grdnrio · p0rkjello · Jun 7, 2019 · Jun 8, 2019 · Jun 13, 2019 · Jun 13, 2019
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 ## Windows Security Policy
 
+v0.3.10 (2019-07-09)
+--------------------------------
+- Add rollback action
+- Add [Registry Values] to template
+
 v0.3.9 (2018-06-01)
 --------------------------------
 - fixed typo in :import [\#28](https://github.com/grdnrio/windows-security-policy/pull/28)

diff --git a/README.md b/README.md
@@ -24,12 +24,14 @@ This resource makes use of the secedit.exe tool.
 - `:configure` - Applies configuration from a template to an existing SDB.
 - `:export` - Exports SDB settings to the local filesystem.
 - `:import` - Imports from a template into an SDB- can create a new SDB in the process.
+- `:rollback` - Create a rollback template for a configuration file.
 
 #### Properties
 
 - `policy_template` - Path to the template on the filesystem.
 - `database` - The security database (*.sdb) you wish to affect.
 - `log_location` - Location to write logs to.
+- `rollback_template` - Path to generate the rollback template.
 
 #### Examples
 

diff --git a/dependabot.yml b/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "bundler"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/metadata.rb b/metadata.rb
@@ -4,9 +4,9 @@
 license 'Apache-2.0'
 description 'Configures Windows security policy'
 long_description 'A helper cookbook that allows you to use attributes and custom resources to manage your local security policy on Windows.'
-version '0.3.9'
+version '0.3.10'
 supports 'windows'
-issues_url 'https://github.com/grdnrio/windows-security-policy/issues' if respond_to?(:issues_url)
-source_url 'https://github.com/grdnrio/windows-security-policy' if respond_to?(:source_url)
+# issues_url 'https://github.com/grdnrio/windows-security-policy/issues' if respond_to?(:issues_url)
+# source_url 'https://github.com/grdnrio/windows-security-policy' if respond_to?(:source_url)
 
 chef_version '>= 12'
diff --git a/resources/security_policy.rb b/resources/security_policy.rb
@@ -4,6 +4,7 @@
 
 property :policy_template, String, required: false, default: 'C:\Windows\security\templates\chefNewPolicy.inf'
 property :database, String, required: false, default: 'C:\Windows\security\database\chef.sdb'
+property :rollback_template, String, required: false, default: 'C:\Windows\security\templates\chefNewPolicy.rbk.inf'
 property :log_location, String, default: 'C:\Windows\security\logs\chef-secedit.log'
 
 action :configure do
@@ -15,7 +16,7 @@
     end
 
     execute 'Configure security database' do
-      command "Secedit /configure /db #{new_resource.database} /cfg #{new_resource.policy_template} /log #{new_resource.log_location}"
+      command "Secedit /configure /db #{new_resource.database} /cfg #{new_resource.policy_template} /log #{new_resource.log_location} /quiet"
       live_stream true
       action :run
     end
@@ -27,7 +28,7 @@
 action :export do
   if node['platform'] == 'windows'
     execute 'Export security database to inf file' do
-      command "Secedit /export /db #{new_resource.database} /cfg #{new_resource.policy_template} /log #{new_resource.log_location}"
+      command "Secedit /export /db #{new_resource.database} /cfg #{new_resource.policy_template} /log #{new_resource.log_location} /quiet"
       live_stream true
       action :run
     end
@@ -40,11 +41,30 @@
   if node['platform'] == 'windows'
     template new_resource.policy_template do
       source 'policy.inf.erb'
+      cookbook 'windows-security-policy'
       action :create
     end
 
     execute 'Import and create security database' do
-      command "Secedit /import /db #{new_resource.database} /cfg #{new_resource.policy_template} /log #{new_resource.log_location} /overwrite"
+      command "Secedit /import /db #{new_resource.database} /cfg #{new_resource.policy_template} /log #{new_resource.log_location} /overwrite /quiet"
+      live_stream true
+      action :run
+    end
+  else
+    Chef::Log.info "#{@current_resource} is only for a Windows platform"
+  end
+end
+
+action :rollback do
+  if node['platform'] == 'windows'
+    template new_resource.policy_template do
+      source 'policy.inf.erb'
+      cookbook 'windows-security-policy'
+      action :create
+    end
+
+    execute 'Generate rollback template' do
+      command "Secedit /generaterollback /cfg #{new_resource.policy_template} /rbk #{new_resource.rollback_template} /log #{new_resource.log_location} /quiet"
       live_stream true
       action :run
     end

diff --git a/templates/default/policy.inf.erb b/templates/default/policy.inf.erb
@@ -18,3 +18,10 @@ Revision=1
 <%= setting %> = <%= value %>
     <% end %>
 <% end %>
+
+[Registry Values]
+<% node['security_policy']['values'].each do |setting, value| %>
+    <% unless value.nil? -%>
+<%= setting %>=<%= value %>
+    <% end %>
+<% end %>
diff --git a/test/integration/default/tests.rb b/test/integration/default/tests.rb
@@ -7,5 +7,5 @@
 
 describe file('C:\Windows\security\templates\mySecurityPolicy.inf') do
   it { should exist }
-  its('content') { should include '[System Access]'}
+  its('content') { should include '[System Access]' }
 end