kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Do not vendor cookbooks using Berkshelf anymore

Browse Source 
Instead, use the Berkshelf support in knife-solo and the
vagrant-berkshelf plugin on Vagrant
This commit is contained in:
Greg Karékinian
2019-04-11 18:16:28 +02:00
parent 87d7c721b1
commit ba6e4220a1
1436 changed files with 12 additions and 110987 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cookbooks/windows/.foodcritic
View File

@@ -1,2 +0,0 @@
~FC059
~FC016

535
cookbooks/windows/CHANGELOG.md
View File

@@ -1,535 +0,0 @@
# windows Cookbook CHANGELOG
This file is used to list changes made in each version of the windows cookbook.
## 3.1.1 (2017-06-13)
- Replace Windows 7 testing with Windows 10 testing
- Expand debug logging in the pagefile resource
- Require path in the share resource instead of raising if it's missing
- Make pagefile properly fail the run if the command fails to run
## 3.1.0 (2017-05-30)
- Updated resource documentation for windows_pagefile
- Declare windows_feature as why-runnable
- Remove action_class.class_eval usage and require 12.7+ as class_eval is causing issues with later versions of Chef
## 3.0.5 (2017-04-07)
- Add support for windows_task resource to run on non-English editions of Windows
- Ensure chef-client 12.6 compatibility with action_class.class_eval
## 3.0.4 (2017-03-29)
- restoring the `cached_file` helper as downstream cookbooks use it.
## 3.0.3 (2017-03-28)
- Correct a typo in a Log message
## 3.0.2 (2017-03-21)
- Fix `windows_zipfile` resource to properly download and cache the zip archives
## 3.0.1 (2017-03-17)
- Fix `windows_share` to be fully idempotent. Fixes #447
## 3.0.0 (2017-03-15)
**Warning** This release includes multiple breaking changes as we refactored all existing resources and resolved many longstanding bugs. We highly recommend exercising caution and fully testing this new version before rolling it out to a production environment.
### Breaking changes
- This cookbook now requires Chef 12.6 or later and we highly recommend even more recent Chef 12 releases as they resolve critical Windows bugs and include new Windows specific functionality.
- The windows_package resource has been removed as it is built into chef-client 12.6+ and the built in version is faster / more robust.
- The powershell out helper has been removed as it is now included in chef-client 12.6+
- The default recipe no longer installs the various Windows rubygems required for non-omnibus chef-client installs. This was a leftover from Chef 10 and is no longer necessary, or desired, as we ship these gems in every Windows chef release.
- windows_feature has been heavily refactored and in doing so the method used to control the underlying providers has changed. You can no longer specify which windows_feature provider to use by setting `node['windows']['feature_provider']` or by setting the `provider` property on the resource itself. Instead you must set `install_method` to specify the correct underlying installation method. You can also now reference the resources directly by using `windows_feature_servermanagercmd`, `windows_feature_powershell` or `windows_feature_dism` instead of `windows_feature`
- Windows_font's `file` property has been renamed to `name` to avoid collisions with the Chef file resource.
### Other Changes
- All LWRPs in this cookbook have been refactored to be custom resources
- windows_path, windows_shortcut, and windows_zipfile have been updated to be idempotent with support for why-run mode and proper notification when the resources actually update
- windows_pagefile now validates the name of the pagefile to avoid cryptic error messages
- A new `share` resource has been added for setting up Windows shares
- TrustedPeople certificate store has been added to the list of allowed store_names in the certificate resources
- version helper constant definitions has been improved
- A new `all` property has been added to the Windows feature resource to install all dependent features. See the windows feature test recipe for usage examples.
- Windows feature now accepts an array of features, which greatly speeds up feature installs and simplifies recipe code
- The path resource now accepts paths with either forward slashes or backslashes and correctly adds the path using Windows style backslash.
- The powershell provider for windows_feature resource has been fixed to properly import ServerManager in the :remove action
- Testing has been switched from a Rakefile to the new Delivery local mode
- Several issues with testing the resources on non-Windows hosts in ChefSpec have been resolved
- A new `source` property has been added to the windows_feature_powershell resource
- Additional test suites have been added to Test Kitchen to cover all resources and those test suites are now being executed in AppVeyer on every PR
- Travis CI testing has been removed and all testing is being performed in AppVeyer
## 2.1.1 (2016-11-23)
- Make sure the ohai plugin is available when installing features
## 2.1.0 (2016-11-22)
- Reduce expensive executions of dism in windows_feature by using a new Ohai plugin
- Add guard around chef_version metadata for Opsworks and older Chef 12 clients
- Update the rakefile to the latest
- Add deprecation dates for the windows_package and powershell functionality that has been moved to core Chef. These will be removed 4/17 when we release Chef 13
- Provide helper method to get windows version info
- Allow defining http acl using SDDL
## 2.0.2 (2016-09-07)
- Added the powershell_out mixin back to allow for Chef 12.1-12.3 compatibility
- Set the dependency back to Chef 12.1
## 2.0.1 (2016-09-07)
- Clarify the platforms we support in the readme
- Require Chef 12.4 which included powershell_out
## 2.0.0 (2016-09-07)
This cookbook now requires Chef 12.1+. Resources (lwrps) that have been moved into the chef-client have been removed from this cookbook. While the functionality in the chef-client is similar, and in many cases improved, the names and properties have changed in some cases. Make sure to check <https://docs.chef.io/resources.html> for full documentation on each of these resources, and as usual carefully test your cookbooks before upgrading to this new release.
### Removed resources and helpers:
- windows_reboot provider
- windows_batch provider
- windows_registry provider
- Powershell out for only_if / not_if statements
- Windows Architecture Helper
- Reboot handler and the dependency on the chef_handler cookbook
#### Changes resource behavior
- For Chef clients 12.6 and later the windows_package provider will no longer be used as windows_package logic is now included in Chef. Chef 12.1 - 12.5.1 clients will continue to default to the windows_package provider in this cookbook for full compatibility.
#### Additional changes
- Updated and expanded testing
- Fixed the windows_feature powershell provider to run on Windows 2008 / 2008 R2
- Added TrustedPublisher as a valid cert store_name
- Updated the certificate_binding resource to respect the app_id property
- Added why-run support to the auto_run resource
## 1.44.3 (2016-08-16)
- Remove support for ChefSpec <4.1 in the matchers
- Add missing Chefspec matchers
## 1.44.2 (2016-08-15)
- Add missing windows_font matcher
- Add chef_version to the metadata
- Switch from Rubocop to Cookstyle and use our improved Rakefile
- Remove test deps from the Gemfile that are in ChefDK
## v1.44.1
- [PR 375](https://github.com/chef-cookbooks/windows/pull/375) - Fix comparison of string to number in platform_version
- [PR 376](https://github.com/chef-cookbooks/windows/pull/376) - Switch to cookstyle, update gem deps and other minor stuff
- [PR 377](https://github.com/chef-cookbooks/windows/pull/377) - add test and check for feature installation through powershell
## v1.44.0
- [PR 372](https://github.com/chef-cookbooks/windows/pull/372) - Support Server 2008 for feature installs via PowerShell
## v1.43.0
- [PR 369](https://github.com/chef-cookbooks/windows/pull/369) - Add a enable_windows_task matcher
## v1.42.0
- [PR 365](https://github.com/chef-cookbooks/windows/pull/365) - Escape command quotes when passing to schtasks
## v1.41.0
- [PR 364](https://github.com/chef-cookbooks/windows/pull/364) - Configurable font source
## v1.40.0
- [PR 357](https://github.com/chef-cookbooks/windows/pull/357) - Fixes for schtasks
- [PR 359](https://github.com/chef-cookbooks/windows/pull/359) - take bundler out of the appveyor build
- [PR 356](https://github.com/chef-cookbooks/windows/pull/356) - Misc fixes and updates
- [PR 355](https://github.com/chef-cookbooks/windows/pull/355) - bump and pin rubocop, fix broken cop
- [PR 348](https://github.com/chef-cookbooks/windows/pull/348) - Make notify work for `windows_task`
## v1.39.2
- [PR 329](https://github.com/chef-cookbooks/windows/pull/329) - Silence `compile_time` warning for `chef_gem`
- [PR 338](https://github.com/chef-cookbooks/windows/pull/338) - ChefSpec matchers for `windows_certificate`
- [PR 341](https://github.com/chef-cookbooks/windows/pull/341) - Updated rubocop and FoodCritic compliance
- [PR 336](https://github.com/chef-cookbooks/windows/pull/336) - Fixed where clause compliance with PS v1/v2
## v1.39.1
- [PR 325](https://github.com/chef-cookbooks/windows/pull/325) - Raise an error if a bogus feature is given to the powershell `windows_feature` provider
- [PR 326](https://github.com/chef-cookbooks/windows/pull/326) - Fix `windows_font` and copy the font file before installation
## v1.39.0
- [PR 305](https://github.com/chef-cookbooks/windows/pull/305) - Added `months` attribute to `windows_task` and allow `frequency_modifier` to accept values 'FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', and 'LASTDAY' for monthly frequency
- [PR 310](https://github.com/chef-cookbooks/windows/pull/310) - Fix `windows_task` breaks when there is a space in the user name
- [PR 314](https://github.com/chef-cookbooks/windows/pull/314) - fixes reboot handling on some chef versions below 11.12
- [PR 317](https://github.com/chef-cookbooks/windows/pull/317) - Adds a `disable_windows_task` matcher
- [PR 311](https://github.com/chef-cookbooks/windows/pull/311) - Implements the `cwd` attribute of `windows_task`
- [PR 318](https://github.com/chef-cookbooks/windows/pull/318) - Use dsl instead of manual resource instanciation
- [PR 303](https://github.com/chef-cookbooks/windows/pull/303) - Fix `http_acl` idempotency when user name contains a space
- [PR 257](https://github.com/chef-cookbooks/windows/pull/257) - Speed up windows_feature dism provider
- [PR 319](https://github.com/chef-cookbooks/windows/pull/319) - Add a `.kitchen.cloud.yml` for kitchen testing on Azure
- [PR 315](https://github.com/chef-cookbooks/windows/pull/315) - Deprecate `windows_package` and forward to `Chef::Provider::Package::Windows` when running 12.6 or higher
## v1.38.4
- [PR 295](https://github.com/chef-cookbooks/windows/pull/295) - Escape `http_acl` username
- [PR 293](https://github.com/chef-cookbooks/windows/pull/293) - Separating assignments to `code_script` and `guard_script` as they should be different scripts and not hold the same reference
- [Issue 298](https://github.com/chef-cookbooks/windows/issues/298) - `windows_certificate_binding` is ignoring `store_name` attribute and always saving to `MY`
- [Issue 296](https://github.com/chef-cookbooks/windows/pull/302) - Fixes `windows_certificate` idempotentcy on chef 11 clients
## v1.38.3
- Make `windows_task` resource idempotent (double quotes need to be single when comparing)
- [Issue 245](https://github.com/chef-cookbooks/windows/issues/256) - Fix `No resource, method, or local variable named`password' for `Chef::Provider::WindowsTask'` when `interactive_enabled` is `true`
## v1.38.2
- Lazy-load windows-pr gem library files. Chef 12.5 no longer includes the windows-pr gem. Earlier versions of this cookbook will not compile on Chef 12.5.
## v1.38.1 (2015-07-28)
- Publishing without extended metadata
## v1.38.0 (2015-07-27)
- Do not set new_resource.password to nil, Fixes #219, Fixes #220
- Add `windows_certificate` resource #212
- Add `windows_http_acl` resource #214
## v1.37.0 (2015-05-14)
- fix `windows_package` `Chef.set_resource_priority_array` warning
- update `windows_task` to support tasks in folders
- fix `windows_task` delete action
- replace `windows_task` name attribute with 'task_name'
- add :end action to 'windows_task'
- Tasks created with the `windows_task` resource default to the SYSTEM account
- The force attribute for `windows_task` makes the :create action update the definition.
- `windows_task` :create action will force an update of the task if the user or command differs from the currently configured setting.
- add default provider for `windows_feature`
- add a helper to make sure `WindowsRebootHandler` works in ChefSpec
- added a source and issues url to the metadata for Supermarket
- updated the Gemfile and .kitchen.yml to reflect the latest test-kitchen windows guest support
- started tests using the kitchen-pester verifier
## v1.36.6 (2014-12-18)
- reverting all chef_gem compile_time work
## v1.36.5 (2014-12-18)
- Fix zipfile provider
## v1.36.4 (2014-12-18)
- Fix Chef chef_gem with Chef::Resource::ChefGem.method_defined?(:compile_time)
## v1.36.3 (2014-12-18)
- Fix Chef chef_gem below 12.1.0
## v1.36.2 (2014-12-17)
- Being explicit about usage of the chef_gem's compile_time property.
- Eliminating future deprecation warnings in Chef 12.1.0
## v1.36.1 (2014-12-17)
- [PR 160](https://github.com/chef-cookbooks/windows/pull/160) - Fix Chef 11.10 / versions without windows_package in core
## v1.36.0 (2014-12-16)
- [PR 145](https://github.com/chef-cookbooks/windows/pull/145) - do not fail on non-existant task
- [PR 144](https://github.com/chef-cookbooks/windows/pull/144) - Add a zip example to the README
- [PR 110](https://github.com/chef-cookbooks/windows/pull/110) - More zip documentation
- [PR 148](https://github.com/chef-cookbooks/windows/pull/148) - Add an LWRP for font installation
- [PR 151](https://github.com/chef-cookbooks/windows/pull/151) - Fix windows_package on Chef 12, add integration tests
- [PR 129](https://github.com/chef-cookbooks/windows/pull/129) - Add enable/disable actions to task LWRP
- [PR 115](https://github.com/chef-cookbooks/windows/pull/115) - require Chef::Mixin::PowershellOut before using it
- [PR 88](https://github.com/chef-cookbooks/windows/pull/88) - Code 1003 from servermanagercmd.exe is valid
## v1.34.8 (2014-10-31)
- [Issue 137](https://github.com/chef-cookbooks/windows/issues/137) - windows_path resource breaks with ruby 2.x
## v1.34.6 (2014-09-22)
- [Chef-2009](https://github.com/chef/chef/issues/2009) - Patch to work around a regression in [Chef](https://github.com/chef/chef)
## v1.34.2 (2014-08-12)
- [Issue 99](https://github.com/chef-cookbooks/windows/issues/99) - Remove rubygems / Internet wmi-lite dependency (PR #108)
## v1.34.0 (2014-08-04)
- [Issue 99](https://github.com/chef-cookbooks/windows/issues/99) - Use wmi-lite to fix Chef 11.14.2 break in rdp-ruby-wmi dependency
## v1.32.1 (2014-07-15)
- Fixes broken cookbook release
## v1.32.0 (2014-07-11)
- Add ChefSpec resource methods to allow notification testing (@sneal)
- Add use_inline_resources to providers (@micgo)
- [COOK-4728] - Allow reboot handler to be used as an exception handler
- [COOK-4620] - Ensure win_friendly_path doesn't error out when ALT_SEPARATOR is nil
## v1.31.0 (2014-05-07)
- [COOK-2934] - Add windows_feature support for 2 new DISM attributes: all, source
## v1.30.2 (2014-04-02)
- [COOK-4414] - Adding ChefSpec matchers
## v1.30.0 (2014-02-14)
- [COOK-3715] - Unable to create a startup task with no login
- [COOK-4188] - Add powershell_version method to return Powershell version
## v1.12.8 (2014-01-21)
- [COOK-3988] Don't unescape URI before constructing it.
## v1.12.6 (2014-01-03)
- [COOK-4168] Circular dep on powershell - moving powershell libraries into windows. removing dependency on powershell
## v1.12.4
Fixing depend/depends typo in metadata.rb
## v1.12.2
### Bug
- **[COOK-4110](https://tickets.chef.io/browse/COOK-4110)** - feature_servermanager installed? method regex bug
## v1.12.0
### Bug
- **[COOK-3793](https://tickets.chef.io/browse/COOK-3793)** - parens inside parens of README.md don't render
### New Feature
- **[COOK-3714](https://tickets.chef.io/browse/COOK-3714)** - Powershell features provider and delete support.
## v1.11.0
### Improvement
- **[COOK-3724](https://tickets.chef.io/browse/COOK-3724)** - Rrecommend built-in resources over cookbook resources
- **[COOK-3515](https://tickets.chef.io/browse/COOK-3515)** - Remove unprofessional comment from library
- **[COOK-3455](https://tickets.chef.io/browse/COOK-3455)** - Add Windows Server 2012R2 to windows cookbook version helper
### Bug
- **[COOK-3542](https://tickets.chef.io/browse/COOK-3542)** - Fix an issue where `windows_zipfile` fails with LoadError
- **[COOK-3447](https://tickets.chef.io/browse/COOK-3447)** - Allow Overriding Of The Default Reboot Timeout In windows_reboot_handler
- **[COOK-3382](https://tickets.chef.io/browse/COOK-3382)** - Allow windows_task to create `on_logon` tasks
- **[COOK-2098](https://tickets.chef.io/browse/COOK-2098)** - Fix and issue where the `windows_reboot` handler is ignoring the reboot time
### New Feature
- **[COOK-3458](https://tickets.chef.io/browse/COOK-3458)** - Add support for `start_date` and `start_time` in `windows_task`
## v1.10.0
### Improvement
- [COOK-3126]: `windows_task` should support the on start frequency
- [COOK-3127]: Support the force option on task create and delete
## v1.9.0
### Bug
- [COOK-2899]: windows_feature fails when a feature install requires a reboot
- [COOK-2914]: Foodcritic failures in Cookbooks
- [COOK-2983]: windows cookbook has foodcritic failures
### Improvement
- [COOK-2686]: Add Windows Server 2012 to version.rb so other depending chef scripts can detect Windows Server 2012
## v1.8.10
When using Windows qualified filepaths (C:/foo), the #absolute? method for URI returns true, because "C" is the scheme.
This change checks that the URI is http or https scheme, so it can be passed off to remote_file appropriately.
- [COOK-2729] - allow only http, https URI schemes
## v1.8.8
- [COOK-2729] - helper should use URI rather than regex and bare string
## v1.8.6
- [COOK-968] - `windows_package` provider should gracefully handle paths with spaces
- [COOK-222] - `windows_task` resource does not declare :change action
- [COOK-241] - Windows cookbook should check for redefined constants
- [COOK-248] - Windows package install type is case sensitive
## v1.8.4
- [COOK-2336] - MSI That requires reboot returns with RC 3010 and causes chef run failure
- [COOK-2368] - `version` attribute of the `windows_package` provider should be documented
## v1.8.2
**Important**: Use powershell in nodes expanded run lists to ensure powershell is downloaded, as powershell has a dependency on this cookbook; v1.8.0 created a circular dependency.
- [COOK-2301] - windows 1.8.0 has circular dependency on powershell
## v1.8.0
- [COOK-2126] - Add checksum attribute to `windows_zipfile`
- [COOK-2142] - Add printer and `printer_port` LWRPs
- [COOK-2149] - Chef::Log.debug Windows Package command line
- [COOK-2155] -`windows_package` does not send checksum to `cached_file` in `installer_type`
## v1.7.0
- [COOK-1745] - allow for newer versions of rubyzip
## v1.6.0
- [COOK-2048] - undefined method for Falseclass on task :change when action is :nothing (and task doesn't exist)
- [COOK-2049] - Add `windows_pagefile` resource
## v1.5.0
- [COOK-1251] - Fix LWRP "NotImplementedError"
- [COOK-1921] - Task LWRP will return true for resource exists when no other scheduled tasks exist
- [COOK-1932] - Include :change functionality to windows task lwrp
## v1.4.0:
- [COOK-1571] - `windows_package` resource (with msi provider) does not accept spaces in filename
- [COOK-1581] - Windows cookbook needs a scheduled tasks LWRP
- [COOK-1584] - `windows_registry` should support all registry types
## v1.3.4
- [COOK-1173] - `windows_registry` throws Win32::Registry::Error for action :remove on a nonexistent key
- [COOK-1182] - windows package sets start window title instead of quoting a path
- [COOK-1476] - zipfile lwrp should support :zip action
- [COOK-1485] - package resource fails to perform install correctly when "source" contains quote
- [COOK-1519] - add action :remove for path lwrp
## v1.3.2
- [COOK-1033] - remove the `libraries/ruby_19_patches.rb` file which causes havoc on non-Windows systems.
- [COOK-811] - add a timeout parameter attribute for `windows_package`
## v1.3.0
- [COOK-1323] - Update for changes in Chef 0.10.10.
- Setting file mode doesn't make sense on Windows (package provider
- and `reboot_handler` recipe)
- Prefix ::Win32 to avoid namespace collision with Chef::Win32
- (`registry_helper` library)
- Use chef_gem instead of gem_package so gems get installed correctly under the Ruby environment Chef runs in (reboot_handler recipe, zipfile provider)
## v1.2.12
- [COOK-1037] - specify version for rubyzip gem
- [COOK-1007] - `windows_feature` does not work to remove features with dism
- [COOK-667] - shortcut resource + provider for Windows platforms
## v1.2.10
- [COOK-939] - add `type` parameter to `windows_registry` to allow binary registry keys.
- [COOK-940] - refactor logic so multiple values get created.
## v1.2.8
- FIX: Older Windows (Windows Server 2003) sometimes return 127 on successful forked commands
- FIX: `windows_package`, ensure we pass the WOW* registry redirection flags into reg.open
## v1.2.6
- patch to fix [CHEF-2684], Open4 is named Open3 in Ruby 1.9
- Ruby 1.9's Open3 returns 0 and 42 for successful commands
- retry keyword can only be used in a rescue block in Ruby 1.9
## v1.2.4
- `windows_package` - catch Win32::Registry::Error that pops up when searching certain keys
## v1.2.2
- combined numerous helper libarires for easier sharing across libaries/LWRPs
- renamed Chef::Provider::WindowsFeature::Base file to the more descriptive `feature_base.rb`
- refactored `windows_path` LWRP
- :add action should MODIFY the the underlying ENV variable (vs CREATE)
- deleted greedy :remove action until it could be made more idempotent
- added a `windows_batch` resource/provider for running batch scripts remotely
## v1.2.0
- [COOK-745] gracefully handle required server restarts on Windows platform
- WindowsRebootHandler for requested and pending reboots
- `windows_reboot` LWRP for requesting (receiving notifies) reboots
- `reboot_handler` recipe for enabling WindowsRebootHandler as a report handler
- [COOK-714] Correct initialize misspelling
- RegistryHelper - new `get_values` method which returns all values for a particular key.
## v1.0.8
- [COOK-719] resource/provider for managing windows features
- [COOK-717] remove `windows_env_vars` resource as env resource exists in core chef
- new `Windows::Version` helper class
- refactored `Windows::Helper` mixin
## v1.0.6
- added `force_modify` action to `windows_registry` resource
- add `win_friendly_path` helper
- re-purpose default recipe to install useful supporting windows related gems
## v1.0.4
- [COOK-700] new resources and improvements to the `windows_registry` provider (thanks Paul Morton!)
- Open the registry in the bitednes of the OS
- Provide convenience methods to check if keys and values exit
- Provide convenience method for reading registry values
- NEW - `windows_auto_run` resource/provider
- NEW - `windows_env_vars` resource/provider
- NEW - `windows_path` resource/provider
- re-write of the `windows_package` logic for determining current installed packages
- new checksum attribute for `windows_package` resource...useful for remote packages
## v1.0.2
- [COOK-647] account for Wow6432Node registry redirecter
- [COOK-656] begin/rescue on win32/registry
## v1.0.0
- [COOK-612] initial release

2
cookbooks/windows/CONTRIBUTING.md
View File

@@ -1,2 +0,0 @@
Please refer to
https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD

21
cookbooks/windows/MAINTAINERS.md
View File

@@ -1,21 +0,0 @@
<!-- This is a generated file. Please do not edit directly -->
# Maintainers
This file lists how this cookbook project is maintained. When making changes to the system, this file tells you who needs to review your patch - you need a review from an existing maintainer for the cookbook to provide a :+1: on your pull request. Additionally, you need to not receive a veto from a Lieutenant or the Project Lead.
Check out [How Cookbooks are Maintained](https://github.com/chef-cookbooks/community_cookbook_documentation/blob/master/CONTRIBUTING.MD) for details on the process and how to become a maintainer or the project lead.
# Project Maintainer
* [Adam Edwards](https://github.com/adamedx)
# Maintainers
* [Adam Edwards](https://github.com/adamedx)
* [Kartik Null Cating-Subramanian](https://github.com/ksubrama)
* [Steven Murawski](https://github.com/smurawski)
* [Matt Wrock](https://github.com/mwrock)
* [Jay Mundrawala](https://github.com/jaym)
* [Claire McQuin](https://github.com/mcquin)
* [Salim Alam](https://github.com/chefsalim)
* [Tim Smith](https://github.com/tas50)
* [Jennifer Davis](https://github.com/sigje)

803
cookbooks/windows/README.md
View File

@@ -1,803 +0,0 @@
# Windows Cookbook
[![Build status](https://ci.appveyor.com/api/projects/status/9x4uepmm1g4rktie/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/windows/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows)
Provides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.
## Requirements
### Platforms
- Windows 7
- Windows Server 2008 R2
- Windows 8, 8.1
- Windows Server 2012 (R1, R2)
### Chef
- Chef 12.6+
## Resources
### windows_auto_run
#### Actions
- `:create` - Create an item to be run at login
- `:remove` - Remove an item that was previously setup to run at login
#### Properties
- `name` - Name attribute. The name of the value to be stored in the registry
- `program` - The program to be run at login
- `args` - The arguments for the program
#### Examples
Run BGInfo at login
```ruby
windows_auto_run 'BGINFO' do
program 'C:/Sysinternals/bginfo.exe'
args '\'C:/Sysinternals/Config.bgi\' /NOLICPROMPT /TIMER:0'
action :create
end
```
### windows_certificate
Installs a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work.
#### Actions
- `:create` - creates or updates a certificate.
- `:delete` - deletes a certificate.
- `:acl_add` - adds read-only entries to a certificate's private key ACL.
#### Properties
- `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete).
- `pfx_password` - the password to access the source if it is a pfx file.
- `private_key_acl` - array of 'domain\account' entries to be granted read-only access to the certificate's private key. This is not idempotent.
- `store_name` - the certificate store to manipulate. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store).
- `user_store` - if false (default) then use the local machine store; if true then use the current user's store.
#### Examples
```ruby
# Add PFX cert to local machine personal store and grant accounts read-only access to private key
windows_certificate "c:/test/mycert.pfx" do
pfx_password "password"
private_key_acl ["acme\fred", "pc\jane"]
end
```
```ruby
# Add cert to trusted intermediate store
windows_certificate "c:/test/mycert.cer" do
store_name "CA"
end
```
```ruby
# Remove all certificates matching the subject
windows_certificate "me.acme.com" do
action :delete
end
```
### windows_certificate_binding
Binds a certificate to an HTTP port in order to enable TLS communication.
#### Actions
- `:create` - creates or updates a binding.
- `:delete` - deletes a binding.
#### Properties
- `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.
- `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash.
- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses).
- `port` - the port to bind against. Default is 443.
- `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS.
- `store_name` - the store to locate the certificate in. One of MY (default : personal store), CA (trusted intermediate store) or ROOT (trusted root store).
#### Examples
```ruby
# Bind the first certificate matching the subject to the default TLS port
windows_certificate_binding "me.acme.com" do
end
```
```ruby
# Bind a cert from the CA store with the given hash to port 4334
windows_certificate_binding "me.acme.com" do
cert_name "d234567890a23f567c901e345bc8901d34567890"
name_kind :hash
store_name "CA"
port 4334
end
```
### windows_feature
**BREAKING CHANGE - Version 3.0.0**
This resource has been moved from using LWRPs and multiple providers to using Custom Resources. To maintain functionality, you'll need to change `provider` to `install_method`.
Windows Roles and Features can be thought of as built-in operating system packages that ship with the OS. A server role is a set of software programs that, when they are installed and properly configured, lets a computer perform a specific function for multiple users or other computers within a network. A Role can have multiple Role Services that provide functionality to the Role. Role services are software programs that provide the functionality of a role. Features are software programs that, although they are not directly parts of roles, can support or augment the functionality of one or more roles, or improve the functionality of the server, regardless of which roles are installed. Collectively we refer to all of these attributes as 'features'.
This resource allows you to manage these 'features' in an unattended, idempotent way.
There are three methods for the `windows_feature` which map into Microsoft's three major tools for managing roles/features: [Deployment Image Servicing and Management (DISM)](http://msdn.microsoft.com/en-us/library/dd371719%28v=vs.85%29.aspx), [Servermanagercmd](http://technet.microsoft.com/en-us/library/ee344834%28WS.10%29.aspx) (The CLI for Server Manager), and [PowerShell](https://technet.microsoft.com/en-us/library/cc731774(v=ws.11).aspx). As Servermanagercmd is deprecated, Chef will set the default method to `:windows_feature_dism` if `dism.exe` is present on the system being configured. The default method will fall back to `:windows_feature_servermanagercmd`, and then `:windows_feature_powershell`.
For more information on Roles, Role Services and Features see the [Microsoft TechNet article on the topic](http://technet.microsoft.com/en-us/library/cc754923.aspx). For a complete list of all features that are available on a node type either of the following commands at a command prompt:
For Dism:
```text
dism /online /Get-Features
```
For ServerManagerCmd:
```text
servermanagercmd -query
```
For PowerShell:
```text
get-windowsfeature
```
#### Actions
- `:install` - install a Windows role/feature
- `:remove` - remove a Windows role/feature
- `:delete` - remove a Windows role/feature from the image (not supported by ServerManagerCmd)
#### Properties
- `feature_name` - name of the feature/role(s) to install. The same feature may have different names depending on the provider used (ie DHCPServer vs DHCP; DNS-Server-Full-Role vs DNS).
- `all` - Boolean. Optional. Default: false. DISM and Powershell providers only. Forces all dependencies to be installed.
- `source` - String. Optional. DISM provider only. Uses local repository for feature install.
- `install_method` - Symbol. Optional. **REPLACEMENT FOR THE PREVIOUS PROVIDER OPTION** If not supplied, Chef will determine which method to use (in the order of `:windows_feature_dism`, `:windows_feature_servercmd`, `:windows_feature_powershell`)
#### Examples
Install the DHCP Server feature
```ruby
windows_feature 'DHCPServer' do
action :install
end
```
Install the .Net 3.5.1 feature on Server 2012 using repository files on DVD and install all dependencies
```ruby
windows_feature "NetFx3" do
action :install
all true
source "d:\sources\sxs"
end
```
Remove Telnet Server and Client features
```ruby
windows_feature ['TelnetServer', 'TelnetClient'] do
action :remove
end
```
Add the SMTP Server feature using the PowerShell provider
```ruby
windows_feature "smtp-server" do
action :install
all true
install_method :windows_feature_powershell
end
```
Install multiple features using one resource with the PowerShell provider
```ruby
windows_feature ['Web-Asp-Net45', 'Web-Net-Ext45'] do
action :install
install_method :windows_feature_powershell
end
```
### windows_font
Installs a font.
Font files should be included in the cookbooks
#### Actions
- `:install` - install a font to the system fonts directory.
#### Properties
- `name` - The file name of the font file name to install. The path defaults to the files/default directory of the cookbook you're calling windows_font from. Defaults to the resource name.
- `source` - Set an alternate path to the font file.
#### Examples
```ruby
windows_font 'Code New Roman.otf'
```
### windows_http_acl
Sets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.
#### Actions
- `:create` - creates or updates the ACL for a URL.
- `:delete` - deletes the ACL from a URL.
#### Properties
- `url` - the name of the url to be created/deleted.
- `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`.
- `user` - the name (domain\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry.
#### Examples
```ruby
windows_http_acl 'http://+:50051/' do
user 'pc\\fred'
end
```
```ruby
# Grant access to users "NT SERVICE\WinRM" and "NT SERVICE\Wecsvc" via sddl
windows_http_acl 'http://+:5985/' do
sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'
end
```
```ruby
windows_http_acl 'http://+:50051/' do
action :delete
end
```
### windows_pagefile
Configures the file that provides virtual memory for applications requiring more memory than available RAM or that are paged out to free up memory in use.
#### Actions
- `:set` - configures the default pagefile, creating if it doesn't exist.
- `:delete` - deletes the specified pagefile.
#### Properties
- `name` - the path to the pagefile, String, name_property: true
- `system_managed` - configures whether the system manages the pagefile size. [true, false]
- `automatic_managed` - all of the settings are managed by the system. If this is set to true, other settings will be ignored. [true, false], default: false
- `initial_size` - initial size of the pagefile in bytes. Integer
- `maximum_size` - maximum size of the pagefile in bytes. Integer
### windows_printer_port
Create and delete TCP/IPv4 printer ports.
#### Actions
- `:create` - Create a TCIP/IPv4 printer port. This is the default action.
- `:delete` - Delete a TCIP/IPv4 printer port
#### Properties
- `ipv4_address` - Name attribute. Required. IPv4 address, e.g. '10.0.24.34'
- `port_name` - Port name. Optional. Defaults to 'IP_' + `ipv4_address`
- `port_number` - Port number. Optional. Defaults to 9100.
- `port_description` - Port description. Optional.
- `snmp_enabled` - Boolean. Optional. Defaults to false.
- `port_protocol` - Port protocol, 1 (RAW), or 2 (LPR). Optional. Defaults to 1.
#### Examples
Create a TCP/IP printer port named 'IP_10.4.64.37' with all defaults
```ruby
windows_printer_port '10.4.64.37' do
action :create
end
```
Delete a printer port
```ruby
windows_printer_port '10.4.64.37' do
action :delete
end
```
Delete a port with a custom port_name
```ruby
windows_printer_port '10.4.64.38' do
port_name 'My awesome port'
action :delete
end
```
Create a port with more options
```ruby
windows_printer_port '10.4.64.39' do
port_name 'My awesome port'
snmp_enabled true
port_protocol 2
end
```
### windows_printer
Create Windows printer. Note that this doesn't currently install a printer driver. You must already have the driver installed on the system.
The Windows Printer LWRP will automatically create a TCP/IP printer port for you using the `ipv4_address` property. If you want more granular control over the printer port, just create it using the `windows_printer_port` LWRP before creating the printer.
#### Actions
- `:create` - Create a new printer
- `:delete` - Delete a new printer
#### Properties
- `device_id` - Name attribute. Required. Printer queue name, e.g. 'HP LJ 5200 in fifth floor copy room'
- `comment` - Optional string describing the printer queue.
- `default` - Boolean. Optional. Defaults to false. Note that Windows sets the first printer defined to the default printer regardless of this setting.
- `driver_name` - String. Required. Exact name of printer driver. Note that the printer driver must already be installed on the node.
- `location` - Printer location, e.g. 'Fifth floor copy room', or 'US/NYC/Floor42/Room4207'
- `shared` - Boolean. Defaults to false.
- `share_name` - Printer share name.
- `ipv4_address` - Printer IPv4 address, e.g. '10.4.64.23'. You don't have to be able to ping the IP address to set it. Required.
An error of "Set-WmiInstance : Generic failure" is most likely due to the printer driver name not matching or not being installed.
#### Examples
Create a printer
```ruby
windows_printer 'HP LaserJet 5th Floor' do
driver_name 'HP LaserJet 4100 Series PCL6'
ipv4_address '10.4.64.38'
end
```
Delete a printer. Note: this doesn't delete the associated printer port. See `windows_printer_port` above for how to delete the port.
```ruby
windows_printer 'HP LaserJet 5th Floor' do
action :delete
end
```
### windows_share
Creates, modifies and removes Windows shares. All properties are idempotent.
#### Actions
- :create: creates/modifies a share
- :delete: deletes a share
#### Properties
- share_name: name attribute, the share name.
- path: path to the directory to be shared. Required when creating. If the share already exists on a different path then it is deleted and re-created.
- description: description to be applied to the share
- full_users: array of users which should have "Full control" permissions
- change_users: array of users which should have "Change" permissions
- read_users: array of users which should have "Read" permissions
#### Examples
```ruby
windows_share "foo" do
action :create
path "C:\\foo"
full_users ["DOMAIN_A\\some_user", "DOMAIN_B\\some_other_user"]
read_users ["DOMAIN_C\\Domain users"]
end
```
```ruby
windows_share "foo" do
action :delete
end
```
### windows_shortcut
Creates and modifies Windows shortcuts.
#### Actions
- `:create` - create or modify a windows shortcut
#### Properties
- `name` - name attribute. The shortcut to create/modify.
- `target` - what the shortcut links to
- `arguments` - arguments to pass to the target when the shortcut is executed
- `description` - description of the shortcut
- `cwd` - Working directory to use when the target is executed
- `iconlocation` - Icon to use, in the format of `"path, index"` where index is which icon in that file to use (See [WshShortcut.IconLocation](https://msdn.microsoft.com/en-us/library/3s9bx7at.aspx))
#### Examples
Add a shortcut all users desktop:
```ruby
require 'win32ole'
all_users_desktop = WIN32OLE.new("WScript.Shell").SpecialFolders("AllUsersDesktop")
windows_shortcut "#{all_users_desktop}/Notepad.lnk" do
target "C:\\WINDOWS\\notepad.exe"
description "Launch Notepad"
iconlocation "C:\\windows\\notepad.exe, 0"
end
```
#### Library Methods
```ruby
Registry.value_exists?('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run','BGINFO')
Registry.key_exists?('HKLM\SOFTWARE\Microsoft')
BgInfo = Registry.get_value('HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run','BGINFO')
```
### windows_path
#### Actions
- `:add` - Add an item to the system path
- `:remove` - Remove an item from the system path
#### Properties
- `path` - Name attribute. The name of the value to add to the system path
#### Examples
Add Sysinternals to the system path
```ruby
windows_path 'C:\Sysinternals' do
action :add
end
```
Remove 7-Zip from the system path
```ruby
windows_path 'C:\7-Zip' do
action :remove
end
```
### windows_task
Creates, deletes or runs a Windows scheduled task. Requires Windows Server 2008 due to API usage.
#### Actions
- `:create` - creates a task (or updates existing if user or command has changed)
- `:delete` - deletes a task
- `:run` - runs a task
- `:end` - ends a task
- `:change` - changes the un/pw or command of a task
- `:enable` - enable a task
- `:disable` - disable a task
#### Properties
- `task_name` - name attribute, The task name. ("Task Name" or "/Task Name")
- `force` - When used with create, will update the task.
- `command` - The command the task will run.
- `cwd` - The directory the task will be run from.
- `user` - The user to run the task as. (defaults to 'SYSTEM')
- `password` - The user's password. (requires user)
- `run_level` - Run with `:limited` or `:highest` privileges.
- `frequency` - Frequency with which to run the task. (default is :hourly. Other valid values include :minute, :hourly, :daily, :weekly, :monthly, :once, :on_logon, :onstart, :on_idle) :once requires start_time
- `frequency_modifier` - Multiple for frequency. (15 minutes, 2 days). Monthly tasks may also use these values": ('FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', 'LASTDAY')
- `start_day` - Specifies the first date on which the task runs. Optional string (MM/DD/YYYY)
- `start_time` - Specifies the start time to run the task. Optional string (HH:mm)
- `interactive_enabled` - (Allow task to run interactively or non-interactively. Requires user and password.)
- `day` - For monthly or weekly tasks, the day(s) on which the task runs. (MON - SUN, *, 1 - 31)
- `months` - The Months of the year on which the task runs. (JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC, *). Multiple months should be comma delimited.
- `idle_time` - For :on_idle frequency, the time (in minutes) without user activity that must pass to trigger the task. (1 - 999)
#### Examples
Create a `chef-client` task with TaskPath `\` running every 15 minutes
```ruby
windows_task 'chef-client' do
user 'Administrator'
password '$ecR3t'
cwd 'C:\\chef\\bin'
command 'chef-client -L C:\\tmp\\'
run_level :highest
frequency :minute
frequency_modifier 15
end
```
Update `chef-client` task with new password and log location
```ruby
windows_task 'chef-client' do
user 'Administrator'
password 'N3wPassW0Rd'
cwd 'C:\\chef\\bin'
command 'chef-client -L C:\\chef\\logs\\'
action :change
end
```
Delete a task named `old task`
```ruby
windows_task 'old task' do
action :delete
end
```
Enable a task named `chef-client`
```ruby
windows_task 'chef-client' do
action :enable
end
```
Disable a task named `ProgramDataUpdater` with TaskPath `\Microsoft\Windows\Application Experience\`
```ruby
windows_task '\Microsoft\Windows\Application Experience\ProgramDataUpdater' do
action :disable
end
```
### windows_zipfile
Most version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.
#### Actions
- `:unzip` - unzip a compressed file
- `:zip` - zip a directory (recursively)
#### Properties
- `path` - name attribute. The path where files will be (un)zipped to.
- `source` - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.
- `overwrite` - force an overwrite of the files if they already exist.
- `checksum` - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.
#### Examples
Unzip a remote zip file locally
```ruby
windows_zipfile 'c:/bin' do
source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'
action :unzip
not_if {::File.exists?('c:/bin/PsExec.exe')}
end
```
Unzip a local zipfile
```ruby
windows_zipfile 'c:/the_codez' do
source 'c:/foo/baz/the_codez.zip'
action :unzip
end
```
Create a local zipfile
```ruby
windows_zipfile 'c:/foo/baz/the_codez.zip' do
source 'c:/the_codez'
action :zip
end
```
## Libraries
### WindowsHelper
Helper that allows you to use helpful functions in windows
#### installed_packages
Returns a hash of all DisplayNames installed
```ruby
# usage in a recipe
::Chef::Recipe.send(:include, Windows::Helper)
hash_of_installed_packages = installed_packages
```
#### is_package_installed?
- `package_name` - The name of the package you want to query to see if it is installed
- `returns` - true if the package is installed, false if it the package is not installed
Download a file if a package isn't installed
```ruby
# usage in a recipe to not download a file if package is already installed
::Chef::Recipe.send(:include, Windows::Helper)
is_win_sdk_installed = is_package_installed?('Windows Software Development Kit')
remote_file 'C:\windows\temp\windows_sdk.zip' do
source 'http://url_to_download/windows_sdk.zip'
action :create_if_missing
not_if {is_win_sdk_installed}
end
```
Do something if a package is installed
```ruby
# usage in a provider
include Windows::Helper
if is_package_installed?('Windows Software Development Kit')
# do something if package is installed
end
```
### Windows::VersionHelper
Helper that allows you to get information of the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on linux.
#### core_version?
Determines whether given node is running on a windows Core.
```ruby
if ::Windows::VersionHelper.core_version? node
fail 'Windows Core is not supported'
end
```
#### workstation_version?
Determines whether given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)
```ruby
if ::Windows::VersionHelper.workstation_version? node
fail 'Only server version of windows are supported'
end
```
#### server_version?
Determines whether given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)
```ruby
if ::Windows::VersionHelper.server_version? node
puts 'Server version of windows are cool'
end
```
#### nt_version
Determines NT version of the given node
```ruby
case ::Windows::VersionHelper.nt_version node
when '6.0' then 'Windows vista or Server 2008'
when '6.1' then 'Windows 7 or Server 2008R2'
when '6.2' then 'Windows 8 or Server 2012'
when '6.3' then 'Windows 8.1 or Server 2012R2'
when '10.0' then 'Windows 10'
end
```
## Windows ChefSpec Matchers
The Windows cookbook includes custom [ChefSpec](https://github.com/sethvargo/chefspec) matchers you can use to test your own cookbooks that consume Windows cookbook LWRPs.
### Example Matcher Usage
```ruby
expect(chef_run).to install_windows_package('Node.js').with(
source: 'http://nodejs.org/dist/v0.10.26/x64/node-v0.10.26-x64.msi')
```
### Windows Cookbook Matchers
- create_windows_auto_run
- remove_windows_auto_run
- create_windows_certificate
- delete_windows_certificate
- add_acl_to_windows_certificate
- create_windows_certificate_binding
- delete_windows_certificate_binding
- install_windows_feature
- install_windows_feature_dism
- install_windows_feature_servermanagercmd
- install_windows_feature_powershell
- remove_windows_feature
- remove_windows_feature_dism
- remove_windows_feature_servermanagercmd
- remove_windows_feature_powershell
- delete_windows_feature
- delete_windows_feature_dism
- delete_windows_feature_powershell
- install_windows_font
- create_windows_http_acl
- delete_windows_http_acl
- install_windows_package
- remove_windows_package
- set_windows_pagefile
- add_windows_path
- remove_windows_path
- create_windows_printer
- delete_windows_printer
- create_windows_printer_port
- delete_windows_printer_port
- create_windows_shortcut
- create_windows_shortcut
- create_windows_task
- disable_windows_task
- enable_windows_task
- delete_windows_task
- run_windows_task
- change_windows_task
- unzip_windows_zipfile_to
- zip_windows_zipfile_to
## Usage
Place an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.
```ruby
depends 'windows'
```
## License & Authors
- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))
- Author:: Doug MacEachern ([dougm@vmware.com](mailto:dougm@vmware.com))
- Author:: Paul Morton ([pmorton@biaprotect.com](mailto:pmorton@biaprotect.com))
- Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com))
```text
Copyright 2011-2016, Chef Software, Inc.
Copyright 2010, VMware, Inc.
Copyright 2011, Business Intelligence Associates, Inc
Copyright 2012, Nordstrom, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```

21
cookbooks/windows/attributes/default.rb
View File

@@ -1,21 +0,0 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Cookbook:: windows
# Attribute:: default
#
# Copyright:: 2011-2017, Chef Software, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
default['windows']['rubyzipversion'] = nil

45
cookbooks/windows/files/dism_features.rb
View File

@@ -1,45 +0,0 @@
#
# Author:: Wade Peacock <wade.peacock@visioncritical.com>
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
## See the License for the specific language governing permissions and
# limitations under the License.
#
Ohai.plugin(:DismFeatures) do
provides 'dism_features'
collect_data(:windows) do
dism_features Mash.new
# This is for 32-bit ruby/chef client on 64-bit Windows
# This emulates the locate_sysnative_cmd helper as it is not available
cmd = 'dism.exe'
dism = if ::File.exist?("#{ENV['WINDIR']}\\sysnative\\#{cmd}")
"#{ENV['WINDIR']}\\sysnative\\#{cmd}"
elsif ::File.exist?("#{ENV['WINDIR']}\\system32\\#{cmd}")
"#{ENV['WINDIR']}\\system32\\#{cmd}"
else
cmd
end
# Grab raw feature information from dism command line
raw_list_of_features = shell_out("#{dism} /Get-Features /Online /Format:Table").stdout
# Split stdout into an array by windows line ending
features_list = raw_list_of_features.split("\r\n")
features_list.each do |feature_details_raw|
# Skip lines that do not match Enable / Disable
next unless feature_details_raw =~ /(En|Dis)able/
# Strip trailing whitespace characters then split on n number of spaces + | + n number of spaces
feature_details = feature_details_raw.strip.split(/\s+[|]\s+/)
# Add to Mash
dism_features[feature_details.first] = feature_details.last
end
end
end

586
cookbooks/windows/libraries/matchers.rb
View File

@@ -1,586 +0,0 @@
if defined?(ChefSpec)
ChefSpec.define_matcher :windows_auto_run
ChefSpec.define_matcher :windows_certificate
ChefSpec.define_matcher :windows_certificate_binding
ChefSpec.define_matcher :windows_feature
ChefSpec.define_matcher :windows_feature_dism
ChefSpec.define_matcher :windows_feature_servermanagercmd
ChefSpec.define_matcher :windows_feature_powershell
ChefSpec.define_matcher :windows_font
ChefSpec.define_matcher :windows_http_acl
ChefSpec.define_matcher :windows_pagefile
ChefSpec.define_matcher :windows_path
ChefSpec.define_matcher :windows_printer
ChefSpec.define_matcher :windows_printer_port
ChefSpec.define_matcher :windows_share
ChefSpec.define_matcher :windows_shortcut
ChefSpec.define_matcher :windows_task
ChefSpec.define_matcher :windows_zipfile
#
# Assert that a +windows_certificate+ resource exists in the Chef run with the
# action +:create+. Given a Chef Recipe that creates 'c:\test\mycert.pfx' as a
# +windows_certificate+:
#
# windows_certificate 'c:\test\mycert.pfx' do
# action :create
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_certificate+ resource with ChefSpec.
#
# @example Assert that a +windows_certificate+ was created
# expect(chef_run).to create_windows_certificate('c:\test\mycert.pfx')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def create_windows_certificate(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate, :create, resource_name)
end
#
# Assert that a +windows_certificate+ resource exists in the Chef run with the
# action +:delete+. Given a Chef Recipe that deletes "me.acme.com" as a
# +windows_certificate+:
#
# windows_certificate 'me.acme.com' do
# action :delete
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_certificate+ resource with ChefSpec.
#
# @example Assert that a +windows_certificate+ was _not_ deleted
# expect(chef_run).to_not delete_windows_certificate('me.acme.com')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def delete_windows_certificate(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate, :delete, resource_name)
end
#
# Assert that a +windows_certificate+ resource exists in the Chef run with the
# action +:acl_add+. Given a Chef Recipe that adds a private key acl to "me.acme.com" as a
# +windows_certificate+:
#
# windows_certificate 'me.acme.com' do
# private_key_acl ['acme\fred', 'pc\jane']
# action :acl_add
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_certificate+ resource with ChefSpec.
#
# @example Assert that a +windows_certificate+ was _not_ removed
# expect(chef_run).to add_acl_to_windows_certificate('me.acme.com').with(private_key_acl: ['acme\fred', 'pc\jane'])
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def add_acl_to_windows_certificate(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate, :acl_add, resource_name)
end
#
# Assert that a +windows_feature+ resource exists in the Chef run with the
# action +:install+. Given a Chef Recipe that installs "NetFX3" as a
# +windows_feature+:
#
# windows_feature 'NetFX3' do
# action :install
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_feature+ resource with ChefSpec.
#
# @example Assert that a +windows_feature+ was installed
# expect(chef_run).to install_windows_feature('NetFX3')
#
# @example Assert that a +windows_feature+ was _not_ installed
# expect(chef_run).to_not install_windows_feature('NetFX3')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def install_windows_feature(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature, :install, resource_name)
end
def install_windows_feature_servermanagercmd(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_servermanagercmd, :install, resource_name)
end
def install_windows_feature_dism(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_dism, :install, resource_name)
end
def install_windows_feature_powershell(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_powershell, :install, resource_name)
end
#
# Assert that a +windows_feature+ resource exists in the Chef run with the
# action +:remove+. Given a Chef Recipe that removes "NetFX3" as a
# +windows_feature+:
#
# windows_feature 'NetFX3' do
# action :remove
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_feature+ resource with ChefSpec.
#
# @example Assert that a +windows_feature+ was removed
# expect(chef_run).to remove_windows_feature('NetFX3')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def remove_windows_feature(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature, :remove, resource_name)
end
def remove_windows_feature_servermanagercmd(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_servermanagercmd, :remove, resource_name)
end
def remove_windows_feature_dism(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_dism, :remove, resource_name)
end
def remove_windows_feature_powershell(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_powershell, :remove, resource_name)
end
#
# Assert that a +windows_feature+ resource exists in the Chef run with the
# action +:delete+. Given a Chef Recipe that deletes "NetFX3" as a
# +windows_feature+:
#
# windows_feature 'NetFX3' do
# action :delete
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_feature+ resource with ChefSpec.
#
# @example Assert that a +windows_feature+ was deleted
# expect(chef_run).to delete_windows_feature('NetFX3')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def delete_windows_feature(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature, :delete, resource_name)
end
def delete_windows_feature_dism(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_dism, :delete, resource_name)
end
def delete_windows_feature_powershell(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_feature_powershell, :delete, resource_name)
end
#
# Assert that a +windows_task+ resource exists in the Chef run with the
# action +:create+. Given a Chef Recipe that creates "mytask" as a
# +windows_task+:
#
# windows_task 'mytask' do
# command 'mybatch.bat'
# action :create
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_task+ resource with ChefSpec.
#
# @example Assert that a +windows_task+ was created
# expect(chef_run).to create_windows_task('mytask')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def create_windows_task(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :create, resource_name)
end
#
# Assert that a +windows_task+ resource exists in the Chef run with the
# action +:disable+. Given a Chef Recipe that creates "mytask" as a
# +windows_task+:
#
# windows_task 'mytask' do
# action :disable
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_task+ resource with ChefSpec.
#
# @example Assert that a +windows_task+ was disabled
# expect(chef_run).to disable_windows_task('mytask')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def disable_windows_task(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :disable, resource_name)
end
#
# Assert that a +windows_task+ resource exists in the Chef run with the
# action +:enable+. Given a Chef Recipe that creates "mytask" as a
# +windows_task+:
#
# windows_task 'mytask' do
# action :enable
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_task+ resource with ChefSpec.
#
# @example Assert that a +windows_task+ was enabled
# expect(chef_run).to enable_windows_task('mytask')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def enable_windows_task(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :enable, resource_name)
end
#
# Assert that a +windows_task+ resource exists in the Chef run with the
# action +:delete+. Given a Chef Recipe that deletes "mytask" as a
# +windows_task+:
#
# windows_task 'mytask' do
# action :delete
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_task+ resource with ChefSpec.
#
# @example Assert that a +windows_task+ was deleted
# expect(chef_run).to delete_windows_task('mytask')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def delete_windows_task(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :delete, resource_name)
end
#
# Assert that a +windows_task+ resource exists in the Chef run with the
# action +:run+. Given a Chef Recipe that runs "mytask" as a
# +windows_task+:
#
# windows_task 'mytask' do
# action :run
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_task+ resource with ChefSpec.
#
# @example Assert that a +windows_task+ was run
# expect(chef_run).to run_windows_task('mytask')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def run_windows_task(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :run, resource_name)
end
#
# Assert that a +windows_task+ resource exists in the Chef run with the
# action +:change+. Given a Chef Recipe that changes "mytask" as a
# +windows_task+:
#
# windows_task 'mytask' do
# action :change
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_task+ resource with ChefSpec.
#
# @example Assert that a +windows_task+ was changed
# expect(chef_run).to change_windows_task('mytask')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def change_windows_task(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_task, :change, resource_name)
end
#
# Assert that a +windows_path+ resource exists in the Chef run with the
# action +:add+. Given a Chef Recipe that adds "C:\7-Zip" to the Windows
# PATH env var
#
# windows_path 'C:\7-Zip' do
# action :add
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_path+ resource with ChefSpec.
#
# @example Assert that a +windows_path+ was added
# expect(chef_run).to add_windows_path('C:\7-Zip')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def add_windows_path(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_path, :add, resource_name)
end
#
# Assert that a +windows_path+ resource exists in the Chef run with the
# action +:remove+. Given a Chef Recipe that removes "C:\7-Zip" from the
# Windows PATH env var
#
# windows_path 'C:\7-Zip' do
# action :remove
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_path+ resource with ChefSpec.
#
# @example Assert that a +windows_path+ was removed
# expect(chef_run).to remove_windows_path('C:\7-Zip')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def remove_windows_path(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_path, :remove, resource_name)
end
#
# Assert that a +windows_pagefile+ resource exists in the Chef run with the
# action +:set+. Given a Chef Recipe that sets a pagefile
#
# windows_pagefile "pagefile" do
# system_managed true
# initial_size 1024
# maximum_size 4096
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_pagefile+ resource with ChefSpec.
#
# @example Assert that a +windows_pagefile+ was set
# expect(chef_run).to set_windows_pagefile('pagefile').with(
# initial_size: 1024)
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def set_windows_pagefile(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_pagefile, :set, resource_name)
end
#
# Assert that a +windows_zipfile+ resource exists in the Chef run with the
# action +:unzip+. Given a Chef Recipe that extracts "SysinternalsSuite.zip"
# to c:/bin
#
# windows_zipfile "c:/bin" do
# source "http://download.sysinternals.com/Files/SysinternalsSuite.zip"
# action :unzip
# not_if {::File.exists?("c:/bin/PsExec.exe")}
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_zipfile+ resource with ChefSpec.
#
# @example Assert that a +windows_zipfile+ was unzipped
# expect(chef_run).to unzip_windows_zipfile_to('c:/bin')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def unzip_windows_zipfile_to(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_zipfile, :unzip, resource_name)
end
#
# Assert that a +windows_zipfile+ resource exists in the Chef run with the
# action +:zip+. Given a Chef Recipe that zips "c:/src"
# to c:/code.zip
#
# windows_zipfile "c:/code.zip" do
# source "c:/src"
# action :zip
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_zipfile+ resource with ChefSpec.
#
# @example Assert that a +windows_zipfile+ was zipped
# expect(chef_run).to zip_windows_zipfile_to('c:/code.zip')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def zip_windows_zipfile_to(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_zipfile, :zip, resource_name)
end
#
# Assert that a +windows_share+ resource exists in the Chef run with the
# action +:create+. Given a Chef Recipe that shares "c:/src"
# as Src
#
# windows_share "Src" do
# path "c:/src"
# action :create
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_share+ resource with ChefSpec.
#
# @example Assert that a +windows_share+ was created
# expect(chef_run).to create_windows_share('Src')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def create_windows_share(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_share, :create, resource_name)
end
#
# Assert that a +windows_share+ resource exists in the Chef run with the
# action +:delete+. Given a Chef Recipe that deletes share "c:/src"
#
# windows_share "Src" do
# action :delete
# end
#
# The Examples section demonstrates the different ways to test a
# +windows_share+ resource with ChefSpec.
#
# @example Assert that a +windows_share+ was created
# expect(chef_run).to delete_windows_share('Src')
#
#
# @param [String, Regex] resource_name
# the name of the resource to match
#
# @return [ChefSpec::Matchers::ResourceMatcher]
#
def delete_windows_share(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_share, :delete, resource_name)
end
# All the other less commonly used LWRPs
def create_windows_shortcut(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_shortcut, :create, resource_name)
end
def create_windows_auto_run(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_auto_run, :create, resource_name)
end
def remove_windows_auto_run(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_auto_run, :remove, resource_name)
end
def create_windows_printer(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_printer, :create, resource_name)
end
def delete_windows_printer(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_printer, :delete, resource_name)
end
def create_windows_printer_port(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_printer_port, :create, resource_name)
end
def delete_windows_printer_port(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_printer_port, :delete, resource_name)
end
def install_windows_font(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_font, :install, resource_name)
end
def create_windows_certificate_binding(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate_binding, :create, resource_name)
end
def delete_windows_certificate_binding(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_certificate_binding, :delete, resource_name)
end
def create_windows_http_acl(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_http_acl, :create, resource_name)
end
def delete_windows_http_acl(resource_name)
ChefSpec::Matchers::ResourceMatcher.new(:windows_http_acl, :delete, resource_name)
end
end

53
cookbooks/windows/libraries/powershell_helper.rb
View File

@@ -1,53 +0,0 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Cookbook:: windows
# Library:: helper
#
# Copyright:: 2011-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
require 'chef/mixin/shell_out'
module Powershell
module Helper
include Chef::Mixin::ShellOut
def powershell_installed?
!powershell_version.nil?
end
def interpreter
# force 64-bit powershell from 32-bit ruby process
if ::File.exist?("#{ENV['WINDIR']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe")
"#{ENV['WINDIR']}\\sysnative\\WindowsPowershell\\v1.0\\powershell.exe"
elsif ::File.exist?("#{ENV['WINDIR']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe")
"#{ENV['WINDIR']}\\system32\\WindowsPowershell\\v1.0\\powershell.exe"
else
'powershell.exe'
end
end
def powershell_version
cmd = shell_out("#{interpreter} -InputFormat none -Command \"& echo $PSVersionTable.psversion.major\"")
if cmd.stdout.empty? # PowerShell 1.0 doesn't have a $PSVersionTable
1
else
Regexp.last_match(1).to_i if cmd.stdout =~ /^(\d+)/
end
rescue Errno::ENOENT
nil
end
end
end

356
cookbooks/windows/libraries/registry_helper.rb
View File

@@ -1,356 +0,0 @@
#
# Author:: Doug MacEachern (<dougm@vmware.com>)
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Author:: Paul Morton (<pmorton@biaprotect.com>)
# Cookbook:: windows
# Provider:: registry
#
# Copyright:: 2010-2017, VMware, Inc.
# Copyright:: 2011-2017, Chef Software, Inc.
# Copyright:: 2011-2017, Business Intelligence Associates, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if RUBY_PLATFORM =~ /mswin|mingw32|windows/
require 'win32/registry'
require_relative 'wmi_helper'
end
module Windows
module RegistryHelper
@@native_registry_constant = if ENV['PROCESSOR_ARCHITECTURE'] == 'AMD64' ||
ENV['PROCESSOR_ARCHITEW6432'] == 'AMD64'
0x0100
else
0x0200
end
def get_hive_name(path)
Chef::Log.debug('Resolving registry shortcuts to full names')
reg_path = path.split('\\')
hive_name = reg_path.shift
hkey = {
'HKLM' => 'HKEY_LOCAL_MACHINE',
'HKCU' => 'HKEY_CURRENT_USER',
'HKU' => 'HKEY_USERS',
}[hive_name] || hive_name
Chef::Log.debug("Hive resolved to #{hkey}")
hkey
end
def get_hive(path)
Chef::Log.debug("Getting hive for #{path}")
reg_path = path.split('\\')
hive_name = reg_path.shift
hkey = get_hive_name(path)
hive = {
'HKEY_LOCAL_MACHINE' => ::Win32::Registry::HKEY_LOCAL_MACHINE,
'HKEY_USERS' => ::Win32::Registry::HKEY_USERS,
'HKEY_CURRENT_USER' => ::Win32::Registry::HKEY_CURRENT_USER,
}[hkey]
unless hive
Chef::Application.fatal!("Unsupported registry hive '#{hive_name}'")
end
Chef::Log.debug("Registry hive resolved to #{hkey}")
hive
end
def unload_hive(path)
hive = get_hive(path)
if hive == ::Win32::Registry::HKEY_USERS
reg_path = path.split('\\')
priv = Chef::WindowsPrivileged.new
begin
priv.reg_unload_key(reg_path[1])
rescue
end
end
end
def set_value(mode, path, values, type = nil)
hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)
key_name = reg_path.join('\\')
Chef::Log.debug("Creating #{path}")
create_key(path) unless key_exists?(path, true)
hive.send(mode, key_name, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg|
changed_something = false
values.each do |k, val|
key = k.to_s # wtf. avoid "can't modify frozen string" in win32/registry.rb
cur_val = nil
begin
cur_val = reg[key]
rescue
# subkey does not exist (ok)
end
next unless cur_val != val
Chef::Log.debug("setting #{key}=#{val}")
type = :string if type.nil?
reg_type = {
binary: ::Win32::Registry::REG_BINARY,
string: ::Win32::Registry::REG_SZ,
multi_string: ::Win32::Registry::REG_MULTI_SZ,
expand_string: ::Win32::Registry::REG_EXPAND_SZ,
dword: ::Win32::Registry::REG_DWORD,
dword_big_endian: ::Win32::Registry::REG_DWORD_BIG_ENDIAN,
qword: ::Win32::Registry::REG_QWORD,
}[type]
reg.write(key, reg_type, val)
ensure_hive_unloaded(hive_loaded)
changed_something = true
end
return changed_something
end
false
end
def get_value(path, value)
hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)
key = reg_path.join('\\')
hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg|
begin
return reg[value]
rescue
return nil
ensure
ensure_hive_unloaded(hive_loaded)
end
end
end
def get_values(path)
hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)
key = reg_path.join('\\')
hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg|
values = []
begin
reg.each_value do |name, type, data|
values << [name, type, data]
end
rescue
ensure
ensure_hive_unloaded(hive_loaded)
end
values
end
end
def delete_value(path, values)
hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)
key = reg_path.join('\\')
Chef::Log.debug("Deleting values in #{path}")
hive.open(key, ::Win32::Registry::KEY_ALL_ACCESS | @@native_registry_constant) do |reg|
values.each_key do |key|
name = key.to_s
# Ensure delete operation is idempotent.
if value_exists?(path, key)
Chef::Log.debug("Deleting value #{name} in #{path}")
reg.delete_value(name)
else
Chef::Log.debug("Value #{name} in #{path} does not exist, skipping.")
end
end
end
end
def create_key(path)
hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)
key = reg_path.join('\\')
Chef::Log.debug("Creating registry key #{path}")
hive.create(key)
end
def value_exists?(path, value)
if key_exists?(path, true)
hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)
key = reg_path.join('\\')
Chef::Log.debug("Attempting to open #{key}")
Chef::Log.debug("Native Constant #{@@native_registry_constant}")
Chef::Log.debug("Hive #{hive}")
hive.open(key, ::Win32::Registry::KEY_READ | @@native_registry_constant) do |reg|
begin
rtn_value = reg[value]
return true
rescue
return false
ensure
ensure_hive_unloaded(hive_loaded)
end
end
end
false
end
# TODO: Does not load user registry...
def key_exists?(path, load_hive = false)
if load_hive
hive, reg_path, hive_name, root_key, hive_loaded = get_reg_path_info(path)
key = reg_path.join('\\')
else
hive = get_hive(path)
reg_path = path.split('\\')
hive_name = reg_path.shift
root_key = reg_path[0]
key = reg_path.join('\\')
hive_loaded = false
end
begin
hive.open(key, ::Win32::Registry::Constants::KEY_READ | @@native_registry_constant)
return true
rescue
return false
ensure
ensure_hive_unloaded(hive_loaded)
end
end
def get_user_hive_location(sid)
reg_key = "HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList\\#{sid}"
Chef::Log.debug("Looking for profile at #{reg_key}")
if key_exists?(reg_key)
return get_value(reg_key, 'ProfileImagePath')
else
return nil
end
end
def resolve_user_to_sid(username)
user_query = execute_wmi_query("select * from Win32_UserAccount where Name='#{username}'")
sid = nil
user_query.each do |user|
sid = wmi_object_property(user, 'sid')
break
end
Chef::Log.debug("Resolved user SID to #{sid}")
return sid
rescue
return nil
end
def hive_loaded?(path)
hive = get_hive(path)
reg_path = path.split('\\')
hive_name = reg_path.shift
user_hive = path[0]
if user_hive?(hive)
return key_exists?("#{hive_name}\\#{user_hive}")
else
return true
end
end
def user_hive?(hive)
hive == ::Win32::Registry::HKEY_USERS
end
def get_reg_path_info(path)
hive = get_hive(path)
reg_path = path.split('\\')
hive_name = reg_path.shift
root_key = reg_path[0]
hive_loaded = false
if user_hive?(hive) && !key_exists?("#{hive_name}\\#{root_key}")
reg_path, hive_loaded = load_user_hive(hive, reg_path, root_key)
root_key = reg_path[0]
Chef::Log.debug("Resolved user (#{path}) to (#{reg_path.join('/')})")
end
[hive, reg_path, hive_name, root_key, hive_loaded]
end
def load_user_hive(hive, reg_path, user_hive)
Chef::Log.debug("Reg Path #{reg_path}")
# See if the hive is loaded. Logged in users will have a key that is named their SID
# if the user has specified the a path by SID and the user is logged in, this function
# should not be executed.
if user_hive?(hive) && !key_exists?("HKU\\#{user_hive}")
Chef::Log.debug('The user is not logged in and has not been specified by SID')
sid = resolve_user_to_sid(user_hive)
Chef::Log.debug("User SID resolved to (#{sid})")
# Now that the user has been resolved to a SID, check and see if the hive exists.
# If this exists by SID, the user is logged in and we should use that key.
# TODO: Replace the username with the sid and send it back because the username
# does not exist as the key location.
load_reg = false
if key_exists?("HKU\\#{sid}")
reg_path[0] = sid # use the active profile (user is logged on)
Chef::Log.debug("HKEY_USERS Mapped: #{user_hive} -> #{sid}")
else
Chef::Log.debug('User is not logged in')
load_reg = true
end
# The user is not logged in, so we should load the registry from disk
if load_reg
profile_path = get_user_hive_location(sid)
unless profile_path.nil?
ntuser_dat = "#{profile_path}\\NTUSER.DAT"
if ::File.exist?(ntuser_dat)
priv = Chef::WindowsPrivileged.new
if priv.reg_load_key(sid, ntuser_dat)
Chef::Log.debug("RegLoadKey(#{sid}, #{user_hive}, #{ntuser_dat})")
reg_path[0] = sid
else
Chef::Log.debug("Failed RegLoadKey(#{sid}, #{user_hive}, #{ntuser_dat})")
end
end
end
end
end
[reg_path, load_reg]
end
private
def ensure_hive_unloaded(hive_loaded = false)
if hive_loaded
Chef::Log.debug('Hive was loaded, we really should unload it')
unload_hive(path)
end
end
end
end
module Registry
module_function
extend Windows::RegistryHelper
end

207
cookbooks/windows/libraries/version.rb
View File

@@ -1,207 +0,0 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Cookbook:: windows
# Library:: version
#
# Copyright:: 2011-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if RUBY_PLATFORM =~ /mswin|mingw32|windows/
require_relative 'wmi_helper'
require 'Win32API'
end
module Windows
class Version
# http://msdn.microsoft.com/en-us/library/ms724833(v=vs.85).aspx
# Suite Masks
# Microsoft BackOffice components are installed.
VER_SUITE_BACKOFFICE = 0x00000004 unless defined?(VER_SUITE_BACKOFFICE)
# Windows Server 2003, Web Edition is installed.
VER_SUITE_BLADE = 0x00000400 unless defined?(VER_SUITE_BLADE)
# Windows Server 2003, Compute Cluster Edition is installed.
VER_SUITE_COMPUTE_SERVER = 0x00004000 unless defined?(VER_SUITE_COMPUTE_SERVER)
# Windows Server 2008 Datacenter, Windows Server 2003, Datacenter Edition, or Windows 2000 Datacenter Server is installed.
VER_SUITE_DATACENTER = 0x00000080 unless defined?(VER_SUITE_DATACENTER)
# Windows Server 2008 Enterprise, Windows Server 2003, Enterprise Edition, or Windows 2000 Advanced Server is installed. Refer to the Remarks section for more information about this bit flag.
VER_SUITE_ENTERPRISE = 0x00000002 unless defined?(VER_SUITE_ENTERPRISE)
# Windows XP Embedded is installed.
VER_SUITE_EMBEDDEDNT = 0x00000040 unless defined?(VER_SUITE_EMBEDDEDNT)
# Windows Vista Home Premium, Windows Vista Home Basic, or Windows XP Home Edition is installed.
VER_SUITE_PERSONAL = 0x00000200 unless defined?(VER_SUITE_PERSONAL)
# Remote Desktop is supported, but only one interactive session is supported. This value is set unless the system is running in application server mode.
VER_SUITE_SINGLEUSERTS = 0x00000100 unless defined?(VER_SUITE_SINGLEUSERTS)
# Microsoft Small Business Server was once installed on the system, but may have been upgraded to another version of Windows. Refer to the Remarks section for more information about this bit flag.
VER_SUITE_SMALLBUSINESS = 0x00000001 unless defined?(VER_SUITE_SMALLBUSINESS)
# Microsoft Small Business Server is installed with the restrictive client license in force. Refer to the Remarks section for more information about this bit flag.
VER_SUITE_SMALLBUSINESS_RESTRICTED = 0x00000020 unless defined?(VER_SUITE_SMALLBUSINESS_RESTRICTED)
# Windows Storage Server 2003 R2 or Windows Storage Server 2003is installed.
VER_SUITE_STORAGE_SERVER = 0x00002000 unless defined?(VER_SUITE_STORAGE_SERVER)
# Terminal Services is installed. This value is always set.
# If VER_SUITE_TERMINAL is set but VER_SUITE_SINGLEUSERTS is not set, the system is running in application server mode.
VER_SUITE_TERMINAL = 0x00000010 unless defined?(VER_SUITE_TERMINAL)
# Windows Home Server is installed.
VER_SUITE_WH_SERVER = 0x00008000 unless defined?(VER_SUITE_WH_SERVER)
# Product Type
# The system is a domain controller and the operating system is Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server.
VER_NT_DOMAIN_CONTROLLER = 0x0000002 unless defined?(VER_NT_DOMAIN_CONTROLLER)
# The operating system is Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server.
# Note that a server that is also a domain controller is reported as VER_NT_DOMAIN_CONTROLLER, not VER_NT_SERVER.
VER_NT_SERVER = 0x0000003 unless defined?(VER_NT_SERVER)
# The operating system is Windows 7, Windows Vista, Windows XP Professional, Windows XP Home Edition, or Windows 2000 Professional.
VER_NT_WORKSTATION = 0x0000001 unless defined?(VER_NT_WORKSTATION)
# GetSystemMetrics
# The build number if the system is Windows Server 2003 R2; otherwise, 0.
SM_SERVERR2 = 89 unless defined?(SM_SERVERR2)
# http://msdn.microsoft.com/en-us/library/ms724358(v=vs.85).aspx
SKU = {
0x00000006 => { ms_const: 'PRODUCT_BUSINESS', name: 'Business' },
0x00000010 => { ms_const: 'PRODUCT_BUSINESS_N', name: 'Business N' },
0x00000012 => { ms_const: 'PRODUCT_CLUSTER_SERVER', name: 'HPC Edition' },
0x00000008 => { ms_const: 'PRODUCT_DATACENTER_SERVER', name: 'Server Datacenter (full installation)' },
0x0000000C => { ms_const: 'PRODUCT_DATACENTER_SERVER_CORE', name: 'Server Datacenter (core installation)' },
0x00000027 => { ms_const: 'PRODUCT_DATACENTER_SERVER_CORE_V', name: 'Server Datacenter without Hyper-V (core installation)' },
0x00000025 => { ms_const: 'PRODUCT_DATACENTER_SERVER_V', name: 'Server Datacenter without Hyper-V (full installation)' },
0x00000004 => { ms_const: 'PRODUCT_ENTERPRISE', name: 'Enterprise' },
0x00000046 => { ms_const: 'PRODUCT_ENTERPRISE_E', name: 'Not supported' },
0x0000001B => { ms_const: 'PRODUCT_ENTERPRISE_N', name: 'Enterprise N' },
0x0000000A => { ms_const: 'PRODUCT_ENTERPRISE_SERVER', name: 'Server Enterprise (full installation)' },
0x0000000E => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_CORE', name: 'Server Enterprise (core installation)' },
0x00000029 => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_CORE_V', name: 'Server Enterprise without Hyper-V (core installation)' },
0x0000000F => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_IA64', name: 'Server Enterprise for Itanium-based Systems' },
0x00000026 => { ms_const: 'PRODUCT_ENTERPRISE_SERVER_V', name: 'Server Enterprise without Hyper-V (full installation)' },
0x00000002 => { ms_const: 'PRODUCT_HOME_BASIC', name: 'Home Basic' },
0x00000043 => { ms_const: 'PRODUCT_HOME_BASIC_E', name: 'Not supported' },
0x00000005 => { ms_const: 'PRODUCT_HOME_BASIC_N', name: 'Home Basic N' },
0x00000003 => { ms_const: 'PRODUCT_HOME_PREMIUM', name: 'Home Premium' },
0x00000044 => { ms_const: 'PRODUCT_HOME_PREMIUM_E', name: 'Not supported' },
0x0000001A => { ms_const: 'PRODUCT_HOME_PREMIUM_N', name: 'Home Premium N' },
0x0000002A => { ms_const: 'PRODUCT_HYPERV', name: 'Microsoft Hyper-V Server' },
0x0000001E => { ms_const: 'PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT', name: 'Windows Essential Business Server Management Server' },
0x00000020 => { ms_const: 'PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING', name: 'Windows Essential Business Server Messaging Server' },
0x0000001F => { ms_const: 'PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY', name: 'Windows Essential Business Server Security Server' },
0x00000030 => { ms_const: 'PRODUCT_PROFESSIONAL', name: 'Professional' },
0x00000045 => { ms_const: 'PRODUCT_PROFESSIONAL_E', name: 'Not supported' },
0x00000031 => { ms_const: 'PRODUCT_PROFESSIONAL_N', name: 'Professional N' },
0x00000067 => { ms_const: 'PRODUCT_PROFESSIONAL_WMC', name: 'Professional with Media Center' },
0x00000018 => { ms_const: 'PRODUCT_SERVER_FOR_SMALLBUSINESS', name: 'Windows Server 2008 for Windows Essential Server Solutions' },
0x00000023 => { ms_const: 'PRODUCT_SERVER_FOR_SMALLBUSINESS_V', name: 'Windows Server 2008 without Hyper-V for Windows Essential Server Solutions' },
0x00000021 => { ms_const: 'PRODUCT_SERVER_FOUNDATION', name: 'Server Foundation' },
0x00000022 => { ms_const: 'PRODUCT_HOME_PREMIUM_SERVER', name: 'Windows Home Server 2011' },
0x00000032 => { ms_const: 'PRODUCT_SB_SOLUTION_SERVER', name: 'Windows Small Business Server 2011 Essentials' },
0x00000013 => { ms_const: 'PRODUCT_HOME_SERVER', name: 'Windows Storage Server 2008 R2 Essentials' },
0x00000009 => { ms_const: 'PRODUCT_SMALLBUSINESS_SERVER', name: 'Windows Small Business Server' },
0x00000038 => { ms_const: 'PRODUCT_SOLUTION_EMBEDDEDSERVER', name: 'Windows MultiPoint Server' },
0x00000007 => { ms_const: 'PRODUCT_STANDARD_SERVER', name: 'Server Standard (full installation)' },
0x0000000D => { ms_const: 'PRODUCT_STANDARD_SERVER_CORE', name: 'Server Standard (core installation)' },
0x00000028 => { ms_const: 'PRODUCT_STANDARD_SERVER_CORE_V', name: 'Server Standard without Hyper-V (core installation)' },
0x00000024 => { ms_const: 'PRODUCT_STANDARD_SERVER_V', name: 'Server Standard without Hyper-V (full installation)' },
0x0000000B => { ms_const: 'PRODUCT_STARTER', name: 'Starter' },
0x00000042 => { ms_const: 'PRODUCT_STARTER_E', name: 'Not supported' },
0x0000002F => { ms_const: 'PRODUCT_STARTER_N', name: 'Starter N' },
0x00000017 => { ms_const: 'PRODUCT_STORAGE_ENTERPRISE_SERVER', name: 'Storage Server Enterprise' },
0x00000014 => { ms_const: 'PRODUCT_STORAGE_EXPRESS_SERVER', name: 'Storage Server Express' },
0x00000015 => { ms_const: 'PRODUCT_STORAGE_STANDARD_SERVER', name: 'Storage Server Standard' },
0x00000016 => { ms_const: 'PRODUCT_STORAGE_WORKGROUP_SERVER', name: 'Storage Server Workgroup' },
0x00000000 => { ms_const: 'PRODUCT_UNDEFINED', name: 'An unknown product' },
0x00000001 => { ms_const: 'PRODUCT_ULTIMATE', name: 'Ultimate' },
0x00000047 => { ms_const: 'PRODUCT_ULTIMATE_E', name: 'Not supported' },
0x0000001C => { ms_const: 'PRODUCT_ULTIMATE_N', name: 'Ultimate N' },
0x00000011 => { ms_const: 'PRODUCT_WEB_SERVER', name: 'Web Server (full installation)' },
0x0000001D => { ms_const: 'PRODUCT_WEB_SERVER_CORE', name: 'Web Server (core installation)' },
}.freeze unless defined?(SKU)
attr_reader :major_version, :minor_version, :build_number, :service_pack_major_version, :service_pack_minor_version
attr_reader :version, :product_type, :product_suite, :sku
def initialize
unless RUBY_PLATFORM =~ /mswin|mingw32|windows/
raise NotImplementedError, 'only valid on Windows platform'
end
@version, @product_type, @product_suite, @sku, @service_pack_major_version, @service_pack_minor_version = get_os_info
@major_version, @minor_version, @build_number = version.split('.').map(&:to_i)
end
WIN_VERSIONS = {
'Windows Server 2012 R2' => { major: 6, minor: 3, callable: -> { @product_type != VER_NT_WORKSTATION } },
'Windows 8' => { major: 6, minor: 2, callable: -> { @product_type == VER_NT_WORKSTATION } },
'Windows Server 2012' => { major: 6, minor: 2, callable: -> { @product_type != VER_NT_WORKSTATION } },
'Windows 7' => { major: 6, minor: 1, callable: -> { @product_type == VER_NT_WORKSTATION } },
'Windows Server 2008 R2' => { major: 6, minor: 1, callable: -> { @product_type != VER_NT_WORKSTATION } },
'Windows Server 2008' => { major: 6, minor: 0, callable: -> { @product_type != VER_NT_WORKSTATION } },
'Windows Vista' => { major: 6, minor: 0, callable: -> { @product_type == VER_NT_WORKSTATION } },
'Windows Server 2003 R2' => { major: 5, minor: 2, callable: -> { Win32API.new('user32', 'GetSystemMetrics', 'I', 'I').call(SM_SERVERR2) != 0 } },
'Windows Home Server' => { major: 5, minor: 2, callable: -> { (@product_suite & VER_SUITE_WH_SERVER) == VER_SUITE_WH_SERVER } },
'Windows Server 2003' => { major: 5, minor: 2, callable: -> { Win32API.new('user32', 'GetSystemMetrics', 'I', 'I').call(SM_SERVERR2) == 0 } },
'Windows XP' => { major: 5, minor: 1 },
'Windows 2000' => { major: 5, minor: 0 },
}.freeze unless defined?(WIN_VERSIONS)
marketing_names = []
# General Windows checks
WIN_VERSIONS.each do |k, v|
method_name = "#{k.gsub(/\s/, '_').downcase}?"
define_method(method_name) do
(@major_version == v[:major]) &&
(@minor_version == v[:minor]) &&
(v[:callable] ? v[:callable].call : true)
end
marketing_names << [k, method_name]
end
define_method(:marketing_name) do
marketing_names.each do |mn|
break mn[0] if send(mn[1])
end
end
# Server Type checks
%w( core full datacenter ).each do |m|
define_method("server_#{m}?") do
if @sku
!(SKU[@sku][:name] =~ /#{m}/i).nil?
else
false
end
end
end
private
# Win32API call to GetSystemMetrics(SM_SERVERR2)
# returns: The build number if the system is Windows Server 2003 R2; otherwise, 0.
def sm_serverr2
@sm_serverr2 ||= Win32API.new('user32', 'GetSystemMetrics', 'I', 'I').call(SM_SERVERR2)
end
# query WMI Win32_OperatingSystem for required OS info
def get_os_info
cols = %w( Version ProductType OSProductSuite OperatingSystemSKU ServicePackMajorVersion ServicePackMinorVersion )
os_info = execute_wmi_query('select * from Win32_OperatingSystem').each.next
cols.map do |c|
begin
wmi_object_property(os_info, c)
rescue # OperatingSystemSKU doesn't exist in all versions of Windows
nil
end
end
end
end
end

79
cookbooks/windows/libraries/version_helper.rb
View File

@@ -1,79 +0,0 @@
#
# Cookbook:: windows
# Library:: version_helper
# Author:: Baptiste Courtois (<b.courtois@criteo.com>)
#
# Copyright:: 2015-2017, Criteo
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
module Windows
# Module based on windows ohai kernel.cs_info providing version helpers
module VersionHelper
# Module referencing CORE SKU contants from product type
# see. https://msdn.microsoft.com/windows/desktop/ms724358#PRODUCT_DATACENTER_SERVER_CORE
# n.b. Prefix - PRODUCT_ - and suffix - _CORE- have been removed
module CoreSKU
# Server Datacenter Core
DATACENTER_SERVER = 0x0C unless constants.include?(:DATACENTER_SERVER)
# Server Datacenter without Hyper-V Core
DATACENTER_SERVER_V = 0x27 unless constants.include?(:DATACENTER_SERVER_V)
# Server Enterprise Core
ENTERPRISE_SERVER = 0x0E unless constants.include?(:ENTERPRISE_SERVER)
# Server Enterprise without Hyper-V Core
ENTERPRISE_SERVER_V = 0x29 unless constants.include?(:ENTERPRISE_SERVER_V)
# Server Standard Core
STANDARD_SERVER = 0x0D unless constants.include?(:STANDARD_SERVER)
# Server Standard without Hyper-V Core
STANDARD_SERVER_V = 0x28 unless constants.include?(:STANDARD_SERVER_V)
end
# Module referencing product type contants
# see. https://msdn.microsoft.com/windows/desktop/ms724833#VER_NT_SERVER
# n.b. Prefix - VER_NT_ - has been removed
module ProductType
WORKSTATION = 0x1 unless constants.include?(:WORKSTATION)
DOMAIN_CONTROLLER = 0x2 unless constants.include?(:DOMAIN_CONTROLLER)
SERVER = 0x3 unless constants.include?(:SERVER)
end
# Determines whether current node is running a windows Core version
def self.core_version?(node)
validate_platform node
CoreSKU.constants.any? { |c| CoreSKU.const_get(c) == node['kernel']['os_info']['operating_system_sku'] }
end
# Determines whether current node is a workstation version
def self.workstation_version?(node)
validate_platform node
node['kernel']['os_info']['product_type'] == ProductType::WORKSTATION
end
# Determines whether current node is a server version
def self.server_version?(node)
!workstation_version?(node)
end
# Determines NT version of the current node
def self.nt_version(node)
validate_platform node
node['platform_version'].to_f
end
def self.validate_platform(node)
raise 'Windows helper are only supported on windows platform!' if node['platform'] != 'windows'
end
end
end

174
cookbooks/windows/libraries/windows_helper.rb
View File

@@ -1,174 +0,0 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Cookbook:: windows
# Library:: helper
#
# Copyright:: 2011-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'uri'
require 'Win32API' if Chef::Platform.windows?
require 'chef/exceptions'
module Windows
module Helper
AUTO_RUN_KEY = 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'.freeze unless defined?(AUTO_RUN_KEY)
ENV_KEY = 'HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment'.freeze unless defined?(ENV_KEY)
ExpandEnvironmentStrings = Win32API.new('kernel32', 'ExpandEnvironmentStrings', %w(P P L), 'L') if Chef::Platform.windows? && !defined?(ExpandEnvironmentStrings)
# returns windows friendly version of the provided path,
# ensures backslashes are used everywhere
def win_friendly_path(path)
path.gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR || '\\') if path
end
# account for Window's wacky File System Redirector
# http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx
# especially important for 32-bit processes (like Ruby) on a
# 64-bit instance of Windows.
def locate_sysnative_cmd(cmd)
if ::File.exist?("#{ENV['WINDIR']}\\sysnative\\#{cmd}")
"#{ENV['WINDIR']}\\sysnative\\#{cmd}"
elsif ::File.exist?("#{ENV['WINDIR']}\\system32\\#{cmd}")
"#{ENV['WINDIR']}\\system32\\#{cmd}"
else
cmd
end
end
# Create a feature provider dependent value object.
# mainly created becasue Windows Feature names are
# different based on whether dism.exe or servicemanagercmd.exe
# is used for installation
def value_for_feature_provider(provider_hash)
p = Chef::Platform.find_provider_for_node(node, :windows_feature)
key = p.to_s.downcase.split('::').last
provider_hash[key] || provider_hash[key.to_sym]
end
# singleton instance of the Windows Version checker
def win_version
@win_version ||= Windows::Version.new
end
# Helper function to properly parse a URI
def as_uri(source)
URI.parse(source)
rescue URI::InvalidURIError
Chef::Log.warn("#{source} was an invalid URI. Trying to escape invalid characters")
URI.parse(URI.escape(source))
end
# if a file is local it returns a windows friendly path version
# if a file is remote it caches it locally
def cached_file(source, checksum = nil, windows_path = true)
@installer_file_path ||= begin
if source =~ %r{^(file|ftp|http|https):\/\/}
uri = as_uri(source)
cache_file_path = "#{Chef::Config[:file_cache_path]}/#{::File.basename(::URI.unescape(uri.path))}"
Chef::Log.debug("Caching a copy of file #{source} at #{cache_file_path}")
remote_file cache_file_path do
source source
backup false
checksum checksum unless checksum.nil?
end.run_action(:create)
else
cache_file_path = source
end
windows_path ? win_friendly_path(cache_file_path) : cache_file_path
end
end
# Expands the environment variables
def expand_env_vars(path)
# We pick 32k because that is the largest it could be:
# http://msdn.microsoft.com/en-us/library/windows/desktop/ms724265%28v=vs.85%29.aspx
buf = 0.chr * 32 * 1024 # 32k
if ExpandEnvironmentStrings.call(path.dup, buf, buf.length) == 0
raise Chef::Exceptions::Win32APIError, 'Failed calling ExpandEnvironmentStrings (received 0)'
end
buf.strip
end
def is_package_installed?(package_name) # rubocop:disable Style/PredicateName
installed_packages.include?(package_name)
end
def installed_packages
@installed_packages || begin
installed_packages = {}
# Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE)) # rescue nil
# 64-bit registry view
# Computer\HKEY_LOCAL_MACHINE\Software\Wow6464Node\Microsoft\Windows\CurrentVersion\Uninstall
installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0100))) # rescue nil
# 32-bit registry view
# Computer\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_LOCAL_MACHINE, (::Win32::Registry::Constants::KEY_READ | 0x0200))) # rescue nil
# Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
installed_packages.merge!(extract_installed_packages_from_key(::Win32::Registry::HKEY_CURRENT_USER)) # rescue nil
installed_packages
end
end
# Returns an array
def to_array(var)
var = var.is_a?(Array) ? var : [var]
var.reject(&:nil?)
end
private
def extract_installed_packages_from_key(hkey = ::Win32::Registry::HKEY_LOCAL_MACHINE, desired = ::Win32::Registry::Constants::KEY_READ)
uninstall_subkey = 'Software\Microsoft\Windows\CurrentVersion\Uninstall'
packages = {}
begin
::Win32::Registry.open(hkey, uninstall_subkey, desired) do |reg|
reg.each_key do |key, _wtime|
begin
k = reg.open(key, desired)
display_name = begin
k['DisplayName']
rescue
nil
end
version = begin
k['DisplayVersion']
rescue
'NO VERSION'
end
uninstall_string = begin
k['UninstallString']
rescue
nil
end
if display_name
packages[display_name] = { name: display_name,
version: version,
uninstall_string: uninstall_string }
end
rescue ::Win32::Registry::Error
end
end
end
rescue ::Win32::Registry::Error
end
packages
end
end
end
Chef::Recipe.send(:include, Windows::Helper)

103
cookbooks/windows/libraries/windows_privileged.rb
View File

@@ -1,103 +0,0 @@
#
# Author:: Doug MacEachern <dougm@vmware.com>
# Author:: Paul Morton (<pmorton@biaprotect.com>)
# Cookbook:: windows
# Library:: windows_privileged
#
# Copyright:: 2010-2017, VMware, Inc.
# Copyright:: 2011-2017, Business Intelligence Associates, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# helpers for Windows API calls that require privilege adjustments
class Chef
class WindowsPrivileged
# File -> Load Hive... in regedit.exe
def reg_load_key(name, file)
load_deps
run(SE_BACKUP_NAME, SE_RESTORE_NAME) do
rc = RegLoadKey(HKEY_USERS, name.to_s, file)
if rc == ERROR_SUCCESS
return true
elsif rc == ERROR_SHARING_VIOLATION
return false
else
raise get_last_error(rc)
end
end
end
# File -> Unload Hive... in regedit.exe
def reg_unload_key(name)
load_deps
run(SE_BACKUP_NAME, SE_RESTORE_NAME) do
rc = RegUnLoadKey(HKEY_USERS, name.to_s)
raise get_last_error(rc) if rc != ERROR_SUCCESS
end
end
def run(*privileges)
load_deps
token = [0].pack('L')
unless OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, token)
raise get_last_error
end
token = token.unpack('L')[0]
privileges.each do |name|
unless adjust_privilege(token, name, SE_PRIVILEGE_ENABLED)
raise get_last_error
end
end
begin
yield
ensure # disable privs
privileges.each do |name|
adjust_privilege(token, name, 0)
end
end
end
def adjust_privilege(token, priv, attr = 0)
load_deps
luid = [0, 0].pack('Ll')
if LookupPrivilegeValue(nil, priv, luid)
new_state = [1, luid.unpack('Ll'), attr].flatten.pack('LLlL')
AdjustTokenPrivileges(token, 0, new_state, new_state.size, 0, 0)
end
end
private
def load_deps
if RUBY_PLATFORM =~ /mswin|mingw32|windows/
require 'windows/error'
require 'windows/registry'
require 'windows/process'
require 'windows/security'
include Windows::Error
include Windows::Registry
include Windows::Process
include Windows::Security
end
end
end
end

32
cookbooks/windows/libraries/wmi_helper.rb
View File

@@ -1,32 +0,0 @@
#
# Author:: Adam Edwards (<adamed@chef.io>)
#
# Copyright:: 2014-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
if RUBY_PLATFORM =~ /mswin|mingw32|windows/
require 'win32ole'
def execute_wmi_query(wmi_query)
wmi = ::WIN32OLE.connect('winmgmts://')
result = wmi.ExecQuery(wmi_query)
return nil unless result.each.count > 0
result
end
def wmi_object_property(wmi_object, wmi_property)
wmi_object.send(wmi_property)
end
end

1
cookbooks/windows/metadata.json
View File

File diff suppressed because one or more lines are too long

21
cookbooks/windows/recipes/default.rb
View File

@@ -1,21 +0,0 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Cookbook:: windows
# Recipe:: default
#
# Copyright:: 2011-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
Chef::Log.warn('The windows::default recipe has been deprecated. The gems previously installed in this recipe ship in the Chef MSI.')

46
cookbooks/windows/resources/auto_run.rb
View File

@@ -1,46 +0,0 @@
#
# Author:: Paul Morton (<pmorton@biaprotect.com>)
# Cookbook:: windows
# Resource:: auto_run
#
# Copyright:: 2011-2017, Business Intelligence Associates, Inc.
# Copyright:: 2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :program, String
property :name, String, name_property: true
property :args, String
action :create do
registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' do
values [{
name: new_resource.name,
type: :string,
data: "\"#{new_resource.program}\" #{new_resource.args}",
}]
action :create
end
end
action :remove do
registry_key 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run' do
values [{
name: new_resource.name,
type: :string,
data: '',
}]
action :delete
end
end

166
cookbooks/windows/resources/certificate.rb
View File

@@ -1,166 +0,0 @@
#
# Author:: Richard Lavey (richard.lavey@calastone.com)
# Cookbook:: windows
# Resource:: certificate
#
# Copyright:: 2015-2017, Calastone Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include Windows::Helper
property :source, String, name_property: true, required: true
property :pfx_password, String
property :private_key_acl, Array
property :store_name, String, default: 'MY', regex: /^(?:MY|CA|ROOT|TrustedPublisher|TRUSTEDPEOPLE)$/
property :user_store, [true, false], default: false
action :create do
hash = '$cert.GetCertHashString()'
code_script = cert_script(true) <<
within_store_script { |store| store + '.Add($cert)' } <<
acl_script(hash)
guard_script = cert_script(false) <<
cert_exists_script(hash)
converge_by("adding certificate #{new_resource.source} into #{new_resource.store_name} to #{cert_location}\\#{new_resource.store_name}") do
powershell_script new_resource.name do
guard_interpreter :powershell_script
convert_boolean_return true
code code_script
not_if guard_script
end
end
end
# acl_add is a modify-if-exists operation : not idempotent
action :acl_add do
if ::File.exist?(new_resource.source)
hash = '$cert.GetCertHashString()'
code_script = cert_script(false)
guard_script = cert_script(false)
else
# make sure we have no spaces in the hash string
hash = "\"#{new_resource.source.gsub(/\s/, '')}\""
code_script = ''
guard_script = ''
end
code_script << acl_script(hash)
guard_script << cert_exists_script(hash)
converge_by("setting the acls on #{new_resource.source} in #{cert_location}\\#{new_resource.store_name}") do
powershell_script new_resource.name do
guard_interpreter :powershell_script
convert_boolean_return true
code code_script
only_if guard_script
end
end
end
action :delete do
# do we have a hash or a subject?
# TODO: It's a bit annoying to know the thumbprint of a cert you want to remove when you already
# have the file. Support reading the hash directly from the file if provided.
search = if new_resource.source =~ /^[a-fA-F0-9]{40}$/
"Thumbprint -eq '#{new_resource.source}'"
else
"Subject -like '*#{new_resource.source.sub(/\*/, '`*')}*'" # escape any * in the source
end
cert_command = "Get-ChildItem Cert:\\#{cert_location}\\#{new_resource.store_name} | where { $_.#{search} }"
code_script = within_store_script do |store|
<<-EOH
foreach ($c in #{cert_command})
{
#{store}.Remove($c)
}
EOH
end
guard_script = "@(#{cert_command}).Count -gt 0\n"
converge_by("Removing certificate #{new_resource.source} from #{cert_location}\\#{new_resource.store_name}") do
powershell_script new_resource.name do
guard_interpreter :powershell_script
convert_boolean_return true
code code_script
only_if guard_script
end
end
end
action_class do
def cert_location
@location ||= new_resource.user_store ? 'CurrentUser' : 'LocalMachine'
end
def cert_script(persist)
cert_script = '$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2'
file = win_friendly_path(new_resource.source)
cert_script << " \"#{file}\""
if ::File.extname(file.downcase) == '.pfx'
cert_script << ", \"#{new_resource.pfx_password}\""
if persist && new_resource.user_store
cert_script << ', [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet'
elsif persist
cert_script << ', ([System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::PersistKeySet -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeyset)'
end
end
cert_script << "\n"
end
def cert_exists_script(hash)
<<-EOH
$hash = #{hash}
Test-Path "Cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash"
EOH
end
def within_store_script
inner_script = yield '$store'
<<-EOH
$store = New-Object System.Security.Cryptography.X509Certificates.X509Store "#{new_resource.store_name}", ([System.Security.Cryptography.X509Certificates.StoreLocation]::#{cert_location})
$store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
#{inner_script}
$store.Close()
EOH
end
def acl_script(hash)
return '' if new_resource.private_key_acl.nil? || new_resource.private_key_acl.empty?
# this PS came from http://blogs.technet.com/b/operationsguy/archive/2010/11/29/provide-access-to-private-keys-commandline-vs-powershell.aspx
# and from https://msdn.microsoft.com/en-us/library/windows/desktop/bb204778(v=vs.85).aspx
set_acl_script = <<-EOH
$hash = #{hash}
$storeCert = Get-ChildItem "cert:\\#{cert_location}\\#{new_resource.store_name}\\$hash"
if ($storeCert -eq $null) { throw 'no key exists.' }
$keyname = $storeCert.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName
if ($keyname -eq $null) { throw 'no private key exists.' }
if ($storeCert.PrivateKey.CspKeyContainerInfo.MachineKeyStore)
{
$fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\MachineKeys\\$keyname"
}
else
{
$currentUser = New-Object System.Security.Principal.NTAccount($Env:UserDomain, $Env:UserName)
$userSID = $currentUser.Translate([System.Security.Principal.SecurityIdentifier]).Value
$fullpath = "$Env:ProgramData\\Microsoft\\Crypto\\RSA\\$userSID\\$keyname"
}
EOH
new_resource.private_key_acl.each do |name|
set_acl_script << "$uname='#{name}'; icacls $fullpath /grant $uname`:RX\n"
end
set_acl_script
end
end

128
cookbooks/windows/resources/certificate_binding.rb
View File

@@ -1,128 +0,0 @@
#
# Author:: Richard Lavey (richard.lavey@calastone.com)
# Cookbook:: windows
# Resource:: certificate_binding
#
# Copyright:: 2015-2017, Calastone Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include Chef::Mixin::ShellOut
include Chef::Mixin::PowershellOut
include Windows::Helper
property :cert_name, String, name_property: true, required: true
property :name_kind, Symbol, equal_to: [:hash, :subject], default: :subject
property :address, String, default: '0.0.0.0'
property :port, Integer, default: 443
property :app_id, String, default: '{4dc3e181-e14b-4a21-b022-59fc669b0914}'
property :store_name, String, default: 'MY', regex: /^(?:MY|CA|ROOT)$/
property :exists, [true, false], desired_state: true
load_current_value do |desired|
cmd = shell_out("#{locate_sysnative_cmd('netsh.exe')} http show sslcert ipport=#{desired.address}:#{desired.port}")
Chef::Log.debug "netsh reports: #{cmd.stdout}"
address desired.address
port desired.port
store_name desired.store_name
app_id desired.app_id
if cmd.exitstatus == 0
m = cmd.stdout.scan(/Certificate Hash\s+:\s?([A-Fa-f0-9]{40})/)
raise "Failed to extract hash from command output #{cmd.stdout}" if m.empty?
cert_name m[0][0]
name_kind :hash
exists true
else
exists false
end
end
action :create do
hash = new_resource.name_kind == :subject ? hash_from_subject : new_resource.cert_name
if current_resource.exists
needs_change = (hash.casecmp(current_resource.cert_name) != 0)
if needs_change
converge_by("Changing #{current_resource.address}:#{current_resource.port}") do
delete_binding
add_binding hash
end
else
Chef::Log.debug("#{new_resource.address}:#{new_resource.port} already bound to #{hash} - nothing to do")
end
else
converge_by("Binding #{new_resource.address}:#{new_resource.port}") do
add_binding hash
end
end
end
action :delete do
if current_resource.exists
converge_by("Deleting #{current_resource.address}:#{current_resource.port}") do
delete_binding
end
else
Chef::Log.debug("#{current_resource.address}:#{current_resource.port} not bound - nothing to do")
end
end
action_class do
def netsh_command
locate_sysnative_cmd('netsh.exe')
end
def add_binding(hash)
cmd = "#{netsh_command} http add sslcert"
cmd << " ipport=#{current_resource.address}:#{current_resource.port}"
cmd << " certhash=#{hash}"
cmd << " appid=#{current_resource.app_id}"
cmd << " certstorename=#{current_resource.store_name}"
check_hash hash
shell_out!(cmd)
end
def delete_binding
shell_out!("#{netsh_command} http delete sslcert ipport=#{current_resource.address}:#{current_resource.port}")
end
def check_hash(hash)
p = powershell_out!("Test-Path \"cert:\\LocalMachine\\#{current_resource.store_name}\\#{hash}\"")
unless p.stderr.empty? && p.stdout =~ /True/i
raise "A Cert with hash of #{hash} doesn't exist in keystore LocalMachine\\#{current_resource.store_name}"
end
nil
end
def hash_from_subject
# escape wildcard subject name (*.acme.com)
subject = new_resource.cert_name.sub(/\*/, '`*')
ps_script = "& { gci cert:\\localmachine\\#{new_resource.store_name} | where { $_.subject -like '*#{subject}*' } | select -first 1 -expandproperty Thumbprint }"
Chef::Log.debug "Running PS script #{ps_script}"
p = powershell_out!(ps_script)
raise "#{ps_script} failed with #{p.stderr}" if !p.stderr.nil? && !p.stderr.empty?
raise "Couldn't find thumbprint for subject #{new_resource.cert_name}" if p.stdout.nil? || p.stdout.empty?
# seem to get a UTF-8 string with BOM returned sometimes! Strip any such BOM
hash = p.stdout.strip
hash[0].ord == 239 ? hash.force_encoding('UTF-8').delete!("\xEF\xBB\xBF".force_encoding('UTF-8')) : hash
end
end

82
cookbooks/windows/resources/feature.rb
View File

@@ -1,82 +0,0 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Cookbook:: windows
# Resource:: feature
#
# Copyright:: 2011-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :feature_name, [Array, String], name_property: true
property :source, String
property :all, [true, false], default: false
property :install_method, Symbol, equal_to: [:windows_feature_dism, :windows_feature_powershell, :windows_feature_servermanagercmd]
include Windows::Helper
def whyrun_supported?
true
end
action :install do
run_default_provider :install
end
action :remove do
run_default_provider :remove
end
action :delete do
run_default_provider :delete
end
action_class do
def locate_default_provider
if new_resource.install_method
new_resource.install_method
elsif ::File.exist?(locate_sysnative_cmd('dism.exe'))
:windows_feature_dism
elsif ::File.exist?(locate_sysnative_cmd('servermanagercmd.exe'))
:windows_feature_servermanagercmd
else
:windows_feature_powershell
end
end
def run_default_provider(desired_action)
case locate_default_provider
when :windows_feature_dism
windows_feature_dism new_resource.name do
action desired_action
feature_name new_resource.feature_name
source new_resource.source if new_resource.source
all new_resource.all
end
when :windows_feature_servermanagercmd
windows_feature_servermanagercmd new_resource.name do
action desired_action
feature_name new_resource.feature_name
source new_resource.source if new_resource.source
all new_resource.all
end
when :windows_feature_powershell
windows_feature_powershell new_resource.name do
action desired_action
feature_name new_resource.feature_name
source new_resource.source if new_resource.source
all new_resource.all
end
end
end
end

108
cookbooks/windows/resources/feature_dism.rb
View File

@@ -1,108 +0,0 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Cookbook:: windows
# Provider:: feature_dism
#
# Copyright:: 2011-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :feature_name, [Array, String], name_property: true
property :source, String
property :all, [true, false], default: false
include Chef::Mixin::ShellOut
include Windows::Helper
action :install do
Chef::Log.warn("Requested feature #{new_resource.feature_name} is not available on this system.") unless available?
unless !available? || installed?
converge_by("install Windows feature #{new_resource.feature_name}") do
addsource = new_resource.source ? "/LimitAccess /Source:\"#{new_resource.source}\"" : ''
addall = new_resource.all ? '/All' : ''
shell_out!("#{dism} /online /enable-feature #{to_array(new_resource.feature_name).map { |feature| "/featurename:#{feature}" }.join(' ')} /norestart #{addsource} #{addall}", returns: [0, 42, 127, 3010])
# Reload ohai data
reload_ohai_features_plugin(new_resource.action, new_resource.feature_name)
end
end
end
action :remove do
if installed?
converge_by("removing Windows feature #{new_resource.feature_name}") do
shell_out!("#{dism} /online /disable-feature #{to_array(new_resource.feature_name).map { |feature| "/featurename:#{feature}" }.join(' ')} /norestart", returns: [0, 42, 127, 3010])
# Reload ohai data
reload_ohai_features_plugin(new_resource.action, new_resource.feature_name)
end
end
end
action :delete do
raise Chef::Exceptions::UnsupportedAction, "#{self} :delete action not support on #{win_version.sku}" unless supports_feature_delete?
if available?
converge_by("deleting Windows feature #{new_resource.feature_name} from the image") do
shell_out!("#{dism} /online /disable-feature #{to_array(new_resource.feature_name).map { |feature| "/featurename:#{feature}" }.join(' ')} /Remove /norestart", returns: [0, 42, 127, 3010])
# Reload ohai data
reload_ohai_features_plugin(new_resource.action, new_resource.feature_name)
end
end
end
action_class do
def installed?
@installed ||= begin
install_ohai_plugin unless node['dism_features']
# Compare against ohai plugin instead of costly dism run
node['dism_features'].key?(new_resource.feature_name) && node['dism_features'][new_resource.feature_name] =~ /Enable/
end
end
def available?
@available ||= begin
install_ohai_plugin unless node['dism_features']
# Compare against ohai plugin instead of costly dism run
node['dism_features'].key?(new_resource.feature_name) && node['dism_features'][new_resource.feature_name] !~ /with payload removed/
end
end
def reload_ohai_features_plugin(take_action, feature_name)
ohai "Reloading Dism_Features Plugin - Action #{take_action} of feature #{feature_name}" do
action :reload
plugin 'dism_features'
end
end
def install_ohai_plugin
Chef::Log.info("node['dism_features'] data missing. Installing the dism_features Ohai plugin")
ohai_plugin 'dism_features' do
compile_time true
cookbook 'windows'
end
end
def supports_feature_delete?
win_version.major_version >= 6 && win_version.minor_version >= 2
end
# account for File System Redirector
# http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx
def dism
@dism ||= begin
locate_sysnative_cmd('dism.exe')
end
end
end

70
cookbooks/windows/resources/feature_powershell.rb
View File

@@ -1,70 +0,0 @@
#
# Author:: Greg Zapp (<greg.zapp@gmail.com>)
# Cookbook:: windows
# Provider:: feature_powershell
#
property :feature_name, [Array, String], name_attribute: true
property :source, String
property :all, [true, false], default: false
include Chef::Mixin::PowershellOut
include Windows::Helper
action :remove do
if installed?
converge_by("remove Windows feature #{new_resource.feature_name}") do
cmd = powershell_out!("#{remove_feature_cmdlet} #{to_array(new_resource.feature_name).join(',')}")
Chef::Log.info(cmd.stdout)
end
end
end
action :delete do
if available?
converge_by("delete Windows feature #{new_resource.feature_name} from the image") do
cmd = powershell_out!("Uninstall-WindowsFeature #{to_array(new_resource.feature_name).join(',')} -Remove")
Chef::Log.info(cmd.stdout)
end
end
end
action_class do
def install_feature_cmdlet
node['os_version'].to_f < 6.2 ? 'Import-Module ServerManager; Add-WindowsFeature' : 'Install-WindowsFeature'
end
def remove_feature_cmdlet
node['os_version'].to_f < 6.2 ? 'Import-Module ServerManager; Remove-WindowsFeature' : 'Uninstall-WindowsFeature'
end
def installed?
@installed ||= begin
cmd = powershell_out("(Get-WindowsFeature #{to_array(new_resource.feature_name).join(',')} | ?{$_.InstallState -ne \'Installed\'}).count")
cmd.stderr.empty? && cmd.stdout.chomp.to_i == 0
end
end
def available?
@available ||= begin
cmd = powershell_out("(Get-WindowsFeature #{to_array(new_resource.feature_name).join(',')} | ?{$_.InstallState -ne \'Removed\'}).count")
cmd.stderr.empty? && cmd.stdout.chomp.to_i > 0
end
end
end
action :install do
Chef::Log.warn("Requested feature #{new_resource.feature_name} is not available on this system.") unless available?
unless !available? || installed?
converge_by("install Windows feature #{new_resource.feature_name}") do
addsource = new_resource.source ? "-Source \"#{new_resource.source}\"" : ''
addall = new_resource.all ? '-IncludeAllSubFeature' : ''
cmd = if node['os_version'].to_f < 6.2
powershell_out!("#{install_feature_cmdlet} #{to_array(new_resource.feature_name).join(',')} #{addall}")
else
powershell_out!("#{install_feature_cmdlet} #{to_array(new_resource.feature_name).join(',')} #{addsource} #{addall}")
end
Chef::Log.info(cmd.stdout)
end
end
end

76
cookbooks/windows/resources/feature_servermanagercmd.rb
View File

@@ -1,76 +0,0 @@
#
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Cookbook:: windows
# Provider:: feature_servermanagercmd
#
# Copyright:: 2011-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :feature_name, [Array, String], name_attribute: true
property :source, String
property :all, [true, false], default: false
include Chef::Mixin::ShellOut
include Windows::Helper
action :install do
unless installed?
converge_by("install Windows feature #{new_resource.feature_name}") do
check_reboot(shell_out("#{servermanagercmd} -install #{to_array(new_resource.feature_name).join(' ')}", returns: [0, 42, 127, 1003, 3010]), new_resource.feature_name)
end
end
end
action :remove do
if installed?
converge_by("removing Windows feature #{new_resource.feature_name}") do
check_reboot(shell_out("#{servermanagercmd} -remove #{to_array(new_resource.feature_name).join(' ')}", returns: [0, 42, 127, 1003, 3010]), new_resource.feature_name)
end
end
end
action :delete do
Chef::Log.warn('servermanagercmd does not support removing a feature from the image.')
end
# Exit codes are listed at http://technet.microsoft.com/en-us/library/cc749128(v=ws.10).aspx
action_class do
def check_reboot(result, feature)
if result.exitstatus == 3010 # successful, but needs reboot
node.run_state['reboot_requested'] = true
Chef::Log.warn("Require reboot to install #{feature}")
elsif result.exitstatus == 1001 # failure, but needs reboot before we can do anything else
node.run_state['reboot_requested'] = true
Chef::Log.warn("Failed installing #{feature} and need to reboot")
end
result.error! # throw for any other bad results. The above results will also get raised, and should cause a reboot via the handler.
end
def installed?
@installed ||= begin
cmd = shell_out("#{servermanagercmd} -query", returns: [0, 42, 127, 1003])
cmd.stderr.empty? && (cmd.stdout =~ /^\s*?\[X\]\s.+?\s\[#{new_resource.feature_name}\]\s*$/i)
end
end
# account for File System Redirector
# http://msdn.microsoft.com/en-us/library/aa384187(v=vs.85).aspx
def servermanagercmd
@servermanagercmd ||= begin
locate_sysnative_cmd('servermanagercmd.exe')
end
end
end

80
cookbooks/windows/resources/font.rb
View File

@@ -1,80 +0,0 @@
#
# Author:: Sander Botman <sbotman@schubergphilis.com>
# Cookbook:: windows
# Resource:: font
#
# Copyright:: 2014-2017, Schuberg Philis BV.
# Copyright:: 2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :name, String, name_property: true
property :source, String, required: false
include Windows::Helper
action :install do
if font_exists?
Chef::Log.debug("Not installing font: #{new_resource.name}, font already installed.")
else
retrieve_cookbook_font
install_font
del_cookbook_font
end
end
action_class do
def retrieve_cookbook_font
font_file = new_resource.name
if new_resource.source
remote_file font_file do
action :nothing
source "file://#{new_resource.source}"
path win_friendly_path(::File.join(ENV['TEMP'], font_file))
end.run_action(:create)
else
cookbook_file font_file do
action :nothing
cookbook cookbook_name.to_s unless cookbook_name.nil?
path win_friendly_path(::File.join(ENV['TEMP'], font_file))
end.run_action(:create)
end
end
def del_cookbook_font
file ::File.join(ENV['TEMP'], new_resource.name) do
action :delete
end
end
def install_font
require 'win32ole' if RUBY_PLATFORM =~ /mswin|mingw32|windows/
fonts_dir = WIN32OLE.new('WScript.Shell').SpecialFolders('Fonts')
folder = WIN32OLE.new('Shell.Application').Namespace(fonts_dir)
converge_by("install font #{new_resource.name}") do
folder.CopyHere(win_friendly_path(::File.join(ENV['TEMP'], new_resource.name)))
end
end
# Check to see if the font is installed
#
# === Returns
# <true>:: If the font is installed
# <false>:: If the font is not instaled
def font_exists?
require 'win32ole' if RUBY_PLATFORM =~ /mswin|mingw32|windows/
fonts_dir = WIN32OLE.new('WScript.Shell').SpecialFolders('Fonts')
::File.exist?(win_friendly_path(::File.join(fonts_dir, new_resource.name)))
end
end

110
cookbooks/windows/resources/http_acl.rb
View File

@@ -1,110 +0,0 @@
#
# Author:: Richard Lavey (richard.lavey@calastone.com)
# Cookbook:: windows
# Resource:: http_acl
#
# Copyright:: 2015-2017, Calastone Ltd.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
include Chef::Mixin::ShellOut
include Windows::Helper
property :url, String, name_property: true, required: true
property :user, String
property :sddl, String
property :exists, [true, false], desired_state: true
# See https://msdn.microsoft.com/en-us/library/windows/desktop/cc307236%28v=vs.85%29.aspx for netsh info
load_current_value do |desired|
cmd_out = shell_out!("#{locate_sysnative_cmd('netsh.exe')} http show urlacl url=#{desired.url}").stdout
Chef::Log.debug "netsh reports: #{cmd_out}"
if cmd_out.include? desired.url
exists true
url desired.url
# Checks first for sddl, because it generates user(s)
sddl_match = cmd_out.match(/SDDL:\s*(?<sddl>.+)/)
if sddl_match
sddl sddl_match['sddl']
else
# if no sddl, tries to find a single user
user_match = cmd_out.match(/User:\s*(?<user>.+)/)
user user_match['user']
end
else
exists false
end
end
action :create do
raise '`user` xor `sddl` can\'t be used together' if new_resource.user && new_resource.sddl
raise 'When provided user property can\'t be empty' if new_resource.user && new_resource.user.empty?
raise 'When provided sddl property can\'t be empty' if new_resource.sddl && new_resource.sddl.empty?
if current_resource.exists
sddl_changed = (
new_resource.sddl &&
current_resource.sddl &&
current_resource.sddl.casecmp(new_resource.sddl) != 0
)
user_changed = (
new_resource.user &&
current_resource.user &&
current_resource.user.casecmp(new_resource.user) != 0
)
if sddl_changed || user_changed
converge_by("Changing #{new_resource.url}") do
delete_acl
apply_acl
end
else
Chef::Log.debug("#{new_resource.url} already set - nothing to do")
end
else
converge_by("Setting #{new_resource.url}") do
apply_acl
end
end
end
action :delete do
if current_resource.exists
converge_by("Deleting #{new_resource.url}") do
delete_acl
end
else
Chef::Log.debug("#{new_resource.url} does not exist - nothing to do")
end
end
action_class do
def netsh_command
locate_sysnative_cmd('netsh.exe')
end
def apply_acl
if current_resource.sddl
shell_out!("#{netsh_command} http add urlacl url=#{new_resource.url} sddl=\"#{new_resource.sddl}\"")
else
shell_out!("#{netsh_command} http add urlacl url=#{new_resource.url} user=\"#{new_resource.user}\"")
end
end
def delete_acl
shell_out!("#{netsh_command} http delete urlacl url=#{new_resource.url}")
end
end

156
cookbooks/windows/resources/pagefile.rb
View File

@@ -1,156 +0,0 @@
#
# Author:: Kevin Moser (<kevin.moser@nordstrom.com>)
# Cookbook:: windows
# Resource:: pagefile
#
# Copyright:: 2012-2017, Nordstrom, Inc.
# Copyright:: 2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :name, String, name_property: true
property :system_managed, [true, false]
property :automatic_managed, [true, false], default: false
property :initial_size, Integer
property :maximum_size, Integer
include Chef::Mixin::ShellOut
include Windows::Helper
action :set do
pagefile = new_resource.name
initial_size = new_resource.initial_size
maximum_size = new_resource.maximum_size
system_managed = new_resource.system_managed
automatic_managed = new_resource.automatic_managed
if automatic_managed
set_automatic_managed unless automatic_managed?
else
unset_automatic_managed if automatic_managed?
# Check that the resource is not just trying to unset automatic managed, if it is do nothing more
if (initial_size && maximum_size) || system_managed
validate_name
create(pagefile) unless exists?(pagefile)
if system_managed
set_system_managed(pagefile) unless max_and_min_set?(pagefile, 0, 0)
else
unless max_and_min_set?(pagefile, initial_size, maximum_size)
set_custom_size(pagefile, initial_size, maximum_size)
end
end
end
end
end
action :delete do
validate_name
pagefile = new_resource.name
delete(pagefile) if exists?(pagefile)
end
action_class do
def validate_name
return if /^.:.*.sys/ =~ new_resource.name
raise "#{new_resource.name} does not match the format DRIVE:\\path\\file.sys for pagefiles. Example: C:\\pagefile.sys"
end
def exists?(pagefile)
@exists ||= begin
Chef::Log.debug("Checking if #{pagefile} exists by runing: #{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list")
cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list", returns: [0])
cmd.stderr.empty? && (cmd.stdout =~ /SettingID=#{get_setting_id(pagefile)}/i)
end
end
def max_and_min_set?(pagefile, min, max)
@max_and_min_set ||= begin
Chef::Log.debug("Checking if #{pagefile} min: #{min} and max #{max} are set")
cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" list /format:list", returns: [0])
cmd.stderr.empty? && (cmd.stdout =~ /InitialSize=#{min}/i) && (cmd.stdout =~ /MaximumSize=#{max}/i)
end
end
def create(pagefile)
converge_by("create pagefile #{pagefile}") do
Chef::Log.debug("Running #{wmic} pagefileset create name=\"#{win_friendly_path(pagefile)}\"")
cmd = shell_out("#{wmic} pagefileset create name=\"#{win_friendly_path(pagefile)}\"")
check_for_errors(cmd.stderr)
end
end
def delete(pagefile)
converge_by("remove pagefile #{pagefile}") do
Chef::Log.debug("Running #{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" delete")
cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" delete")
check_for_errors(cmd.stderr)
end
end
def automatic_managed?
@automatic_managed ||= begin
Chef::Log.debug('Checking if pagefiles are automatically managed')
cmd = shell_out("#{wmic} computersystem where name=\"%computername%\" get AutomaticManagedPagefile /format:list")
cmd.stderr.empty? && (cmd.stdout =~ /AutomaticManagedPagefile=TRUE/i)
end
end
def set_automatic_managed
converge_by('set pagefile to Automatic Managed') do
Chef::Log.debug("Running #{wmic} computersystem where name=\"%computername%\" set AutomaticManagedPagefile=True")
cmd = shell_out("#{wmic} computersystem where name=\"%computername%\" set AutomaticManagedPagefile=True")
check_for_errors(cmd.stderr)
end
end
def unset_automatic_managed
converge_by('set pagefile to User Managed') do
Chef::Log.debug("Running #{wmic} computersystem where name=\"%computername%\" set AutomaticManagedPagefile=False")
cmd = shell_out("#{wmic} computersystem where name=\"%computername%\" set AutomaticManagedPagefile=False")
check_for_errors(cmd.stderr)
end
end
def set_custom_size(pagefile, min, max)
converge_by("set #{pagefile} to InitialSize=#{min} & MaximumSize=#{max}") do
Chef::Log.debug("Running #{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=#{min},MaximumSize=#{max}")
cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=#{min},MaximumSize=#{max}", returns: [0])
check_for_errors(cmd.stderr)
end
end
def set_system_managed(pagefile) # rubocop: disable Style/AccessorMethodName
converge_by("set #{pagefile} to System Managed") do
Chef::Log.debug("Running #{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=0,MaximumSize=0")
cmd = shell_out("#{wmic} pagefileset where SettingID=\"#{get_setting_id(pagefile)}\" set InitialSize=0,MaximumSize=0", returns: [0])
check_for_errors(cmd.stderr)
end
end
def get_setting_id(pagefile)
pagefile = win_friendly_path(pagefile)
pagefile = pagefile.split('\\')
"#{pagefile[1]} @ #{pagefile[0]}"
end
def check_for_errors(stderr)
raise stderr.chomp unless stderr.empty?
end
def wmic
@wmic ||= locate_sysnative_cmd('wmic.exe')
end
end

54
cookbooks/windows/resources/path.rb
View File

@@ -1,54 +0,0 @@
#
# Author:: Paul Morton (<pmorton@biaprotect.com>)
# Cookbook:: windows
# Resource:: path
#
# Copyright:: 2011-2017, Business Intelligence Associates, Inc
# Copyright:: 2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :path, String, name_property: true
include Windows::Helper
action :add do
env 'path' do
action :modify
delim ::File::PATH_SEPARATOR
value new_resource.path.tr('/', '\\')
notifies :run, "ruby_block[fix ruby ENV['PATH']]", :immediately
end
# The windows Env provider does not correctly expand variables in
# the PATH environment variable. Ruby expects these to be expanded.
# This is a temporary fix for that.
#
# Follow at https://github.com/chef/chef/pull/1876
#
ruby_block "fix ruby ENV['PATH']" do
block do
ENV['PATH'] = expand_env_vars(ENV['PATH'])
end
action :nothing
end
end
action :remove do
env 'path' do
action :delete
delim ::File::PATH_SEPARATOR
value new_resource.path.tr('/', '\\')
end
end

103
cookbooks/windows/resources/printer.rb
View File

@@ -1,103 +0,0 @@
#
# Author:: Doug Ireton (<doug.ireton@nordstrom.com>)
# Cookbook:: windows
# Resource:: printer
#
# Copyright:: 2012-2017, Nordstrom, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# See here for more info:
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa394492(v=vs.85).aspx
require 'resolv'
property :device_id, String, name_property: true, required: true
property :comment, String
property :default, [true, false], default: false
property :driver_name, String, required: true
property :location, String
property :shared, [true, false], default: false
property :share_name, String
property :ipv4_address, String, regex: Resolv::IPv4::Regex
property :exists, [true, false], desired_state: true
PRINTERS_REG_KEY = 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\\'.freeze unless defined?(PRINTERS_REG_KEY)
def printer_exists?(name)
printer_reg_key = PRINTERS_REG_KEY + name
Chef::Log.debug "Checking to see if this reg key exists: '#{printer_reg_key}'"
Registry.key_exists?(printer_reg_key)
end
load_current_value do |desired|
name desired.name
exists printer_exists?(desired.name)
# TODO: Set @current_resource printer properties from registry
end
action :create do
if @current_resource.exists
Chef::Log.info "#{@new_resource} already exists - nothing to do."
else
converge_by("Create #{@new_resource}") do
create_printer
end
end
end
action :delete do
if @current_resource.exists
converge_by("Delete #{@new_resource}") do
delete_printer
end
else
Chef::Log.info "#{@current_resource} doesn't exist - can't delete."
end
end
action_class do
def create_printer
# Create the printer port first
windows_printer_port new_resource.ipv4_address do
end
port_name = "IP_#{new_resource.ipv4_address}"
powershell_script "Creating printer: #{new_resource.name}" do
code <<-EOH
Set-WmiInstance -class Win32_Printer `
-EnableAllPrivileges `
-Argument @{ DeviceID = "#{new_resource.device_id}";
Comment = "#{new_resource.comment}";
Default = "$#{new_resource.default}";
DriverName = "#{new_resource.driver_name}";
Location = "#{new_resource.location}";
PortName = "#{port_name}";
Shared = "$#{new_resource.shared}";
ShareName = "#{new_resource.share_name}";
}
EOH
end
end
def delete_printer
powershell_script "Deleting printer: #{new_resource.name}" do
code <<-EOH
$printer = Get-WMIObject -class Win32_Printer -EnableAllPrivileges -Filter "name = '#{new_resource.name}'"
$printer.Delete()
EOH
end
end
end

101
cookbooks/windows/resources/printer_port.rb
View File

@@ -1,101 +0,0 @@
#
# Author:: Doug Ireton (<doug.ireton@nordstrom.com>)
# Cookbook:: windows
# Resource:: printer_port
#
# Copyright:: 2012-2017, Nordstrom, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# See here for more info:
# http://msdn.microsoft.com/en-us/library/windows/desktop/aa394492(v=vs.85).aspx
require 'resolv'
property :ipv4_address, String, name_attribute: true, required: true, regex: Resolv::IPv4::Regex
property :port_name, String
property :port_number, Integer, default: 9100
property :port_description, String
property :snmp_enabled, [true, false], default: false
property :port_protocol, Integer, default: 1, equal_to: [1, 2]
property :exists, [true, false], desired_state: true
PORTS_REG_KEY = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Standard TCP/IP Port\Ports\\'.freeze unless defined?(PORTS_REG_KEY)
def port_exists?(name)
port_reg_key = PORTS_REG_KEY + name
Chef::Log.debug "Checking to see if this reg key exists: '#{port_reg_key}'"
Registry.key_exists?(port_reg_key)
end
load_current_value do |desired|
name desired.name
ipv4_address desired.ipv4_address
port_name desired.port_name || "IP_#{@new_resource.ipv4_address}"
exists port_exists?(desired.port_name)
# TODO: Set @current_resource port properties from registry
end
action :create do
if current_resource.exists
Chef::Log.info "#{@new_resource} already exists - nothing to do."
else
converge_by("Create #{@new_resource}") do
create_printer_port
end
end
end
action :delete do
if current_resource.exists
converge_by("Delete #{@new_resource}") do
delete_printer_port
end
else
Chef::Log.info "#{@current_resource} doesn't exist - can't delete."
end
end
action_class do
def create_printer_port
port_name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
# create the printer port using PowerShell
powershell_script "Creating printer port #{new_resource.port_name}" do
code <<-EOH
Set-WmiInstance -class Win32_TCPIPPrinterPort `
-EnableAllPrivileges `
-Argument @{ HostAddress = "#{new_resource.ipv4_address}";
Name = "#{port_name}";
Description = "#{new_resource.port_description}";
PortNumber = "#{new_resource.port_number}";
Protocol = "#{new_resource.port_protocol}";
SNMPEnabled = "$#{new_resource.snmp_enabled}";
}
EOH
end
end
def delete_printer_port
port_name = new_resource.port_name || "IP_#{new_resource.ipv4_address}"
powershell_script "Deleting printer port: #{new_resource.port_name}" do
code <<-EOH
$port = Get-WMIObject -class Win32_TCPIPPrinterPort -EnableAllPrivileges -Filter "name = '#{port_name}'"
$port.Delete()
EOH
end
end
end

289
cookbooks/windows/resources/share.rb
View File

@@ -1,289 +0,0 @@
# -*- coding: utf-8 -*-
#
# Author:: Sölvi Páll Ásgeirsson (<solvip@gmail.com>), Richard Lavey (richard.lavey@calastone.com)
# Cookbook:: windows
# Resource:: share
#
# Copyright:: 2014-2017, Sölvi Páll Ásgeirsson.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :share_name, String, name_property: true
property :path, String, required: true
property :description, String, default: ''
property :full_users, Array, default: []
property :change_users, Array, default: []
property :read_users, Array, default: []
include Windows::Helper
include Chef::Mixin::PowershellOut
require 'win32ole' if RUBY_PLATFORM =~ /mswin|mingw32|windows/
ACCESS_FULL = 2_032_127
ACCESS_CHANGE = 1_245_631
ACCESS_READ = 1_179_817
action :create do
if different_path?
unless current_resource.path.nil? || current_resource.path.empty?
converge_by('Removing previous share') do
delete_share
end
end
converge_by("Creating share #{current_resource.share_name}") do
create_share
end
end
if different_members?(:full_users) ||
different_members?(:change_users) ||
different_members?(:read_users) ||
different_description?
converge_by("Setting permissions and description for #{new_resource.share_name}") do
set_share_permissions
end
end
end
action :delete do
if !current_resource.path.nil? && !current_resource.path.empty?
converge_by("Deleting #{current_resource.share_name}") do
delete_share
end
else
Chef::Log.debug("#{current_resource.share_name} does not exist - nothing to do")
end
end
load_current_value do |desired|
wmi = WIN32OLE.connect('winmgmts://')
shares = wmi.ExecQuery("SELECT * FROM Win32_Share WHERE name = '#{desired.share_name}'")
existing_share = shares.Count == 0 ? nil : shares.ItemIndex(0)
description ''
unless existing_share.nil?
path existing_share.Path
description existing_share.Description
end
perms = share_permissions name
unless perms.nil?
full_users perms[:full_users]
change_users perms[:change_users]
read_users perms[:read_users]
end
end
def share_permissions(name)
wmi = WIN32OLE.connect('winmgmts://')
shares = wmi.ExecQuery("SELECT * FROM Win32_LogicalShareSecuritySetting WHERE name = '#{name}'")
# The security descriptor is an output parameter
sd = nil
begin
shares.ItemIndex(0).GetSecurityDescriptor(sd)
sd = WIN32OLE::ARGV[0]
rescue WIN32OLERuntimeError
Chef::Log.warn('Failed to retrieve any security information about the share.')
end
read = []
change = []
full = []
unless sd.nil?
sd.DACL.each do |dacl|
trustee = "#{dacl.Trustee.Domain}\\#{dacl.Trustee.Name}".downcase
case dacl.AccessMask
when ACCESS_FULL
full.push(trustee)
when ACCESS_CHANGE
change.push(trustee)
when ACCESS_READ
read.push(trustee)
else
Chef::Log.warn "Unknown access mask #{dacl.AccessMask} for user #{trustee}. This will be lost if permissions are updated"
end
end
end
{
full_users: full,
change_users: change,
read_users: read,
}
end
action_class do
def description_exists?(resource)
!resource.description.nil?
end
def different_description?
if description_exists?(new_resource) && description_exists?(current_resource)
new_resource.description.casecmp(current_resource.description) != 0
else
description_exists?(new_resource) || description_exists?(current_resource)
end
end
def different_path?
return true if current_resource.path.nil?
win_friendly_path(new_resource.path).casecmp(win_friendly_path(current_resource.path)) != 0
end
def different_members?(permission_type)
!(current_resource.send(permission_type.to_sym) - new_resource.send(permission_type.to_sym).map(&:downcase)).empty? &&
!(new_resource.send(permission_type.to_sym).map(&:downcase) - current_resource.send(permission_type.to_sym)).empty?
end
def find_share_by_name(name)
wmi = WIN32OLE.connect('winmgmts://')
shares = wmi.ExecQuery("SELECT * FROM Win32_Share WHERE name = '#{name}'")
shares.Count == 0 ? nil : shares.ItemIndex(0)
end
def delete_share
find_share_by_name(new_resource.share_name).delete
end
def create_share
raise "#{new_resource.path} is missing or not a directory" unless ::File.directory? new_resource.path
new_share_script = <<-EOH
$share = [wmiclass]"\\\\#{ENV['COMPUTERNAME']}\\root\\CimV2:Win32_Share"
$result=$share.Create('#{new_resource.path}',
'#{new_resource.share_name}',
0,
16777216,
'#{new_resource.description}',
$null,
$null)
exit $result.returnValue
EOH
r = powershell_out new_share_script
message = case r.exitstatus
when 2
'2 : Access Denied'
when 8
'8 : Unknown Failure'
when 9
'9 : Invalid Name'
when 10
'10 : Invalid Level'
when 21
'21 : Invalid Parameter'
when 22
'22 : Duplicate Share'
when 23
'23 : Redirected Path'
when 24
'24 : Unknown Device or Directory'
when 25
'25 : Net Name Not Found'
else
r.exitstatus.to_s
end
raise "Could not create share. Win32_Share.create returned #{message}" if r.error?
end
# set_share_permissions - Enforce the share permissions as dictated by the resource attributes
def set_share_permissions
share_permissions_script = <<-EOH
Function New-SecurityDescriptor
{
param (
[array]$ACEs
)
#Create SeCDesc object
$SecDesc = ([WMIClass] "\\\\$env:ComputerName\\root\\cimv2:Win32_SecurityDescriptor").CreateInstance()
foreach ($ACE in $ACEs )
{
$SecDesc.DACL += $ACE.psobject.baseobject
}
#Return the security Descriptor
return $SecDesc
}
Function New-ACE
{
param (
[string] $Name,
[string] $Domain,
[string] $Permission = "Read"
)
#Create the Trusteee Object
$Trustee = ([WMIClass] "\\\\$env:computername\\root\\cimv2:Win32_Trustee").CreateInstance()
$account = get-wmiobject Win32_Account -filter "Name like '$Name' and Domain like '$Domain'"
$accountSID = [WMI] "\\\\$env:ComputerName\\root\\cimv2:Win32_SID.SID='$($account.sid)'"
$Trustee.Domain = $Domain
$Trustee.Name = $Name
$Trustee.SID = $accountSID.BinaryRepresentation
#Create ACE (Access Control List) object.
$ACE = ([WMIClass] "\\\\$env:ComputerName\\root\\cimv2:Win32_ACE").CreateInstance()
switch ($Permission)
{
"Read" { $ACE.AccessMask = 1179817 }
"Change" { $ACE.AccessMask = 1245631 }
"Full" { $ACE.AccessMask = 2032127 }
default { throw "$Permission is not a supported permission value. Possible values are 'Read','Change','Full'" }
}
$ACE.AceFlags = 3
$ACE.AceType = 0
$ACE.Trustee = $Trustee
$ACE
}
$dacl_array = @()
EOH
new_resource.full_users.each do |user|
share_permissions_script += user_to_ace(user, 'Full')
end
new_resource.change_users.each do |user|
share_permissions_script += user_to_ace(user, 'Change')
end
new_resource.read_users.each do |user|
share_permissions_script += user_to_ace(user, 'Read')
end
share_permissions_script += <<-EOH
$dacl = New-SecurityDescriptor -Aces $dacl_array
$share = get-wmiobject win32_share -filter 'Name like "#{new_resource.share_name}"'
$return = $share.SetShareInfo($null, '#{new_resource.description}', $dacl)
exit $return.returnValue
EOH
r = powershell_out(share_permissions_script)
raise "Could not set share permissions. Win32_Share.SedtShareInfo returned #{r.exitstatus}" if r.error?
end
def user_to_ace(fully_qualified_user_name, access)
domain, user = fully_qualified_user_name.split('\\')
unless domain && user
raise "Invalid user entry #{fully_qualified_user_name}. The user names must be specified as 'DOMAIN\\user'"
end
"\n$dacl_array += new-ace -Name '#{user}' -domain '#{domain}' -permission '#{access}'"
end
end

53
cookbooks/windows/resources/shortcut.rb
View File

@@ -1,53 +0,0 @@
#
# Author:: Doug MacEachern <dougm@vmware.com>
# Cookbook:: windows
# Resource:: shortcut
#
# Copyright:: 2010-2017, VMware, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :name, String
property :target, String
property :arguments, String
property :description, String
property :cwd, String
property :iconlocation, String
load_current_value do |desired|
require 'win32ole' if RUBY_PLATFORM =~ /mswin|mingw32|windows/
link = WIN32OLE.new('WScript.Shell').CreateShortcut(desired.name)
name desired.name
target(link.TargetPath)
arguments(link.Arguments)
description(link.Description)
cwd(link.WorkingDirectory)
iconlocation(link.IconLocation)
end
action :create do
converge_if_changed do
converge_by "creating shortcut #{new_resource.name}" do
link = WIN32OLE.new('WScript.Shell').CreateShortcut(new_resource.name)
link.TargetPath = new_resource.target unless new_resource.target.nil?
link.Arguments = new_resource.arguments unless new_resource.arguments.nil?
link.Description = new_resource.description unless new_resource.description.nil?
link.WorkingDirectory = new_resource.cwd unless new_resource.cwd.nil?
link.IconLocation = new_resource.iconlocation unless new_resource.iconlocation.nil?
# ignoring: WindowStyle, Hotkey
link.Save
end
end
end

384
cookbooks/windows/resources/task.rb
View File

@@ -1,384 +0,0 @@
#
# Author:: Paul Mooring (<paul@chef.io>)
# Cookbook:: windows
# Resource:: task
#
# Copyright:: 2012-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Passwords can't be loaded for existing tasks, making :modify both confusing
# and not very useful
require 'chef/mixin/shell_out'
require 'rexml/document'
include Chef::Mixin::ShellOut
include Chef::Mixin::PowershellOut
property :task_name, String, name_property: true, regex: [/\A[^\/\:\*\?\<\>\|]+\z/]
property :command, String
property :cwd, String
property :user, String, default: 'SYSTEM'
property :password, String
property :run_level, equal_to: [:highest, :limited], default: :limited
property :force, [true, false], default: false
property :interactive_enabled, [true, false], default: false
property :frequency_modifier, [Integer, String], default: 1
property :frequency, equal_to: [:minute,
:hourly,
:daily,
:weekly,
:monthly,
:once,
:on_logon,
:onstart,
:on_idle], default: :hourly
property :start_day, String
property :start_time, String
property :day, [String, Integer]
property :months, String
property :idle_time, Integer
property :exists, [true, false], desired_state: true
property :status, Symbol, desired_state: true
property :enabled, [true, false], desired_state: true
def load_task_hash(task_name)
Chef::Log.debug 'Looking for existing tasks'
# we use powershell_out here instead of powershell_out! because a failure implies that the task does not exist
task_script = <<-EOH
[Console]::OutputEncoding = [Text.UTF8Encoding]::UTF8
schtasks /Query /FO LIST /V /TN \"#{task_name}\"
EOH
output = powershell_out(task_script).stdout.force_encoding('UTF-8')
if output.empty?
task = false
else
task = {}
output.split("\n").map! { |line| line.split(':', 2).map!(&:strip) }.each do |field|
if field.is_a?(Array) && field[0].respond_to?(:to_sym)
task[field[0].gsub(/\s+/, '').to_sym] = field[1]
end
end
end
task
end
load_current_value do |desired|
pathed_task_name = desired.task_name.start_with?('\\') ? desired.task_name : "\\#{desired.task_name}"
task_hash = load_task_hash pathed_task_name
task_name pathed_task_name
if task_hash.respond_to?(:[]) && task_hash[:TaskName] == pathed_task_name
exists true
status :running if task_hash[:Status] == 'Running'
enabled task_hash[:ScheduledTaskState] == 'Enabled' ? true : false
cwd task_hash[:StartIn] unless task_hash[:StartIn] == 'N/A'
command task_hash[:TaskToRun]
user task_hash[:RunAsUser]
else
exists false
end
end
action :create do
if current_resource.exists && !(task_need_update? || new_resource.force)
Chef::Log.info "#{new_resource} task already exists - nothing to do"
else
converge_by("creating a new scheduled task #{new_resource.task_name}") do
validate_user_and_password
validate_interactive_setting
validate_create_frequency_modifier
validate_create_day
validate_create_months
validate_idle_time
options = {}
options['F'] = '' if new_resource.force || task_need_update?
options['SC'] = schedule
options['MO'] = new_resource.frequency_modifier if frequency_modifier_allowed
options['I'] = new_resource.idle_time unless new_resource.idle_time.nil?
options['SD'] = new_resource.start_day unless new_resource.start_day.nil?
options['ST'] = new_resource.start_time unless new_resource.start_time.nil?
options['TR'] = new_resource.command
options['RU'] = new_resource.user
options['RP'] = new_resource.password if use_password?
options['RL'] = 'HIGHEST' if new_resource.run_level == :highest
options['IT'] = '' if new_resource.interactive_enabled
options['D'] = new_resource.day if new_resource.day
options['M'] = new_resource.months unless new_resource.months.nil?
run_schtasks 'CREATE', options
cwd(new_resource.cwd) if new_resource.cwd
end
end
end
action :run do
if current_resource.exists
if current_resource.status == :running
Chef::Log.info "#{new_resource} task is currently running, skipping run"
else
converge_by("running scheduled task #{new_resource.task_name}") do
run_schtasks 'RUN'
new_resource.updated_by_last_action true
end
end
else
Chef::Log.debug "#{new_resource} task doesn't exists - nothing to do"
end
end
action :change do
if current_resource.exists
converge_by("changing scheduled task #{new_resource.task_name}") do
validate_user_and_password
validate_interactive_setting
options = {}
options['TR'] = new_resource.command if new_resource.command
options['RU'] = new_resource.user if new_resource.user
options['RP'] = new_resource.password if new_resource.password
options['SD'] = new_resource.start_day unless new_resource.start_day.nil?
options['ST'] = new_resource.start_time unless new_resource.start_time.nil?
options['IT'] = '' if new_resource.interactive_enabled
run_schtasks 'CHANGE', options
cwd(new_resource.cwd) if new_resource.cwd != current_resource.cwd
end
else
Chef::Log.debug "#{new_resource} task doesn't exists - nothing to do"
end
end
action :delete do
if current_resource.exists
converge_by("deleting scheduled task #{new_resource.task_name}") do
# always need to force deletion
run_schtasks 'DELETE', 'F' => ''
end
else
Chef::Log.debug "#{new_resource} task doesn't exists - nothing to do"
end
end
action :end do
if current_resource.exists
if current_resource.status != :running
Chef::Log.debug "#{new_resource} is not running - nothing to do"
else
converge_by("stopping scheduled task #{new_resource.task_name}") do
run_schtasks 'END'
end
end
else
Chef::Log.fatal "#{new_resource} task doesn't exist - nothing to do"
raise Errno::ENOENT, "#{new_resource}: task does not exist, cannot end"
end
end
action :enable do
if current_resource.exists
if current_resource.enabled
Chef::Log.debug "#{new_resource} already enabled - nothing to do"
else
converge_by("enabling scheduled task #{new_resource.task_name}") do
run_schtasks 'CHANGE', 'ENABLE' => ''
end
end
else
Chef::Log.fatal "#{new_resource} task doesn't exist - nothing to do"
raise Errno::ENOENT, "#{new_resource}: task does not exist, cannot enable"
end
end
action :disable do
if current_resource.exists
if current_resource.enabled
converge_by("disabling scheduled task #{new_resource.task_name}") do
run_schtasks 'CHANGE', 'DISABLE' => ''
end
else
Chef::Log.debug "#{new_resource} already disabled - nothing to do"
end
else
Chef::Log.debug "#{new_resource} task doesn't exist - nothing to do"
end
end
action_class do
# rubocop:disable Style/StringLiteralsInInterpolation
def run_schtasks(task_action, options = {})
cmd = "schtasks /#{task_action} /TN \"#{new_resource.task_name}\" "
options.keys.each do |option|
cmd += "/#{option} "
cmd += "\"#{options[option].to_s.gsub('"', "\\\"")}\" " unless options[option] == ''
end
Chef::Log.debug('running: ')
Chef::Log.debug(" #{cmd}")
shell_out!(cmd, returns: [0])
end
# rubocop:enable Style/StringLiteralsInInterpolation
def task_need_update?
# gsub needed as schtasks converts single quotes to double quotes on creation
current_resource.command != new_resource.command.tr("'", '"') ||
current_resource.user != new_resource.user
end
def cwd(folder)
Chef::Log.debug 'looking for existing tasks'
# we use shell_out here instead of shell_out! because a failure implies that the task does not exist
xml_cmd = shell_out("schtasks /Query /TN \"#{new_resource.task_name}\" /XML")
return if xml_cmd.exitstatus != 0
doc = REXML::Document.new(xml_cmd.stdout)
Chef::Log.debug 'Removing former CWD if any'
doc.root.elements.delete('Actions/Exec/WorkingDirectory')
unless folder.nil?
Chef::Log.debug 'Setting CWD as #folder'
cwd_element = REXML::Element.new('WorkingDirectory')
cwd_element.add_text(folder)
exec_element = doc.root.elements['Actions/Exec']
exec_element.add_element(cwd_element)
end
temp_task_file = ::File.join(ENV['TEMP'], 'windows_task.xml')
begin
::File.open(temp_task_file, 'w:UTF-16LE') do |f|
doc.write(f)
end
options = {}
options['RU'] = new_resource.user if new_resource.user
options['RP'] = new_resource.password if new_resource.password
options['IT'] = '' if new_resource.interactive_enabled
options['XML'] = temp_task_file
run_schtasks('DELETE', 'F' => '')
run_schtasks('CREATE', options)
ensure
::File.delete(temp_task_file)
end
end
SYSTEM_USERS = ['NT AUTHORITY\SYSTEM', 'SYSTEM', 'NT AUTHORITY\LOCALSERVICE', 'NT AUTHORITY\NETWORKSERVICE'].freeze
def validate_user_and_password
return unless new_resource.user && use_password?
return unless new_resource.password.nil?
Chef::Log.fatal "#{new_resource.task_name}: Can't specify a non-system user without a password!"
end
def validate_interactive_setting
return unless new_resource.interactive_enabled && new_resource.password.nil?
Chef::Log.fatal "#{new_resource} did not provide a password when attempting to set interactive/non-interactive."
end
def validate_create_day
return unless new_resource.day
unless [:weekly, :monthly].include?(new_resource.frequency)
raise 'day attribute is only valid for tasks that run weekly or monthly'
end
return unless new_resource.day.is_a?(String) && new_resource.day.to_i.to_s != new_resource.day
days = new_resource.day.split(',')
days.each do |day|
unless ['mon', 'tue', 'wed', 'thu', 'fri', 'sat', 'sun', '*'].include?(day.strip.downcase)
raise 'day attribute invalid. Only valid values are: MON, TUE, WED, THU, FRI, SAT, SUN and *. Multiple values must be separated by a comma.'
end
end
end
def validate_create_months
return unless new_resource.months
unless [:monthly].include?(new_resource.frequency)
raise 'months attribute is only valid for tasks that run monthly'
end
return unless new_resource.months.is_a? String
months = new_resource.months.split(',')
months.each do |month|
unless ['JAN', 'FEB', 'MAR', 'APR', 'MAY', 'JUN', 'JUL', 'AUG', 'SEP', 'OCT', 'NOV', 'DEC', '*'].include?(month.strip.upcase)
raise 'months attribute invalid. Only valid values are: JAN, FEB, MAR, APR, MAY, JUN, JUL, AUG, SEP, OCT, NOV, DEC and *. Multiple values must be separated by a comma.'
end
end
end
def validate_idle_time
return unless new_resource.frequency == :on_idle
return if new_resource.idle_time.to_i > 0 && new_resource.idle_time.to_i <= 999
raise "idle_time value #{new_resource.idle_time} is invalid. Valid values for :on_idle frequency are 1 - 999."
end
def validate_create_frequency_modifier
# Currently is handled in create action 'frequency_modifier_allowed' line. Does not allow for frequency_modifier for once,onstart,onlogon,onidle
# Note that 'OnEvent' is not a supported frequency.
return if new_resource.frequency.nil? || new_resource.frequency_modifier.nil?
case new_resource.frequency
when :minute
unless new_resource.frequency_modifier.to_i > 0 && new_resource.frequency_modifier.to_i <= 1439
raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :minute frequency are 1 - 1439."
end
when :hourly
unless new_resource.frequency_modifier.to_i > 0 && new_resource.frequency_modifier.to_i <= 23
raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :hourly frequency are 1 - 23."
end
when :daily
unless new_resource.frequency_modifier.to_i > 0 && new_resource.frequency_modifier.to_i <= 365
raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :daily frequency are 1 - 365."
end
when :weekly
unless new_resource.frequency_modifier.to_i > 0 && new_resource.frequency_modifier.to_i <= 52
raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :weekly frequency are 1 - 52."
end
when :monthly
unless ('1'..'12').to_a.push('FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', 'LASTDAY').include?(new_resource.frequency_modifier.to_s.upcase)
raise "frequency_modifier value #{new_resource.frequency_modifier} is invalid. Valid values for :monthly frequency are 1 - 12, 'FIRST', 'SECOND', 'THIRD', 'FOURTH', 'LAST', 'LASTDAY'."
end
end
end
def use_password?
@use_password ||= !SYSTEM_USERS.include?(new_resource.user.upcase)
end
def schedule
case new_resource.frequency
when :on_logon
'ONLOGON'
when :on_idle
'ONIDLE'
else
new_resource.frequency
end
end
def frequency_modifier_allowed
case new_resource.frequency
when :minute, :hourly, :daily, :weekly
true
when :monthly
new_resource.months.nil? || %w(FIRST SECOND THIRD FOURTH LAST LASTDAY).include?(new_resource.frequency_modifier)
else
false
end
end
end

125
cookbooks/windows/resources/zipfile.rb
View File

@@ -1,125 +0,0 @@
#
# Author:: Doug MacEachern (<dougm@vmware.com>)
# Author:: Seth Chisamore (<schisamo@chef.io>)
# Cookbook:: windows
# Resource:: zipfile
#
# Copyright:: 2010-2017, VMware, Inc.
# Copyright:: 2011-2017, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
property :path, String, name_property: true
property :source, String
property :overwrite, [true, false], default: false
property :checksum, String
include Windows::Helper
require 'find'
action :unzip do
ensure_rubyzip_gem_installed
Chef::Log.debug("unzip #{new_resource.source} => #{new_resource.path} (overwrite=#{new_resource.overwrite})")
cache_file_path = if new_resource.source =~ %r{^(file|ftp|http|https):\/\/} # http://rubular.com/r/DGoIWjLfGI
uri = as_uri(source)
local_cache_path = "#{Chef::Config[:file_cache_path]}/#{::File.basename(::URI.unescape(uri.path))}"
Chef::Log.debug("Caching a copy of file #{new_resource.source} at #{cache_file_path}")
remote_file local_cache_path do
source new_resource.source
backup false
checksum new_resource.checksum unless new_resource.checksum.nil?
end
local_cache_path
else
new_resource.source
end
cache_file_path = win_friendly_path(cache_file_path)
converge_by("unzip #{new_resource.source}") do
ruby_block 'Unzipping' do
block do
Zip::File.open(cache_file_path) do |zip|
zip.each do |entry|
path = ::File.join(new_resource.path, entry.name)
FileUtils.mkdir_p(::File.dirname(path))
if new_resource.overwrite && ::File.exist?(path) && !::File.directory?(path)
FileUtils.rm(path)
end
zip.extract(entry, path) unless ::File.exist?(path)
end
end
end
action :run
end
end
end
action :zip do
ensure_rubyzip_gem_installed
# sanitize paths for windows.
new_resource.source.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR)
new_resource.path.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR)
Chef::Log.debug("zip #{new_resource.source} => #{new_resource.path} (overwrite=#{new_resource.overwrite})")
if new_resource.overwrite == false && ::File.exist?(new_resource.path)
Chef::Log.info("file #{new_resource.path} already exists and overwrite is set to false, exiting")
else
# delete the archive if it already exists, because we are recreating it.
if ::File.exist?(new_resource.path)
converge_by("delete existing file at #{new_resource.path}") do
::File.unlink(new_resource.path)
end
end
# only supporting compression of a single directory (recursively).
if ::File.directory?(new_resource.source)
converge_by("zipping #{new_resource.source} to #{new_resource.path}") do
z = Zip::File.new(new_resource.path, true)
unless new_resource.source =~ /::File::ALT_SEPARATOR$/
new_resource.source << ::File::ALT_SEPARATOR
end
Find.find(new_resource.source) do |f|
f.downcase.gsub!(::File::SEPARATOR, ::File::ALT_SEPARATOR)
# don't add root directory to the zipfile.
next if f == new_resource.source
# strip the root directory from the filename before adding it to the zipfile.
zip_fname = f.sub(new_resource.source, '')
Chef::Log.debug("adding #{zip_fname} to archive, sourcefile is: #{f}")
z.add(zip_fname, f)
end
z.close
end
else
Chef::Log.info("Single directory must be specified for compression, and #{new_resource.source} does not meet that criteria.")
end
end
end
action_class do
def ensure_rubyzip_gem_installed
require 'zip'
rescue LoadError
Chef::Log.info("Missing gem 'rubyzip'...installing now.")
chef_gem 'rubyzip' do
version node['windows']['rubyzipversion']
action :install
compile_time true
end
require 'zip'
end
end