## Chef Infra Client Release Candidate Chef Infra Client 18.0.155 is a release candidate. You can download this release from [Chef Downloads](https://www.chef.io/downloads). ## Known Issues Chef Infra Client 18.0.155 is currently unavailable for AIX 7.3, Solaris, and Windows 2012 platforms. These will be supported with the GA release. ## REST Operations Resource Support Added REST operations to the resources DSL. ([#12755](https://github.com/chef/chef/pull/12755)) This allows you to create a resource partial that can be used in a custom resource like this: ```ruby use "core::rest_resource" provides :rest_resource_by_query, target_mode: true property :address, String, required: true property :prefix, Integer, required: true property :gateway, String rest_api_collection "/api/v1/addresses" rest_api_document "/api/v1/address/?ip={address}" rest_property_map({ address: "address", prefix: "prefix", gateway: "gateway", }) ``` ## Unified Mode in Custom Resources [Unified mode](https://docs.chef.io/unified_mode/) is now enabled for custom resources by default. ([#12692](https://github.com/chef/chef/pull/12692)) In Chef Infra Client 16, we introduced unified mode allowing you to collapse the sometimes confusing compile and converge phases into a single unified phase. Unified mode makes it easier to write and troubleshoot failures in custom resources and this is now the default execution phase for custom resources. Set `unified_mode false` in a custom resource if you need to disable unified mode. ## New Resources ### selinux_boolean Use the **selinux_boolean** resource to set SELinux boolean values. See the [selinux_boolean resource](https://docs.chef.io/resources/selinux_boolean) documentation for additional information. ### selinux_fcontext Use the **selinux_fcontext** resource to set the SELinux context of files. See the [selinux_fcontext resource](https://docs.chef.io/resources/selinux_fcontext) documentation for additional information. ### selinux_install Use the **selinux_install** resource to encapsulate the set of SELinux packages to install in order to manage SELinux. See the [selinux_install resource](https://docs.chef.io/resources/selinux_install) documentation for additional information. ### selinux_module Use the **selinux_module** module resource to create an SELinux policy module from a cookbook file or content provided as a string. See the [selinux_module resource](https://docs.chef.io/resources/selinux_module) documentation for additional information. ### selinux_permissive Use the **selinux_permissive** resource to allow some domains to misbehave without stopping them. See the [selinux_permissive resource](https://docs.chef.io/resources/selinux_permissive) documentation for additional information. ### selinux_port Use the **selinux_port** resource to assign a network port to a specific SELinux context. See the [selinux_port resource](https://docs.chef.io/resources/selinux_port) documentation for additional information. ### selinux_state Use the **selinux_state** resource to manage the SELinux state on a system. See the [selinux_state resource](https://docs.chef.io/resources/selinux_state) documentation for additional information. ## Resource Updates ### chef_client_config The `:create` action will now create directories defined in the resource properties if they are defined but don't exist. ([#12416](https://github.com/chef/chef/pull/12416)) Added a `rubygems_url` property that allows users to specify URI as a source for Ruby gems. This could be an internal mirror of rubygems for airgapped environments. ([#12724](https://github.com/chef/chef/pull/12724)) Thanks ([DecoyJoe](https://github.com/DecoyJoe))! ### chef_client_launchd The chef_client_launchd resource now runs at load instead instead of requiring a system restart before running. ([#12706](https://github.com/chef/chef/pull/12706)) ### rhsm_register The rhsm_register resource now flushes the internal package cache after registering with Red Hat Satellite. ([#12828](https://github.com/chef/chef/pull/12828)) Thanks for fixing this @jasonwbarnett! ### user The user resource now has `expire_date` and `inactive` properties on Linux systems that specify the date a user account will be disabled and the number days after a password expires before an account is permanently disabled. ## Secrets Manager Integration The [Secrets Management Integration helper](https://docs.chef.io/infra_language/secrets/) is now a fully supported feature. The Secrets Management Integration helper allows you to fetch secrets from the following secrets management systems within your Infra recipes or resources: - AWS Secrets Manager - Akeyless Vault - Azure Key Vault - HashiCorp Vault ## Platform Support Updates ### AIX 7.3 Chef Infra Client packages are now produced for AIX 7.3. ### AlmaLinux 8 Chef Infra Client packages are now produced for AlmaLinux 8. ### Amazon 2022 Chef Infra Client packages are now produced for Amazon Linux 2022. ### CentOS 8 CentOS 8 became end-of-life on December 2021. Chef Infra Client packages are no longer produced for CentOS 8, which is being replaced by AlmaLinux 8. ### Windows 8 Chef Infra Client packages are no longer produced for Windows 8. ### 32-bit Windows Chef Infra Client packages are no longer produced for 32-bit versions of Windows. ## Security ### Sensitive Properties in Custom Resources Fixed an issue in custom resources where Chef Infra Client was logging data of properties with `sensitive: true` and `desired_state: false`. ([#13014](https://github.com/chef/chef/pull/13014)) ### Migrate PEM Storage to Certificate Store for Windows Use `migrate_key_to_keystore true` in the Chef Infra Client config.rb to migrate certificates to the Windows certificate store on Windows nodes. This creates a PFX certificate, extracts a public key from the certificate and sends it to the Chef Infra Server, and then stores the certificate in the local certificate store. Certificates have a 90-day lifespan. If a certificate is expiring, Infra Client will automatically generate a new one and store it in the local certificate store, and then generate and replace the older public key on the Infra Server. ([#12910](https://github.com/chef/chef/pull/12910)) ([#12640](https://github.com/chef/chef/pull/12640)) ([#12426](https://github.com/chef/chef/pull/12426)) ([#12518](https://github.com/chef/chef/pull/12518)) ## Updated Components - license_scout 1.0 -> 1.3 ([#12992](https://github.com/chef/chef/pull/12992)) - ncurses 5.9 -> 6.3 ([#12953](https://github.com/chef/chef/pull/12953)) - libxml2 2.9.10 -> 2.9.13 ([#12752](https://github.com/chef/chef/pull/12752)) - libxslt 1.1.14 -> 1.1.15 ([#12752](https://github.com/chef/chef/pull/12752)) - win32-api 1.5.3 -> 1.5 to allow for the latest releases ([#12614](https://github.com/chef/chef/pull/12614)) - diff-lcs to not 1.4.0 and < 1.6.0 ([#12534](https://github.com/chef/chef/pull/12534)) - Windows versions are now built on Universal CRT ([#12959](https://github.com/chef/chef/pull/12959)) - Use new msys2-based development kit for Windows ([#13097](https://github.com/chef/chef/pull/13097)) ## Bug Fixes - Fixed the chef_client_config resource to properly return the datacollector parameters. ([#12732](https://github.com/chef/chef/pull/12732)) - Fixed the zypper-package resource so it correctly handles packages specified in the source property. ([#12182](https://github.com/chef/chef/pull/12182)) - Fixed the plist resource so it will correctly generate a new file using the file resource. ([#12680](https://github.com/chef/chef/pull/12680)). Thanks ([jazaval](https://github.com/jazaval))! - Fixed the mount resource so it can handle spaces in a file path. ([#11626](https://github.com/chef/chef/pull/11626)) - Fixed the crod_d resource so it will accept a space in the name of the resource block. ([#12377](https://github.com/chef/chef/pull/12377)) - Fixed the locale resource regenerated all installed locales on every Chef Infra run. ([#12833](https://github.com/chef/chef/pull/12833)) - Fixed an issue when specifying a package version when using the yum_package resource. ([#12657](https://github.com/chef/chef/pull/12657)) - Fixed missing X-Vault-AWS-IAM-Server-ID header in the Secrets Management Integration helper when using AWS IAM to fetch secrets from HashiCorp Vault. ([#12956](https://github.com/chef/chef/pull/12956)) - Improved error message when using `knife upload` to upload a file with a syntax error to chef-zero. ([#11678](https://github.com/chef/chef/pull/11678)) - Fixed bug where ChefSpec fails to load Compliance Profiles in Compliance Phase that contain an InSpec profile. ([#12830](https://github.com/chef/chef/pull/12830)) - Fixed a performance issue when reading attributes from nodes. ([#12742](https://github.com/chef/chef/pull/12742)) - Fixed an issue where a PEM file was not generated when a new user is created with `knife user create`. ([#12619](https://github.com/chef/chef/pull/12619)) - Resolved failures when running the audit-enforcer reporter. ([#12595](https://github.com/chef/chef/pull/12595)) - Introduced a new compliance-enforcer reporter as an alias to the audit-enforcer. This forces the Infra Client run to fail if the Compliance Phase fails. ([#12595](https://github.com/chef/chef/pull/12595)) - The `subscribes` property in a resource will now validate an incorrectly formated resource call. ([#12525](https://github.com/chef/chef/pull/12525))