abc/ops/cookbooks/vendor/windows/metadata.json

{"name":"windows","version":"6.0.0","description":"Provides a set of useful Windows-specific primitives.","long_description":"# Windows Cookbook\n\n[![Build status](https://ci.appveyor.com/api/projects/status/9x4uepmm1g4rktie/branch/master?svg=true)](https://ci.appveyor.com/project/ChefWindowsCookbooks/windows/branch/master) [![Cookbook Version](https://img.shields.io/cookbook/v/windows.svg)](https://supermarket.chef.io/cookbooks/windows)\n\nProvides a set of Windows-specific resources to aid in the creation of cookbooks/recipes targeting the Windows platform.\n\n## Requirements\n\n### Platforms\n\n- Windows 7\n- Windows Server 2008 R2\n- Windows 8, 8.1\n- Windows Server 2012 (R1, R2)\n- Windows Server 2016\n\n### Chef\n\n- Chef 14+\n\n## Resources\n\n### Deprecated Resources Note\n\nAs of Chef 14.7+ the windows_share and windows_certificate resources are now included in the Chef Client. If you are running Chef 14.7+ the resources in Chef client will take precedence over the resources in this cookbook. In November 2019 we will release a new major version of this cookbook that removes these resources.\n\n### windows_certificate\n\n`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource.\n\nInstalls a certificate into the Windows certificate store from a file, and grants read-only access to the private key for designated accounts. Due to current limitations in WinRM, installing certificated remotely may not work if the operation requires a user profile. Operations on the local machine store should still work.\n\n#### Actions\n\n- `:create` - creates or updates a certificate.\n- `:delete` - deletes a certificate.\n- `:acl_add` - adds read-only entries to a certificate's private key ACL.\n- `:verify` - logs whether or not a certificate is valid\n\n#### Properties\n\n- `source` - name attribute. The source file (for create and acl_add), thumbprint (for delete and acl_add) or subject (for delete).\n- `pfx_password` - the password to access the source if it is a pfx file.\n- `private_key_acl` - array of 'domain\\account' entries to be granted read-only access to the certificate's private key. This is not idempotent.\n- `store_name` - the certificate store to manipulate. One of:\n  - MY (Personal)\n  - CA (Intermediate Certification Authorities)\n  - ROOT (Trusted Root Certification Authorities)\n  - TRUSTEDPUBLISHER (Trusted Publishers)\n  - CLIENTAUTHISSUER (Client Authentication Issuers)\n  - REMOTE DESKTOP (Remote Desktop)\n  - TRUSTEDDEVICES (Trusted Devices)\n  - WEBHOSTING (Web Hosting)\n  - AUTHROOT (Third-Party Root Certification Authorities)\n  - TRUSTEDPEOPLE (Trusted People)\n  - SMARTCARDROOT (Smart Card Trusted Roots)\n  - TRUST (Enterprise Trust)\n  - DISALLOWED (Untrusted Certificates)\n- `user_store` - if false (default) then use the local machine store; if true then use the current user's store.\n\n#### Examples\n\n```ruby\n# Add PFX cert to local machine personal store and grant accounts read-only access to private key\nwindows_certificate \"c:/test/mycert.pfx\" do\n    pfx_password    \"password\"\n    private_key_acl    [\"acme\\fred\", \"pc\\jane\"]\nend\n```\n\n```ruby\n# Add cert to trusted intermediate store\nwindows_certificate \"c:/test/mycert.cer\" do\n    store_name    \"CA\"\nend\n```\n\n```ruby\n# Remove all certificates matching the subject\nwindows_certificate \"me.acme.com\" do\n    action :delete\nend\n```\n\n### windows_certificate_binding\n\nBinds a certificate to an HTTP port in order to enable TLS communication.\n\n#### Actions\n\n- `:create` - creates or updates a binding.\n- `:delete` - deletes a binding.\n\n#### Properties\n\n- `cert_name` - name attribute. The thumbprint(hash) or subject that identifies the certificate to be bound.\n- `name_kind` - indicates the type of cert_name. One of :subject (default) or :hash.\n- `address` - the address to bind against. Default is 0.0.0.0 (all IP addresses). One of:\n  - IP v4 address `1.2.3.4`\n  - IP v6 address `[::1]`\n  - Host name `www.foo.com`\n- `port` - the port to bind against. Default is 443.\n- `app_id` - the GUID that defines the application that owns the binding. Default is the values used by IIS.\n- `store_name` - the store to locate the certificate in. One of:\n  - MY (Personal)\n  - CA (Intermediate Certification Authorities)\n  - ROOT (Trusted Root Certification Authorities)\n  - TRUSTEDPUBLISHER (Trusted Publishers)\n  - CLIENTAUTHISSUER (Client Authentication Issuers)\n  - REMOTE DESKTOP (Remote Desktop)\n  - TRUSTEDDEVICES (Trusted Devices)\n  - WEBHOSTING (Web Hosting)\n  - AUTHROOT (Third-Party Root Certification Authorities)\n  - TRUSTEDPEOPLE (Trusted People)\n  - SMARTCARDROOT (Smart Card Trusted Roots)\n  - TRUST (Enterprise Trust)\n\n#### Examples\n\n```ruby\n# Bind the first certificate matching the subject to the default TLS port\nwindows_certificate_binding \"me.acme.com\" do\nend\n```\n\n```ruby\n# Bind a cert from the CA store with the given hash to port 4334\nwindows_certificate_binding \"me.acme.com\" do\n    cert_name    \"d234567890a23f567c901e345bc8901d34567890\"\n    name_kind    :hash\n    store_name    \"CA\"\n    port        4334\nend\n```\n\n### windows_dns\n\nConfigures A and CNAME records in Windows DNS. This requires the DNSCMD to be installed, which is done by adding the DNS role to the server or installing the Remote Server Admin Tools.\n\n#### Actions\n\n- :create: creates/updates the DNS entry\n- :delete: deletes the DNS entry\n\n#### Properties\n\n- host_name: name attribute. FQDN of the entry to act on.\n- dns_server: the DNS server to update. Default is local machine (.)\n- record_type: the type of record to create. One of A (default) or CNAME\n- target: for A records an array of IP addresses to associate with the host; for CNAME records the FQDN of the host to alias\n- ttl: if > 0 then set the time to live of the record\n\n#### Examples\n\n```ruby\n# Create A record linked to 2 addresses with a 10 minute ttl\nwindows_dns \"m1.chef.test\" do\n    target         ['10.9.8.7', '1.2.3.4']\n    ttl            600\nend\n```\n\n```ruby\n# Delete records. target is mandatory although not used\nwindows_dns \"m1.chef.test\" do\n    action    :delete\n    target    []\nend\n```\n\n```ruby\n# Set an alias against the node in a role\nnodes = search( :node, \"role:my_service\" )\nwindows_dns \"myservice.chef.test\" do\n    record_type    'CNAME'\n    target        nodes[0]['fqdn']\nend\n```\n\n### windows_http_acl\n\nSets the Access Control List for an http URL to grant non-admin accounts permission to open HTTP endpoints.\n\n#### Actions\n\n- `:create` - creates or updates the ACL for a URL.\n- `:delete` - deletes the ACL from a URL.\n\n#### Properties\n\n- `url` - the name of the url to be created/deleted.\n- `sddl` - the DACL string configuring all permissions to URL. Mandatory for create if user is not provided. Can't be use with `user`.\n- `user` - the name (domain\\user) of the user or group to be granted permission to the URL. Mandatory for create if sddl is not provided. Can't be use with `sddl`. Only one user or group can be granted permission so this replaces any previously defined entry. If you receive a parameter error your user may not exist.\n\n#### Examples\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n    user 'pc\\\\fred'\nend\n```\n\n```ruby\n# Grant access to users \"NT SERVICE\\WinRM\" and \"NT SERVICE\\Wecsvc\" via sddl\nwindows_http_acl 'http://+:5985/' do\n  sddl 'D:(A;;GX;;;S-1-5-80-569256582-2953403351-2909559716-1301513147-412116970)(A;;GX;;;S-1-5-80-4059739203-877974739-1245631912-527174227-2996563517)'\nend\n```\n\n```ruby\nwindows_http_acl 'http://+:50051/' do\n    action :delete\nend\n```\n\n### windows_share\n\n`Note`: This resource is now included in Chef 14.7 and later. There is no need to depend on the Windows cookbook for this resource.\n\nCreates, modifies and removes Windows shares. All properties are idempotent.\n\n`Note`: This resource uses PowerShell cmdlets introduced in Windows 2012/8.\n\n#### Actions\n\n- `:create`: creates/modifies a share\n- `:delete`: deletes a share\n\n#### Properties\n\nproperty                 | type       | default       | description\n------------------------ | ---------- | ------------- | -----------------------------------------------------------------------------------------------------------------------------------------------------------\n`share_name`             | String     | resource name | the share to assign to the share\n`path`                   | String     |               | The path of the location of the folder to share. Required when creating. If the share already exists on a different path then it is deleted and re-created.\n`description`            | String     |               | description to be applied to the share\n`full_users`             | Array      | []            | users which should have \"Full control\" permissions\n`change_users`           | Array      | []            | Users are granted modify permission to access the share.\n`read_users`             | Array      | []            | users which should have \"Read\" permissions\n`temporary`              | True/False | false         | The lifetime of the new SMB share. A temporary share does not persist beyond the next restart of the computer\n`scope_name`             | String     | '*'           | The scope name of the share.\n`ca_timeout`             | Integer    | 0             | The continuous availability time-out for the share.\n`continuously_available` | True/False | false         | Indicates that the share is continuously available.\n`concurrent_user_limit`  | Integer    | 0 (unlimited) | The maximum number of concurrently connected users the share can accommodate\n`encrypt_data`           | True/False | false         | Indicates that the share is encrypted.\n\n#### Examples\n\n```ruby\nwindows_share \"foo\" do\n  action :create\n  path \"C:\\\\foo\"\n  full_users [\"DOMAIN_A\\\\some_user\", \"DOMAIN_B\\\\some_other_user\"]\n  read_users [\"DOMAIN_C\\\\Domain users\"]\nend\n```\n\n```ruby\nwindows_share \"foo\" do\n  action :delete\nend\n```\n\n### windows_user_privilege\n\nAdds the `principal` (User/Group) to the specified privileges (such as `Logon as a batch job` or `Logon as a Service`).\n\n#### Actions\n\n- `:add` - add the specified privileges to the `principal`\n- `:remove` - remove the specified privilege of the `principal`\n\n#### Properties\n\n- `principal` - Name attribute, Required, String. The user or group to be granted privileges.\n- `privilege` - Required, String/Array. The privilege(s) to be granted.\n\n#### Examples\n\nGrant the Administrator user the `Logon as a batch job` and `Logon as a service` privilege.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n  privilege %w(SeBatchLogonRight SeServiceLogonRight)\nend\n```\n\nRemove `Logon as a batch job` privilege of Administrator.\n\n```ruby\nwindows_user_privilege 'Administrator' do\n  privilege %w(SeBatchLogonRight)\n  action :remove\nend\n```\n\n#### Available Privileges\n\n```\nSeTrustedCredManAccessPrivilege      Access Credential Manager as a trusted caller\nSeNetworkLogonRight                  Access this computer from the network\nSeTcbPrivilege                       Act as part of the operating system\nSeMachineAccountPrivilege            Add workstations to domain\nSeIncreaseQuotaPrivilege             Adjust memory quotas for a process\nSeInteractiveLogonRight              Allow log on locally\nSeRemoteInteractiveLogonRight        Allow log on through Remote Desktop Services\nSeBackupPrivilege                    Back up files and directories\nSeChangeNotifyPrivilege              Bypass traverse checking\nSeSystemtimePrivilege                Change the system time\nSeTimeZonePrivilege                  Change the time zone\nSeCreatePagefilePrivilege            Create a pagefile\nSeCreateTokenPrivilege               Create a token object\nSeCreateGlobalPrivilege              Create global objects\nSeCreatePermanentPrivilege           Create permanent shared objects\nSeCreateSymbolicLinkPrivilege        Create symbolic links\nSeDebugPrivilege                     Debug programs\nSeDenyNetworkLogonRight              Deny access this computer from the network\nSeDenyBatchLogonRight                Deny log on as a batch job\nSeDenyServiceLogonRight              Deny log on as a service\nSeDenyInteractiveLogonRight          Deny log on locally\nSeDenyRemoteInteractiveLogonRight    Deny log on through Remote Desktop Services\nSeEnableDelegationPrivilege          Enable computer and user accounts to be trusted for delegation\nSeRemoteShutdownPrivilege            Force shutdown from a remote system\nSeAuditPrivilege                     Generate security audits\nSeImpersonatePrivilege               Impersonate a client after authentication\nSeIncreaseWorkingSetPrivilege        Increase a process working set\nSeIncreaseBasePriorityPrivilege      Increase scheduling priority\nSeLoadDriverPrivilege                Load and unload device drivers\nSeLockMemoryPrivilege                Lock pages in memory\nSeBatchLogonRight                    Log on as a batch job\nSeServiceLogonRight                  Log on as a service\nSeSecurityPrivilege                  Manage auditing and security log\nSeRelabelPrivilege                   Modify an object label\nSeSystemEnvironmentPrivilege         Modify firmware environment values\nSeManageVolumePrivilege              Perform volume maintenance tasks\nSeProfileSingleProcessPrivilege      Profile single process\nSeSystemProfilePrivilege             Profile system performance\nSeUnsolicitedInputPrivilege          \"Read unsolicited input from a terminal device\"\nSeUndockPrivilege                    Remove computer from docking station\nSeAssignPrimaryTokenPrivilege        Replace a process level token\nSeRestorePrivilege                   Restore files and directories\nSeShutdownPrivilege                  Shut down the system\nSeSyncAgentPrivilege                 Synchronize directory service data\nSeTakeOwnershipPrivilege             Take ownership of files or other objects\n```\n\n### windows_zipfile\n\nMost version of Windows do not ship with native cli utility for managing compressed files. This resource provides a pure-ruby implementation for managing zip files. Be sure to use the `not_if` or `only_if` meta parameters to guard the resource for idempotence or action will be taken every Chef run.\n\n#### Actions\n\n- `:unzip` - unzip a compressed file\n- `:zip` - zip a directory (recursively)\n\n#### Properties\n\n- `path` - name attribute. The path where files will be (un)zipped to.\n- `source` - source of the zip file (either a URI or local path) for :unzip, or directory to be zipped for :zip.\n- `overwrite` - force an overwrite of the files if they already exist.\n- `checksum` - for :unzip, useful if source is remote, if the local file matches the SHA-256 checksum, Chef will not download it.\n\n#### Examples\n\nUnzip a remote zip file locally\n\n```ruby\nwindows_zipfile 'c:/bin' do\n  source 'http://download.sysinternals.com/Files/SysinternalsSuite.zip'\n  action :unzip\n  not_if {::File.exists?('c:/bin/PsExec.exe')}\nend\n```\n\nUnzip a local zipfile\n\n```ruby\nwindows_zipfile 'c:/the_codez' do\n  source 'c:/foo/baz/the_codez.zip'\n  action :unzip\nend\n```\n\nCreate a local zipfile\n\n```ruby\nwindows_zipfile 'c:/foo/baz/the_codez.zip' do\n  source 'c:/the_codez'\n  action :zip\nend\n```\n\n## Libraries\n\n### WindowsHelper\n\nHelper that allows you to use helpful functions in windows\n\n#### installed_packages\n\nReturns a hash of all DisplayNames installed\n\n```ruby\n# usage in a recipe\n::Chef::Recipe.send(:include, Windows::Helper)\nhash_of_installed_packages = installed_packages\n```\n\n#### is_package_installed?\n\n- `package_name` - The name of the package you want to query to see if it is installed\n- `returns` - true if the package is installed, false if it the package is not installed\n\nDownload a file if a package isn't installed\n\n```ruby\n# usage in a recipe to not download a file if package is already installed\n::Chef::Recipe.send(:include, Windows::Helper)\nis_win_sdk_installed = is_package_installed?('Windows Software Development Kit')\n\nremote_file 'C:\\windows\\temp\\windows_sdk.zip' do\n  source 'http://url_to_download/windows_sdk.zip'\n  action :create_if_missing\n  not_if {is_win_sdk_installed}\nend\n```\n\nDo something if a package is installed\n\n```ruby\n# usage in a provider\ninclude Windows::Helper\nif is_package_installed?('Windows Software Development Kit')\n  # do something if package is installed\nend\n```\n\n### Windows::VersionHelper\n\nHelper that allows you to get information of the windows version running on your node. It leverages windows ohai from kernel.os_info, easy to mock and to use even on linux.\n\n#### core_version?\n\nDetermines whether given node is running on a windows Core.\n\n```ruby\nif ::Windows::VersionHelper.core_version? node\n  fail 'Windows Core is not supported'\nend\n```\n\n#### workstation_version?\n\nDetermines whether given node is a windows workstation version (XP, Vista, 7, 8, 8.1, 10)\n\n```ruby\nif ::Windows::VersionHelper.workstation_version? node\n  fail 'Only server version of windows are supported'\nend\n```\n\n#### server_version?\n\nDetermines whether given node is a windows server version (Server 2003, Server 2008, Server 2012, Server 2016)\n\n```ruby\nif ::Windows::VersionHelper.server_version? node\n  puts 'Server version of windows are cool'\nend\n```\n\n#### nt_version\n\nDetermines NT version of the given node\n\n```ruby\ncase ::Windows::VersionHelper.nt_version node\n  when '6.0' then 'Windows vista or Server 2008'\n  when '6.1' then 'Windows 7 or Server 2008R2'\n  when '6.2' then 'Windows 8 or Server 2012'\n  when '6.3' then 'Windows 8.1 or Server 2012R2'\n  when '10.0' then 'Windows 10'\nend\n```\n\n## Usage\n\nPlace an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Windows-specific resources/providers that ship with this cookbook.\n\n```ruby\ndepends 'windows'\n```\n\n## License & Authors\n\n- Author:: Seth Chisamore ([schisamo@chef.io](mailto:schisamo@chef.io))\n- Author:: Doug MacEachern ([dougm@vmware.com](mailto:dougm@vmware.com))\n- Author:: Paul Morton ([pmorton@biaprotect.com](mailto:pmorton@biaprotect.com))\n- Author:: Doug Ireton ([doug.ireton@nordstrom.com](mailto:doug.ireton@nordstrom.com))\n\n```text\nCopyright 2011-2018, Chef Software, Inc.\nCopyright 2010, VMware, Inc.\nCopyright 2011, Business Intelligence Associates, Inc\nCopyright 2012, Nordstrom, Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n    http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n","maintainer":"Chef Software, Inc.","maintainer_email":"cookbooks@chef.io","license":"Apache-2.0","platforms":{"windows":">= 0.0.0"},"dependencies":{},"recommendations":{},"suggestions":{},"conflicting":{},"providing":{},"replacing":{},"attributes":{},"groupings":{},"recipes":{},"source_url":"https://github.com/chef-cookbooks/windows","issues_url":"https://github.com/chef-cookbooks/windows/issues","chef_version":[[">= 14"]],"ohai_version":[]}