Merge branch 'config_property' of https://github.com/rlaveycal/iis in…

…to rlaveycal-config_property

.kitchen.appveyor.yml

@@ -21,6 +21,9 @@ suites:
   - name: app
     run_list:
       - recipe[test::app]
+  - name: config_property
+    run_list:
+      - recipe[test::config_property]
   - name: module
     run_list:
       - recipe[test::module]

.kitchen.yml

@@ -39,6 +39,9 @@ suites:
   - name: app
     run_list:
       - recipe[test::app]
+  - name: config_property
+    run_list:
+      - recipe[test::config_property]
   - name: module
     run_list:
       - recipe[test::module]

.rubocop.yml

@@ -13,3 +13,8 @@ Style/IfUnlessModifier:
   Exclude:
     - 'resources/pool.rb'
     - 'resources/site.rb'
+
+# Fix missing Carriage return error on Windows
+# https://github.com/bbatsov/rubocop/issues/4293
+Layout/EndOfLine:
+  EnforcedStyle: lf

README.md

@@ -287,6 +287,52 @@ iis_config "MySite /commit:site /section:machineKey" do
 end
 ```
 
+### iis_config_property
+
+Sets an IIS configuration property. Idempotent. Uses Powershell [Set-WebConfigurationProperty](https://technet.microsoft.com/en-us/library/ee807821.aspx) rather than appcmd.
+
+#### Actions
+
+- `:set` : Sets the property to the given value if it is not already set.
+- `:add` : Adds an item to a collection if one doesn't already exist. `filter` should define a collection element. An item will be added if there is no member with a `property` value of `value`.
+- `:remove` : Removes a item from a collection if it already exists. `filter` should define a collection element. The item will be removed if there is a member with a `property` value of `value`.
+
+#### Properties
+
+- `property` : The property to be set. Defaults from name.
+- `ps_path` : Specifies the configuration path. This can be either an IIS configuration path in the format `computer name/webroot/apphost`, or the IIS module path in this format `IIS:\sites\Default Web Site`.
+- `location` : Optional. The location of the configuration setting. Location tags are frequently used for configuration settings that must be set more precisely than per application or per virtual directory. For example, a setting for a particular file or directory could use a location tag. Location tags are also used if a particular section is locked. In such an instance, the configuration system would have to use a location tag in one of the parent configuration files.
+- `filter` : Specifies the IIS configuration section or an XPath query that returns a configuration element.
+- `value` : The value to set the property to. Either a string or an integer.
+
+#### Example
+
+```ruby
+# Sets up logging
+iis_config_property 'directory' do
+  ps_path   'MACHINE/WEBROOT/APPHOST'
+  filter    'system.applicationHost/sites/siteDefaults/logfile'
+  value     'D:\\logs'
+end
+```
+
+```ruby
+# Set XSS-Protection header on all sites
+iis_config_property 'Add X-Xss-Protection' do
+  ps_path   'MACHINE/WEBROOT/APPHOST'
+  filter    'system.webServer/httpProtocol/customHeaders'
+  property  'name'
+  value     'X-Xss-Protection'
+  action    :add
+end
+iis_config_property 'Set X-Xss-Protection' do
+  ps_path   'MACHINE/WEBROOT/APPHOST'
+  filter    "system.webServer/httpProtocol/customHeaders/add[@name='X-Xss-Protection']"
+  property  'value'
+  value     '1; mode=block'
+end
+```
+
 ### iis_pool
 
 Creates an application pool in IIS.

resources/config_property.rb

@@ -0,0 +1,101 @@
+#
+# Cookbook Name:: iis
+# Resource:: config_property
+#
+# Copyright 2018, Calastone Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# Configures an IIS property (using powershell for idempotence)
+
+property :property, String, name_property: true
+property :ps_path, String, required: true
+property :location, String
+property :filter, String, required: true
+property :value, [String, Integer], required: true
+
+action :set do
+  location_param = "-location \"#{new_resource.location}\"" if
+    property_is_set?(:location)
+
+  # powershell doesn't like { or } in xpath values (e.g. server variables)
+  escaped_filter = new_resource.filter.gsub('{', '{{').gsub('}', '}}')
+
+  property_value =  if new_resource.value.is_a?(Integer)
+                      new_resource.value.to_s
+                    else
+                      "\"#{new_resource.value}\""
+                    end
+  powershell_script "Set #{new_resource.ps_path}#{new_resource.location}\
+/#{escaped_filter}/#{new_resource.property}" do
+    code <<-EOH
+    Set-WebConfigurationProperty -pspath "#{new_resource.ps_path}" \
+    #{location_param} -filter "#{escaped_filter}" \
+    -name "#{new_resource.property}" \
+    -value #{property_value} -ErrorAction Stop
+    EOH
+    only_if <<-EOH
+    (Get-WebConfigurationProperty -pspath "#{new_resource.ps_path}" \
+    #{location_param} -filter "#{escaped_filter}" \
+    -name "#{new_resource.property}" -ErrorAction Stop) -ne #{property_value}
+    EOH
+  end
+end
+
+action :add do
+  location_param = "-location \"#{new_resource.location}\"" if
+    property_is_set?(:location)
+
+  # powershell doesn't like { or } in xpath values (e.g. server variables)
+  escaped_value = new_resource.value.gsub('{', '{{').gsub('}', '}}')
+  escaped_filter = new_resource.filter.gsub('{', '{{').gsub('}', '}}')
+
+  powershell_script "Set #{new_resource.ps_path}#{new_resource.location}\
+/#{escaped_filter}/#{new_resource.property}" do
+    code <<-EOH
+    Add-WebConfigurationProperty -pspath "#{new_resource.ps_path}" \
+    #{location_param} -filter "#{escaped_filter}" \
+    -name "." -value @{ #{new_resource.property} = '#{new_resource.value}'; } \
+    -ErrorAction Stop
+    EOH
+    only_if <<-EOH
+    (Get-WebConfiguration -pspath "#{new_resource.ps_path}" #{location_param} \
+    -filter "#{escaped_filter}/*[@#{new_resource.property}='#{escaped_value}']" \
+    -ErrorAction Stop) -eq $null
+    EOH
+  end
+end
+
+action :remove do
+  location_param = "-location \"#{new_resource.location}\"" if
+    property_is_set?(:location)
+
+  # powershell doesn't like { or } in xpath values (e.g. server variables)
+  escaped_value = new_resource.value.gsub('{', '{{').gsub('}', '}}')
+  escaped_filter = filter.gsub('{', '{{').gsub('}', '}}')
+
+  powershell_script "Set #{new_resource.ps_path}#{new_resource.location}\
+/#{escaped_filter}/#{new_resource.property}" do
+    code <<-EOH
+    Remove-WebConfigurationProperty -pspath "#{new_resource.ps_path}" \
+    #{location_param} -filter "#{escaped_filter}" \
+    -name "." -AtElement @{ #{new_resource.property} = \
+    '#{new_resource.value}'; } -ErrorAction Stop
+    EOH
+    only_if <<-EOH
+    (Get-WebConfiguration -pspath "#{new_resource.ps_path}" #{location_param} \
+    -filter "#{escaped_filter}/*[@#{new_resource.property}='#{escaped_value}']" \
+    -ErrorAction Stop) -ne $null
+    EOH
+  end
+end

test/cookbooks/test/recipes/config_property.rb

@@ -0,0 +1,63 @@
+#
+# Cookbook:: test
+# Recipe:: config_property
+#
+# copyright: 2017, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+include_recipe 'iis'
+
+# create and start a new site that maps to
+# the physical location C:\inetpub\wwwroot\testfu
+# first the physical location must exist
+directory "#{node['iis']['docroot']}/ConfigSite" do
+  action :create
+end
+
+# now create and start the site (note this will use the default application pool which must exist)
+iis_site 'ConfigSite' do
+  protocol :http
+  port 8080
+  path "#{node['iis']['docroot']}/ConfigSite"
+  action [:add, :start]
+end
+
+# Sets up logging
+iis_config_property 'directory' do
+  ps_path   'MACHINE/WEBROOT/APPHOST'
+  filter    'system.applicationHost/sites/siteDefaults/logfile'
+  value     'D:\\logs'
+end
+
+# Increase file upload size for 'ConfigSite'
+iis_config_property 'maxAllowedContentLength' do
+  ps_path   'MACHINE/WEBROOT/APPHOST/ConfigSite'
+  filter    'system.webServer/security/requestFiltering/requestLimits'
+  value     50_000_000
+end
+
+# Set XSS-Protection header on all sites
+iis_config_property 'Add X-Xss-Protection' do
+  ps_path   'MACHINE/WEBROOT/APPHOST'
+  filter    'system.webServer/httpProtocol/customHeaders'
+  property  'name'
+  value     'X-Xss-Protection'
+  action    :add
+end
+iis_config_property 'Set X-Xss-Protection' do
+  ps_path   'MACHINE/WEBROOT/APPHOST'
+  filter    "system.webServer/httpProtocol/customHeaders/add[@name='X-Xss-Protection']"
+  property  'value'
+  value     '1; mode=block'
+end

test/integration/config_property/config_property_spec.rb

@@ -0,0 +1,19 @@
+# encoding: utf-8
+# copyright: 2018, Chef Software, Inc.
+# license: All rights reserved
+
+control 'config_property' do
+  title 'Check IIS properties are set'
+
+  describe powershell("(Get-WebConfigurationProperty -PSPath \"MACHINE/WEBROOT/APPHOST\" \
+                      -filter \"system.applicationHost/sites/siteDefaults/logfile\" \
+                      -Name \"directory\").value") do
+    its('stdout') { should eq "D:\\logs\r\n" }
+  end
+
+  describe powershell("(Get-WebConfigurationProperty -PSPath \"MACHINE/WEBROOT/APPHOST\" \
+                      -filter \"system.webServer/httpProtocol/customHeaders/add[@name='X-Xss-Protection']\" \
+                      -Name \"value\").value") do
+    its('stdout') { should eq "1; mode=block\r\n" }
+  end
+end