib/chef/resource/windows_audit_policy.rb +++ b/lib/chef/resource/windows_audit_policy.rb @@ -82,6 +82,9 @@ class Chef "User / Device Claims", "User Account Management", ].freeze + + unified_mode true + provides :windows_audit_policy description "Use the **windows_audit_policy** resource to configure system level and per-user Windows advanced audit policy settings." diff --git a/lib/chef/resource/windows_auto_run.rb b/lib/chef/resource/windows_auto_run.rb index 0b34d6c971..4885a02676 100644 --- a/lib/chef/resource/windows_auto_run.rb +++ b/lib/chef/resource/windows_auto_run.rb @@ -21,6 +21,8 @@ require_relative "../resource" class Chef class Resource class WindowsAutorun < Chef::Resource + unified_mode true + provides(:windows_auto_run) { true } description "Use the **windows_auto_run** resource to set applications to run at login." diff --git a/lib/chef/resource/windows_certificate.rb b/lib/chef/resource/windows_certificate.rb index bb3733cd75..ce1bcede40 100644 --- a/lib/chef/resource/windows_certificate.rb +++ b/lib/chef/resource/windows_certificate.rb @@ -26,6 +26,8 @@ require_relative "../dist" class Chef class Resource class WindowsCertificate < Chef::Resource + unified_mode true + provides :windows_certificate description "Use the **windows_certificate** resource to install a certificate into the Windows certificate store from a file. The resource grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificates remotely may not work if the operation requires a user profile. Operations on the local machine store should still work." diff --git a/lib/chef/resource/windows_dfs_folder.rb b/lib/chef/resource/windows_dfs_folder.rb index 9724d612e1..31f6814bcf 100644 --- a/lib/chef/resource/windows_dfs_folder.rb +++ b/lib/chef/resource/windows_dfs_folder.rb @@ -21,6 +21,8 @@ require_relative "../resource" class Chef class Resource class WindowsDfsFolder < Chef::Resource + unified_mode true + provides :windows_dfs_folder description "Use the **windows_dfs_folder** resource to creates a folder within DFS as many levels deep as required." diff --git a/lib/chef/resource/windows_dfs_namespace.rb b/lib/chef/resource/windows_dfs_namespace.rb index 1293117e2b..ddd8a0ee26 100644 --- a/lib/chef/resource/windows_dfs_namespace.rb +++ b/lib/chef/resource/windows_dfs_namespace.rb @@ -21,6 +21,8 @@ require_relative "../resource" class Chef class Resource class WindowsDfsNamespace < Chef::Resource + unified_mode true + provides :windows_dfs_namespace description "Use the **windows_dfs_namespace** resource to creates a share and DFS namespace on a Windows server." diff --git a/lib/chef/resource/windows_dfs_server.rb b/lib/chef/resource/windows_dfs_server.rb index c4abf75f20..84b2a18c91 100644 --- a/lib/chef/resource/windows_dfs_server.rb +++ b/lib/chef/resource/windows_dfs_server.rb @@ -21,6 +21,8 @@ require_relative "../resource" class Chef class Resource class WindowsDfsServer < Chef::Resource + unified_mode true + provides :windows_dfs_server description "Use the **windows_dfs_server** resource to set system-wide DFS settings." diff --git a/lib/chef/resource/windows_dns_record.rb b/lib/chef/resource/windows_dns_record.rb index 3819802338..329e1a3857 100644 --- a/lib/chef/resource/windows_dns_record.rb +++ b/lib/chef/resource/windows_dns_record.rb @@ -21,6 +21,8 @@ require_relative "../resource" class Chef class Resource class WindowsDnsRecord < Chef::Resource + unified_mode true + provides :windows_dns_record description "The windows_dns_record resource creates a DNS record for the given domain." @@ -54,10 +56,9 @@ class Chef not_if new_resource.dns_server.casecmp?("localhost") end - powershell_package "xDnsServer" do - end + powershell_package "xDnsServer" - do_it "Present" + run_dsc_resource "Present" end action :delete do @@ -67,14 +68,16 @@ class Chef not_if new_resource.dns_server.casecmp?("localhost") end - powershell_package "xDnsServer" do - end + powershell_package "xDnsServer" - do_it "Absent" + run_dsc_resource "Absent" end action_class do - def do_it(ensure_prop) + private + + # @api private + def run_dsc_resource(ensure_prop) dsc_resource "xDnsRecord #{new_resource.record_name}.#{new_resource.zone} #{ensure_prop}" do module_name "xDnsServer" resource :xDnsRecord diff --git a/lib/chef/resource/windows_dns_zone.rb b/lib/chef/resource/windows_dns_zone.rb index 88c8fb21b6..09555c880c 100644 --- a/lib/chef/resource/windows_dns_zone.rb +++ b/lib/chef/resource/windows_dns_zone.rb @@ -21,6 +21,8 @@ require_relative "../resource" class Chef class Resource class WindowsDnsZone < Chef::Resource + unified_mode true + provides :windows_dns_zone description "The windows_dns_zone resource creates an Active Directory Integrated DNS Zone on the local server." @@ -41,21 +43,24 @@ class Chef action :create do description "Creates and updates a DNS Zone." - powershell_package "xDnsServer" do - end - do_it "Present" + powershell_package "xDnsServer" + + run_dsc_resource "Present" end action :delete do description "Deletes a DNS Zone." - powershell_package "xDnsServer" do - end - do_it "Absent" + powershell_package "xDnsServer" + + run_dsc_resource "Absent" end action_class do - def do_it(ensure_prop) + private + + # @api private + def run_dsc_resource(ensure_prop) if new_resource.server_type == "Domain" dsc_resource "xDnsServerADZone #{new_resource.zone_name} #{ensure_prop}" do module_name "xDnsServer" diff --git a/lib/chef/resource/windows_feature.rb b/lib/chef/resource/windows_feature.rb index 1035b23da9..aa90f67a37 100644 --- a/lib/chef/resource/windows_feature.rb +++ b/lib/chef/resource/windows_feature.rb @@ -125,6 +125,8 @@ class Chef end action_class do + private + # call the appropriate windows_feature resource based on the specified subresource # @return [void] def run_default_subresource(desired_action) diff --git a/lib/chef/resource/windows_feature_dism.rb b/lib/chef/resource/windows_feature_dism.rb index cd53a76434..c9e2f355dc 100644 --- a/lib/chef/resource/windows_feature_dism.rb +++ b/lib/chef/resource/windows_feature_dism.rb @@ -22,6 +22,8 @@ require_relative "../platform/query_helpers" class Chef class Resource class WindowsFeatureDism < Chef::Resource + unified_mode true + provides(:windows_feature_dism) { true } description "Use the **windows_feature_dism** resource to add, remove, or entirely delete Windows features and roles using DISM." @@ -125,6 +127,8 @@ class Chef end action_class do + private + # @return [Array] features the user has requested to install which need installation def features_to_install @install ||= begin @@ -171,6 +175,12 @@ class Chef raise "The Windows feature#{"s" if unavailable.count > 1} #{unavailable.join(",")} #{unavailable.count > 1 ? "are" : "is"} not available on this version of Windows. Run 'dism /online /Get-Features' to see the list of available feature names." unless unavailable.empty? end + # + # FIXME FIXME FIXME + # The node object should not be used for caching state like this and this is not a public API and may break. + # FIXME FIXME FIXME + # + # run dism.exe to get a list of all available features and their state # and save that to the node at node.override level. # We do this because getting a list of features in dism takes at least a second diff --git a/lib/chef/resource/windows_feature_powershell.rb b/lib/chef/resource/windows_feature_powershell.rb index c9d9abcd6f..735ed080ff 100644 --- a/lib/chef/resource/windows_feature_powershell.rb +++ b/lib/chef/resource/windows_feature_powershell.rb @@ -23,6 +23,8 @@ require_relative "../platform/query_helpers" class Chef class Resource class WindowsFeaturePowershell < Chef::Resource + unified_mode true + provides(:windows_feature_powershell) { true } description "Use the **windows_feature_powershell** resource to add, remove, or entirely delete Windows features and roles using PowerShell. This resource offers significant speed benefits over the windows_feature_dism resource, but requires installation of the Remote Server Administration Tools on non-server releases of Windows." diff --git a/lib/chef/resource/windows_firewall_profile.rb b/lib/chef/resource/windows_firewall_profile.rb index c1d64fe883..b90d9fd4d5 100644 --- a/lib/chef/resource/windows_firewall_profile.rb +++ b/lib/chef/resource/windows_firewall_profile.rb @@ -19,6 +19,8 @@ class Chef class Resource class WindowsFirewallProfile < Chef::Resource + unified_mode true + provides :windows_firewall_profile description "Use the **windows_firewall_profile** resource to enable, disable, and configure the Windows firewall." introduced "16.3" diff --git a/lib/chef/resource/windows_firewall_rule.rb b/lib/chef/resource/windows_firewall_rule.rb index 7398fb6eb5..2010c15f89 100644 --- a/lib/chef/resource/windows_firewall_rule.rb +++ b/lib/chef/resource/windows_firewall_rule.rb @@ -24,6 +24,8 @@ require_relative "../json_compat" class Chef class Resource class WindowsFirewallRule < Chef::Resource + unified_mode true + provides :windows_firewall_rule description "Use the **windows_firewall_rule** resource to create, change or remove Windows firewall rules." diff --git a/lib/chef/resource/windows_font.rb b/lib/chef/resource/windows_font.rb index 8fea06f0de..afc8a7a987 100644 --- a/lib/chef/resource/windows_font.rb +++ b/lib/chef/resource/windows_font.rb @@ -21,6 +21,7 @@ class Chef class Resource class WindowsFont < Chef::Resource require_relative "../util/path_helper" + unified_mode true provides(:windows_font) { true } diff --git a/lib/chef/resource/windows_pagefile.rb b/lib/chef/resource/windows_pagefile.rb index 90e57993de..4dfaae3be3 100644 --- a/lib/chef/resource/windows_pagefile.rb +++ b/lib/chef/resource/windows_pagefile.rb @@ -20,6 +20,8 @@ require_relative "../resource" class Chef class Resource class WindowsPagefile < Chef::Resource + unified_mode true + provides(:windows_pagefile) { true } description "Use the **windows_pagefile** resource to configure pagefile settings on Windows." @@ -109,6 +111,8 @@ class Chef end action_class do + private + # make sure the provided name property matches the appropriate format # we do this here and not in the property itself because if automatic_managed # is set then this validation is not necessary / doesn't make sense at all diff --git a/lib/chef/resource/windows_printer.rb b/lib/chef/resource/windows_printer.rb index e5cc0ea6f7..947477baeb 100644 --- a/lib/chef/resource/windows_printer.rb +++ b/lib/chef/resource/windows_printer.rb @@ -22,6 +22,8 @@ require_relative "../resource" class Chef class Resource class WindowsPrinter < Chef::Resource + unified_mode true + require "resolv" provides(:windows_printer) { true } @@ -79,31 +81,17 @@ class Chef validation_message: "The ipv4_address property must be in the IPv4 format of `WWW.XXX.YYY.ZZZ`", regex: Resolv::IPv4::Regex - property :exists, [TrueClass, FalseClass], - skip_docs: true - PRINTERS_REG_KEY = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\'.freeze unless defined?(PRINTERS_REG_KEY) - # does the printer exist - # - # @param [String] name the name of the printer - # @return [Boolean] - def printer_exists?(name) - printer_reg_key = PRINTERS_REG_KEY + name - logger.trace "Checking to see if this reg key exists: '#{printer_reg_key}'" - registry_key_exists?(printer_reg_key) - end - # @todo Set @current_resource printer properties from registry load_current_value do |desired| name desired.name - exists printer_exists?(desired.name) end action :create do description "Create a new printer and a printer port if one doesn't already exist." - if @current_resource.exists + if printer_exists? Chef::Log.info "#{@new_resource} already exists - nothing to do." else converge_by("Create #{@new_resource}") do @@ -115,7 +103,7 @@ class Chef action :delete do description "Delete an existing printer. Note this does not delete the associated printer port." - if @current_resource.exists + if printer_exists? converge_by("Delete #{@new_resource}") do delete_printer end @@ -125,11 +113,22 @@ class Chef end action_class do + private + + # does the printer exist + # + # @param [String] name the name of the printer + # @return [Boolean] + def printer_exists? + printer_reg_key = PRINTERS_REG_KEY + new_resource.name + logger.trace "Checking to see if this reg key exists: '#{printer_reg_key}'" + registry_key_exists?(printer_reg_key) + end + # creates the printer port and then the printer def create_printer # Create the printer port first - windows_printer_port new_resource.ipv4_address do - end + windows_printer_port new_resource.ipv4_address port_name = "IP_#{new_resource.ipv4_address}" diff --git a/lib/chef/resource/windows_printer_port.rb b/lib/chef/resource/windows_printer_port.rb index 57b78bb5b6..1b3f8753ba 100644 --- a/lib/chef/resource/windows_printer_port.rb +++ b/lib/chef/resource/windows_printer_port.rb @@ -22,6 +22,8 @@ require_relative "../resource" class Chef class Resource class WindowsPrinterPort < Chef::Resource + unified_mode true + require "resolv" provides(:windows_printer_port) { true } @@ -82,30 +84,19 @@ class Chef validation_message: "port_protocol must be either 1 for RAW or 2 for LPR!", default: 1, equal_to: [1, 2] - property :exists, [TrueClass, FalseClass], - skip_docs: true - PORTS_REG_KEY = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\\'.freeze unless defined?(PORTS_REG_KEY) - def port_exists?(name) - port_reg_key = PORTS_REG_KEY + name - - logger.trace "Checking to see if this reg key exists: '#{port_reg_key}'" - registry_key_exists?(port_reg_key) - end - # @todo Set @current_resource port properties from registry load_current_value do |desired| name desired.name ipv4_address desired.ipv4_address port_name desired.port_name || "IP_#{desired.ipv4_address}" - exists port_exists?(desired.port_name || "IP_#{desired.ipv4_address}") end action :create do description "Create the new printer port if it does not already exist." - if current_resource.exists + if port_exists? Chef::Log.info "#{@new_resource} already exists - nothing to do." else converge_by("Create #{@new_resource}") do @@ -117,7 +108,7 @@ class Chef action :delete do description "Delete an existing printer port." - if current_resource.exists + if port_exists? converge_by("Delete #{@new_resource}") do delete_printer_port end @@ -127,6 +118,16 @@ class Chef end action_class do + private + + def port_exists? + name = new_resource.port_name || "IP_#{new_resource.ipv4_address}" + port_reg_key = PORTS_REG_KEY + name + + logger.trace "Checking to see if this reg key exists: '#{port_reg_key}'" + registry_key_exists?(port_reg_key) + end + def create_printer_port port_name = new_resource.port_name || "IP_#{new_resource.ipv4_address}" diff --git a/lib/chef/resource/windows_security_policy.rb b/lib/chef/resource/windows_security_policy.rb index dc89b09bc6..069f240ce5 100644 --- a/lib/chef/resource/windows_security_policy.rb +++ b/lib/chef/resource/windows_security_policy.rb @@ -21,6 +21,8 @@ require_relative "../resource" class Chef class Resource class WindowsSecurityPolicy < Chef::Resource + unified_mode true + provides :windows_security_policy # The valid policy_names options found here diff --git a/lib/chef/resource/windows_share.rb b/lib/chef/resource/windows_share.rb index 5e88f20967..590d3fe33c 100644 --- a/lib/chef/resource/windows_share.rb +++ b/lib/chef/resource/windows_share.rb @@ -26,6 +26,8 @@ require_relative "../util/path_helper" class Chef class Resource class WindowsShare < Chef::Resource + unified_mode true + provides :windows_share description "Use the **windows_share** resource to create, modify and remove Windows shares." @@ -233,6 +235,8 @@ class Chef end action_class do + private + def different_path? return false if current_resource.nil? # going from nil to something isn't different for our concerns return false if current_resource.path == Chef::Util::PathHelper.cleanpath(new_resource.path) diff --git a/lib/chef/resource/windows_shortcut.rb b/lib/chef/resource/windows_shortcut.rb index d7f72a9def..f2264445ba 100644 --- a/lib/chef/resource/windows_shortcut.rb +++ b/lib/chef/resource/windows_shortcut.rb @@ -21,6 +21,8 @@ require_relative "../resource" class Chef class Resource class WindowsShortcut < Chef::Resource + unified_mode true + provides(:windows_shortcut) { true } description "Use the **windows_shortcut** resource to create shortcut files on Windows." diff --git a/lib/chef/resource/windows_uac.rb b/lib/chef/resource/windows_uac.rb index 560fd387dd..db5d5fd173 100644 --- a/lib/chef/resource/windows_uac.rb +++ b/lib/chef/resource/windows_uac.rb @@ -20,6 +20,8 @@ require_relative "../resource" class Chef class Resource class WindowsUac < Chef::Resource + unified_mode true + provides :windows_uac description 'The *windows_uac* resource configures UAC on Windows hosts by setting registry keys at `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`' diff --git a/lib/chef/resource/windows_user_privilege.rb b/lib/chef/resource/windows_user_privilege.rb index c6d7a16346..a39250afc1 100644 --- a/lib/chef/resource/windows_user_privilege.rb +++ b/lib/chef/resource/windows_user_privilege.rb @@ -21,6 +21,8 @@ require_relative "../resource" class Chef class Resource class WindowsUserPrivilege < Chef::Resource + unified_mode true + privilege_opts = %w{SeTrustedCredManAccessPrivilege SeNetworkLogonRight SeTcbPrivilege diff --git a/lib/chef/resource/windows_workgroup.rb b/lib/chef/resource/windows_workgroup.rb index b77b0fc20a..05427df890 100644 --- a/lib/chef/resource/windows_workgroup.rb +++ b/lib/chef/resource/windows_workgroup.rb @@ -57,6 +57,7 @@ class Chef property :password, String, description: "The password for the local administrator user. Required if using the `user` property.", + sensitive: true, desired_state: false property :reboot, Symbol, @@ -83,6 +84,7 @@ class Chef end # define this again so we can default it to true. Otherwise failures print the password + # FIXME: this should now be unnecessary with the password property itself marked sensitive? property :sensitive, [TrueClass, FalseClass], default: true, desired_state: false |