chef 11.4.4 → 11.6.0.hotfix.1

data/spec/integration/solo/solo_spec.rb

@@ -0,0 +1,41 @@
+require 'support/shared/integration/integration_helper'
+require 'chef/mixin/shell_out'
+
+describe "chef-solo" do
+  extend IntegrationSupport
+  include Chef::Mixin::ShellOut
+
+  context "with a no-op recipe in the run_list" do
+
+    when_the_repository "has a cookbook with a no-op recipe" do
+      directory 'cookbooks'
+      directory 'cookbooks/x'
+      directory 'cookbooks/x/recipes'
+      file 'cookbooks/x/metadata.rb', 'version "1.0.0"'
+      file 'cookbooks/x/recipes/default.rb', ''
+
+      before do
+        @chef_file_cache = Dir.mktmpdir('file_cache')
+      end
+
+      after do
+        FileUtils.rm_rf(@chef_file_cache) if @chef_file_cache
+      end
+
+      it "should complete with success" do
+        # prepare the solo config
+        directory 'config'
+        file 'config/solo.rb', <<EOM
+cookbook_path "#{File.join(@repository_dir, 'cookbooks')}"
+file_cache_path "#{@chef_file_cache}"
+EOM
+        config_file = canonicalize_path(File.join(@repository_dir, 'config', 'solo.rb'))
+
+        chef_dir = File.join(File.dirname(__FILE__), "..", "..", "..", "bin")
+        result = shell_out("chef-solo -c \"#{config_file}\" -o 'x::default' -l debug", :cwd => chef_dir)
+        result.error!
+      end
+
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -40,9 +40,25 @@ $:.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
 $:.unshift(File.expand_path("../lib", __FILE__))
 $:.unshift(File.dirname(__FILE__))
 
+if ENV["COVERAGE"]
+  require 'simplecov'
+  SimpleCov.start do
+    add_filter "/spec/"
+    add_group "Remote File", "remote_file"
+    add_group "Resources", "/resource/"
+    add_group "Providers", "/provider/"
+    add_group "Knife", "knife"
+  end
+end
+
 require 'chef'
 require 'chef/knife'
-Chef::Knife.load_commands
+
+Dir['lib/chef/knife/**/*.rb'].
+  map {|f| f.gsub('lib/', '') }.
+  map {|f| f.gsub(%r[\.rb$], '') }.
+  each {|f| require f }
+
 require 'chef/mixins'
 require 'chef/dsl'
 require 'chef/application'
@@ -64,8 +80,16 @@ require 'spec/support/platform_helpers'
 Dir["spec/support/**/*.rb"].
   reject { |f| f =~ %r{^spec/support/platforms} }.
   map { |f| f.gsub(%r{.rb$}, '') }.
+  map { |f| f.gsub(%r[spec/], '')}.
   each { |f| require f }
 
+
+OHAI_SYSTEM = Ohai::System.new
+OHAI_SYSTEM.require_plugin("os")
+OHAI_SYSTEM.require_plugin("platform")
+TEST_PLATFORM = OHAI_SYSTEM["platform"].dup.freeze
+TEST_PLATFORM_VERSION = OHAI_SYSTEM["platform_version"].dup.freeze
+
 RSpec.configure do |config|
   config.include(Matchers)
   config.filter_run :focus => true
@@ -77,15 +101,45 @@ RSpec.configure do |config|
   # Add jruby filters here
   config.filter_run_excluding :windows_only => true unless windows?
   config.filter_run_excluding :not_supported_on_win2k3 => true if windows_win2k3?
+  config.filter_run_excluding :not_supported_on_solaris => true if solaris?
+  config.filter_run_excluding :win2k3_only => true unless windows_win2k3?
   config.filter_run_excluding :windows64_only => true unless windows64?
   config.filter_run_excluding :windows32_only => true unless windows32?
+  config.filter_run_excluding :system_windows_service_gem_only => true unless system_windows_service_gem?
   config.filter_run_excluding :unix_only => true unless unix?
+  config.filter_run_excluding :supports_cloexec => true unless supports_cloexec?
+  config.filter_run_excluding :selinux_only => true unless selinux_enabled?
   config.filter_run_excluding :ruby_18_only => true unless ruby_18?
   config.filter_run_excluding :ruby_19_only => true unless ruby_19?
+  config.filter_run_excluding :ruby_gte_19_only => true unless ruby_gte_19?
+  config.filter_run_excluding :ruby_20_only => true unless ruby_20?
+  config.filter_run_excluding :ruby_gte_20_only => true unless ruby_gte_20?
   config.filter_run_excluding :requires_root => true unless ENV['USER'] == 'root'
   config.filter_run_excluding :requires_unprivileged_user => true if ENV['USER'] == 'root'
   config.filter_run_excluding :uses_diff => true unless has_diff?
 
+  running_platform_arch = `uname -m`.strip
+
+  config.filter_run_excluding :arch => lambda {|target_arch|
+    running_platform_arch != target_arch
+  }
+
+  # Functional Resource tests that are provider-specific:
+  # context "on platforms that use useradd", :provider => {:user => Chef::Provider::User::Useradd}} do #...
+  config.filter_run_excluding :provider => lambda {|criteria|
+    type, target_provider = criteria.first
+
+    platform = TEST_PLATFORM.dup
+    platform_version = TEST_PLATFORM_VERSION.dup
+
+    begin
+      provider_for_running_platform = Chef::Platform.find_provider(platform, platform_version, type)
+      provider_for_running_platform != target_provider
+    rescue ArgumentError # no provider for platform
+      true
+    end
+  }
+
   config.run_all_when_everything_filtered = true
   config.treat_symbols_as_metadata_keys_with_true_values = true
 end

data/spec/support/chef_helpers.rb

@@ -61,3 +61,35 @@ def has_diff?
     false
   end
 end
+
+# This is a helper to determine if the ruby in the PATH contains
+# win32/service gem. windows_service_manager tests create a windows
+# service that starts with the system ruby and requires this gem.
+def system_windows_service_gem?
+  windows_service_gem_check_command = "ruby -e 'require \"win32/daemon\"' > /dev/null 2>&1"
+  if defined?(Bundler)
+    Bundler.with_clean_env do
+      # This returns true if the gem can be loaded
+      system windows_service_gem_check_command
+    end
+  else
+    # This returns true if the gem can be loaded
+    system windows_service_gem_check_command
+  end
+end
+
+# This is a helper to canonicalize paths that we're using in the file
+# tests.
+def canonicalize_path(path)
+  windows? ? path.gsub('/', '\\') : path
+end
+
+# Check if a cmd exists on the PATH
+def which(cmd)
+  paths = ENV['PATH'].split(File::PATH_SEPARATOR) + [ '/bin', '/usr/bin', '/sbin', '/usr/sbin' ]
+  paths.each do |path|
+    filename = File.join(path, cmd)
+    return filename if File.executable?(filename)
+  end
+  false
+end

data/spec/support/platform_helpers.rb

@@ -1,3 +1,17 @@
+require 'fcntl'
+
+def ruby_gte_20?
+  RUBY_VERSION.to_f >= 2.0
+end
+
+def ruby_gte_19?
+  RUBY_VERSION.to_f >= 1.9
+end
+
+def ruby_20?
+  !!(RUBY_VERSION =~ /^2.0/)
+end
+
 def ruby_19?
   !!(RUBY_VERSION =~ /^1.9/)
 end
@@ -46,4 +60,30 @@ def freebsd?
   !!(RUBY_PLATFORM =~ /freebsd/)
 end
 
+def supports_cloexec?
+  Fcntl.const_defined?('F_SETFD') && Fcntl.const_defined?('FD_CLOEXEC')
+end
+
 DEV_NULL = windows? ? 'NUL' : '/dev/null'
+
+def selinux_enabled?
+  # This code is currently copied from lib/chef/util/selinux to make
+  # specs independent of product.
+  selinuxenabled_path = which("selinuxenabled")
+  if selinuxenabled_path
+    cmd = Mixlib::ShellOut.new(selinuxenabled_path, :returns => [0,1])
+    cmd_result = cmd.run_command
+    case cmd_result.exitstatus
+    when 1
+      return false
+    when 0
+      return true
+    else
+      raise RuntimeError, "Unknown exit code from command #{selinuxenabled_path}: #{cmd.exitstatus}"
+    end
+  else
+    # We assume selinux is not enabled if selinux utils are not
+    # installed.
+    return false
+  end
+end

data/spec/support/platforms/win32/spec_service.rb

@@ -0,0 +1,59 @@
+#
+# Author:: Serdar Sutay (<serdar@lambda.local>)
+# Copyright:: Copyright (c) 2013 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'win32/daemon'
+
+class SpecService < ::Win32::Daemon
+  def service_init
+    @test_service_file = "#{ENV['TMP']}/spec_service_file"
+  end
+
+  def service_main(*startup_parameters)
+    while running? do
+      if !File.exists?(@test_service_file)
+        File.open(@test_service_file, 'wb') do |f|
+          f.write("This file is created by SpecService")
+        end
+      end
+
+      sleep 1
+    end
+  end
+
+  ################################################################################
+  # Control Signal Callback Methods
+  ################################################################################
+
+  def service_stop
+  end
+
+  def service_pause
+  end
+
+  def service_resume
+  end
+
+  def service_shutdown
+  end
+end
+
+# To run this file as a service, it must be called as a script from within
+# the Windows Service framework.  In that case, kick off the main loop!
+if __FILE__ == $0
+  SpecService.mainloop
+end

data/spec/support/shared/functional/directory_resource.rb

@@ -63,6 +63,31 @@ shared_examples_for "a directory resource" do
         end
       end
     end
+
+    # Set up the context for security tests
+    def allowed_acl(sid, expected_perms)
+      [
+       ACE.access_allowed(sid, expected_perms[:specific]),
+       ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
+      ]
+    end
+
+    def denied_acl(sid, expected_perms)
+      [
+       ACE.access_denied(sid, expected_perms[:specific]),
+       ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
+      ]
+    end
+
+    def parent_inheritable_acls
+      dummy_directory_path = File.join(test_file_dir, "dummy_directory")
+      dummy_directory = FileUtils.mkdir_p(dummy_directory_path)
+      dummy_desc = get_security_descriptor(dummy_directory_path)
+      FileUtils.rm_rf(dummy_directory_path)
+      dummy_desc
+    end
+
+    it_behaves_like "a securable resource without existing target"
   end
 
   context "when the target directory exists" do
@@ -120,27 +145,29 @@ shared_examples_for "a directory resource" do
     end
   end
 
-  # Set up the context for security tests
-  def allowed_acl(sid, expected_perms)
-    [
-      ACE.access_allowed(sid, expected_perms[:specific]),
-      ACE.access_allowed(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
-    ]
+end
+
+shared_context Chef::Resource::Directory do
+  # We create the  directory than tmp to exercise different file
+  # deployment strategies more completely.
+  let(:test_file_dir) do
+    if windows?
+      File.join(ENV['systemdrive'], "test-dir")
+    else
+      File.join(CHEF_SPEC_DATA, "test-dir")
+    end
   end
 
-  def denied_acl(sid, expected_perms)
-    [
-      ACE.access_denied(sid, expected_perms[:specific]),
-      ACE.access_denied(sid, expected_perms[:generic], (Chef::ReservedNames::Win32::API::Security::INHERIT_ONLY_ACE | Chef::ReservedNames::Win32::API::Security::CONTAINER_INHERIT_ACE | Chef::ReservedNames::Win32::API::Security::OBJECT_INHERIT_ACE))
-    ]
+  let(:path) do
+    File.join(test_file_dir, make_tmpname(directory_base))
   end
 
-  it_behaves_like "a securable resource"
-end
+  before do
+    FileUtils::mkdir_p(test_file_dir)
+  end
 
-shared_context Chef::Resource::Directory do
-  let(:path) do
-    File.join(Dir.tmpdir, make_tmpname(directory_base))
+  after do
+    FileUtils::rm_rf(test_file_dir)
   end
 
   after(:each) do

data/spec/support/shared/functional/file_resource.rb

@@ -16,6 +16,51 @@
 # limitations under the License.
 #
 
+shared_context "deploying with move" do
+  before do
+    @original_atomic_update = Chef::Config[:file_atomic_update]
+    Chef::Config[:file_atomic_update] = true
+  end
+
+  after do
+    Chef::Config[:file_atomic_update] = @original_atomic_update
+  end
+end
+
+shared_context "deploying with copy" do
+  before do
+    @original_atomic_update = Chef::Config[:file_atomic_update]
+    Chef::Config[:file_atomic_update] = false
+  end
+
+  after do
+    Chef::Config[:file_atomic_update] = @original_atomic_update
+  end
+end
+
+shared_context "deploying via tmpdir" do
+  before do
+    @original_stage_via = Chef::Config[:file_staging_uses_destdir]
+    Chef::Config[:file_staging_uses_destdir] = false
+  end
+
+  after do
+    Chef::Config[:file_staging_uses_destdir] = @original_stage_via
+  end
+end
+
+shared_context "deploying via destdir" do
+  before do
+    @original_stage_via = Chef::Config[:file_staging_uses_destdir]
+    Chef::Config[:file_staging_uses_destdir] = true
+  end
+
+  after do
+    Chef::Config[:file_staging_uses_destdir] = @original_stage_via
+  end
+end
+
+
 shared_examples_for "a file with the wrong content" do
   before do
     # Assert starting state is as expected
@@ -46,6 +91,10 @@ shared_examples_for "a file with the wrong content" do
       it "is marked as updated by last action" do
         resource.should be_updated_by_last_action
       end
+
+      it "should restore the security contexts on selinux", :selinux_only do
+        selinux_security_context_restored?(path).should be_true
+      end
     end
 
     context "with backups disabled" do
@@ -58,6 +107,10 @@ shared_examples_for "a file with the wrong content" do
       it "should not attempt to backup the existing file if :backup == 0" do
         Dir.glob(backup_glob).size.should equal(0)
       end
+
+      it "should restore the security contexts on selinux", :selinux_only do
+        selinux_security_context_restored?(path).should be_true
+      end
     end
   end
 
@@ -74,6 +127,10 @@ shared_examples_for "a file with the wrong content" do
     it "is not marked as updated" do
       resource.should_not be_updated_by_last_action
     end
+
+    it "should restore the security contexts on selinux", :selinux_only do
+      selinux_security_context_restored?(path).should be_true
+    end
   end
 
   describe "when running action :delete" do
@@ -115,6 +172,10 @@ shared_examples_for "a file with the correct content" do
     it "is not marked as updated by last action" do
       resource.should_not be_updated_by_last_action
     end
+
+    it "should restore the security contexts on selinux", :selinux_only do
+      selinux_security_context_restored?(path).should be_true
+    end
   end
 
   describe "when running action :create_if_missing" do
@@ -129,6 +190,10 @@ shared_examples_for "a file with the correct content" do
     it "is not marked as updated by last action" do
       resource.should_not be_updated_by_last_action
     end
+
+    it "should restore the security contexts on selinux", :selinux_only do
+      selinux_security_context_restored?(path).should be_true
+    end
   end
 
   describe "when running action :delete" do
@@ -147,6 +212,122 @@ shared_examples_for "a file with the correct content" do
 end
 
 shared_examples_for "a file resource" do
+  describe "when deploying with :move" do
+
+    include_context "deploying with move"
+
+    describe "when deploying via tmpdir" do
+
+      include_context "deploying via tmpdir"
+
+      it_behaves_like "a configured file resource"
+    end
+
+    describe "when deploying via destdir" do
+
+      include_context "deploying via destdir"
+
+      it_behaves_like "a configured file resource"
+    end
+  end
+
+  describe "when deploying with :copy" do
+
+    include_context "deploying with copy"
+
+    describe "when deploying via tmpdir" do
+
+      include_context "deploying via tmpdir"
+
+      it_behaves_like "a configured file resource"
+    end
+
+    describe "when deploying via destdir" do
+
+      include_context "deploying via destdir"
+
+      it_behaves_like "a configured file resource"
+    end
+  end
+
+  describe "when running under why run" do
+
+    before do
+      Chef::Config[:why_run] = true
+    end
+
+    after do
+      Chef::Config[:why_run] = false
+    end
+
+    context "and the resource has a path with a missing intermediate directory" do
+      # CHEF-3978
+
+      let(:path) do
+        File.join(test_file_dir, "intermediate_dir", make_tmpname(file_base))
+      end
+
+      it "successfully doesn't create the file" do
+        resource.run_action(:create) # should not raise
+        File.should_not exist(path)
+      end
+    end
+
+  end
+
+  describe "when setting atomic_update" do
+    it "booleans should work" do
+      lambda {resource.atomic_update(true)}.should_not raise_error
+      lambda {resource.atomic_update(false)}.should_not raise_error
+    end
+
+    it "anything else should raise an error" do
+      lambda {resource.atomic_update(:copy)}.should raise_error(ArgumentError)
+      lambda {resource.atomic_update(:move)}.should raise_error(ArgumentError)
+      lambda {resource.atomic_update(958)}.should raise_error(ArgumentError)
+    end
+  end
+
+end
+
+shared_examples_for "file resource not pointing to a real file" do
+  def symlink?(file_path)
+    if windows?
+      Chef::ReservedNames::Win32::File.symlink?(file_path)
+    else
+      File.symlink?(file_path)
+    end
+  end
+
+  def real_file?(file_path)
+    !symlink?(file_path) && File.file?(file_path)
+  end
+
+  describe "when force_unlink is set to true" do
+    it ":create unlinks the target" do
+      real_file?(path).should be_false
+      resource.force_unlink(true)
+      resource.run_action(:create)
+      real_file?(path).should be_true
+      binread(path).should == expected_content
+      resource.should be_updated_by_last_action
+    end
+  end
+
+  describe "when force_unlink is set to false" do
+    it ":create raises an error" do
+      lambda {resource.run_action(:create) }.should raise_error(Chef::Exceptions::FileTypeMismatch)
+    end
+  end
+
+  describe "when force_unlink is not set (default)" do
+    it ":create raises an error" do
+      lambda {resource.run_action(:create) }.should raise_error(Chef::Exceptions::FileTypeMismatch)
+    end
+  end
+end
+
+shared_examples_for "a configured file resource" do
 
   include_context "diff disabled"
 
@@ -155,7 +336,7 @@ shared_examples_for "a file resource" do
   end
 
    # note the stripping of the drive letter from the tmpdir on windows
-  let(:backup_glob) { File.join(CHEF_SPEC_BACKUP_PATH, Dir.tmpdir.sub(/^([A-Za-z]:)/, ""), "#{file_base}*") }
+  let(:backup_glob) { File.join(CHEF_SPEC_BACKUP_PATH, test_file_dir.sub(/^([A-Za-z]:)/, ""), "#{file_base}*") }
 
   # Most tests update the resource, but a few do not. We need to test that the
   # resource is marked updated or not correctly, but the test contexts are
@@ -164,6 +345,17 @@ shared_examples_for "a file resource" do
   # and permissions are correct.
   let(:expect_updated?) { true }
 
+  include Chef::Mixin::ShellOut
+
+  def selinux_security_context_restored?(path)
+    @restorecon_path = which("restorecon") if @restorecon_path.nil?
+    restorecon_test_command = "#{@restorecon_path} -n -v #{path}"
+    cmdresult = shell_out(restorecon_test_command)
+    # restorecon will print the required changes to stdout if any is
+    # needed
+    cmdresult.stdout.empty?
+  end
+
   def binread(file)
     content = File.open(file, "rb") do |f|
       f.read
@@ -172,6 +364,398 @@ shared_examples_for "a file resource" do
     content
   end
 
+  context "when the target file is a symlink", :not_supported_on_win2k3 do
+    let(:symlink_target) {
+      File.join(CHEF_SPEC_DATA, "file-test-target")
+    }
+
+
+    describe "when configured not to manage symlink's target" do
+      before(:each) do
+        # configure not to manage symlink source
+        resource.manage_symlink_source(false)
+
+        # create symlinks for test context
+        FileUtils.touch(symlink_target)
+
+        if windows?
+          Chef::ReservedNames::Win32::File.symlink(symlink_target, path)
+        else
+          File.symlink(symlink_target, path)
+        end
+      end
+
+      after(:each) do
+        FileUtils.rm_rf(symlink_target)
+        FileUtils.rm_rf(path)
+      end
+
+      describe "when symlink target has correct content" do
+        before(:each) do
+          File.open(symlink_target, "wb") { |f| f.print expected_content }
+        end
+
+        it_behaves_like "file resource not pointing to a real file"
+      end
+
+      describe "when symlink target has the wrong content" do
+        before(:each) do
+          File.open(symlink_target, "wb") { |f| f.print "This is so wrong!!!" }
+        end
+
+        after(:each) do
+          # symlink should never be followed
+          binread(symlink_target).should == "This is so wrong!!!"
+        end
+
+        it_behaves_like "file resource not pointing to a real file"
+      end
+    end
+
+    # Unix-only for now. Windows behavior may differ because of how ACL
+    # management handles symlinks. Since symlinks are rare on Windows and this
+    # feature primarily exists to support the case where a well-known file
+    # (e.g., resolv.conf) has been converted to a symlink, we're okay with the
+    # discrepancy.
+    context "when configured to manage the symlink source", :unix_only do
+
+      before do
+        resource.manage_symlink_source(true)
+      end
+
+      context "but the symlink is part of a loop" do
+        let(:link1_path) { File.join(CHEF_SPEC_DATA, "points-to-link2") }
+        let(:link2_path) { File.join(CHEF_SPEC_DATA, "points-to-link1") }
+
+        before do
+          # point resource at link1:
+          resource.path(link1_path)
+          # create symlinks for test context
+          File.symlink(link1_path, link2_path)
+          File.symlink(link2_path, link1_path)
+        end
+
+        after(:each) do
+          FileUtils.rm_rf(link1_path)
+          FileUtils.rm_rf(link2_path)
+        end
+
+        it "raises an InvalidSymlink error" do
+          lambda { resource.run_action(:create) }.should raise_error(Chef::Exceptions::InvalidSymlink)
+        end
+
+        it "issues a warning/assumption in whyrun mode" do
+          begin
+            Chef::Config[:why_run] = true
+            resource.run_action(:create) # should not raise
+          ensure
+            Chef::Config[:why_run] = false
+          end
+        end
+      end
+
+      context "but the symlink points to a nonexistent file" do
+        let(:link_path) { File.join(CHEF_SPEC_DATA, "points-to-nothing") }
+        let(:not_existent_source) { File.join(CHEF_SPEC_DATA, "i-am-not-here") }
+
+        before do
+          resource.path(link_path)
+          # create symlinks for test context
+          File.symlink(not_existent_source, link_path)
+          FileUtils.rm_rf(not_existent_source)
+        end
+
+        after(:each) do
+          FileUtils.rm_rf(link_path)
+        end
+        it "raises an InvalidSymlink error" do
+          lambda { resource.run_action(:create) }.should raise_error(Chef::Exceptions::InvalidSymlink)
+        end
+
+        it "issues a warning/assumption in whyrun mode" do
+          begin
+            Chef::Config[:why_run] = true
+            resource.run_action(:create) # should not raise
+          ensure
+            Chef::Config[:why_run] = false
+          end
+        end
+      end
+
+      context "but the symlink is points to a non-file fs entry" do
+        let(:link_path) { File.join(CHEF_SPEC_DATA, "points-to-dir") }
+        let(:not_a_file_path) { File.join(CHEF_SPEC_DATA, "dir-at-end-of-symlink") }
+
+        before do
+          # point resource at link1:
+          resource.path(link_path)
+          # create symlinks for test context
+          File.symlink(not_a_file_path, link_path)
+          Dir.mkdir(not_a_file_path)
+        end
+
+        after(:each) do
+          FileUtils.rm_rf(link_path)
+          FileUtils.rm_rf(not_a_file_path)
+        end
+
+        it "raises an InvalidSymlink error" do
+          lambda { resource.run_action(:create) }.should raise_error(Chef::Exceptions::FileTypeMismatch)
+        end
+
+        it "issues a warning/assumption in whyrun mode" do
+          begin
+            Chef::Config[:why_run] = true
+            resource.run_action(:create) # should not raise
+          ensure
+            Chef::Config[:why_run] = false
+          end
+        end
+      end
+
+      context "when the symlink source is a real file" do
+
+        let(:wrong_content) { "this is the wrong content" }
+        let(:link_path) { File.join(CHEF_SPEC_DATA, "points-to-real-file") }
+
+        before do
+          # point resource at link:
+          resource.path(link_path)
+          # create symlinks for test context
+          File.symlink(path, link_path)
+        end
+
+        after(:each) do
+          # shared examples should not change our test setup of a file resource
+          # pointing at a symlink:
+          resource.path.should == link_path
+          FileUtils.rm_rf(link_path)
+        end
+
+        context "and the permissions are incorrect" do
+          before do
+            # Create source (real) file
+            File.open(path, "wb") { |f| f.write(expected_content) }
+          end
+
+
+          include_context "setup broken permissions"
+
+          include_examples "a securable resource with existing target"
+
+          it "does not replace the symlink with a real file" do
+            resource.run_action(:create)
+            File.should be_symlink(link_path)
+          end
+
+        end
+
+        context "and the content is incorrect" do
+          before do
+            # Create source (real) file
+            File.open(path, "wb") { |f| f.write(wrong_content) }
+          end
+
+          it "updates the source file content" do
+            pending
+          end
+
+          it "marks the resource as updated" do
+            resource.run_action(:create)
+            resource.should be_updated_by_last_action
+          end
+
+          it "does not replace the symlink with a real file" do
+            resource.run_action(:create)
+            File.should be_symlink(link_path)
+          end
+        end
+
+        context "and the content and permissions are correct" do
+          let(:expect_updated?) { false }
+
+          before do
+            # Create source (real) file
+            File.open(path, "wb") { |f| f.write(expected_content) }
+          end
+          include_context "setup correct permissions"
+
+          include_examples "a securable resource with existing target"
+
+        end
+
+      end
+
+      context "when the symlink points to a symlink which points to a real file" do
+
+        let(:wrong_content) { "this is the wrong content" }
+        let(:link_to_file_path) { File.join(CHEF_SPEC_DATA, "points-to-real-file") }
+        let(:link_to_link_path) { File.join(CHEF_SPEC_DATA, "points-to-next-link") }
+
+        before do
+          # point resource at link:
+          resource.path(link_to_link_path)
+          # create symlinks for test context
+          File.symlink(path, link_to_file_path)
+          File.symlink(link_to_file_path, link_to_link_path)
+
+          # Create source (real) file
+          File.open(path, "wb") { |f| f.write(wrong_content) }
+        end
+
+        include_context "setup broken permissions"
+
+        include_examples "a securable resource with existing target"
+
+        after(:each) do
+          # shared examples should not change our test setup of a file resource
+          # pointing at a symlink:
+          resource.path.should == link_to_link_path
+          FileUtils.rm_rf(link_to_file_path)
+          FileUtils.rm_rf(link_to_link_path)
+        end
+
+        it "does not replace the symlink with a real file" do
+          resource.run_action(:create)
+          File.should be_symlink(link_to_link_path)
+          File.should be_symlink(link_to_file_path)
+        end
+
+      end
+    end
+  end
+
+  context "when the target file is a directory" do
+    before(:each) do
+      FileUtils.mkdir_p(path)
+    end
+
+    after(:each) do
+      FileUtils.rm_rf(path)
+    end
+
+    it_behaves_like "file resource not pointing to a real file"
+  end
+
+  context "when the target file is a blockdev",:unix_only, :requires_root, :not_supported_on_solaris do
+    include Chef::Mixin::ShellOut
+    let(:path) do
+      File.join(CHEF_SPEC_DATA, "testdev")
+    end
+
+    before(:each) do
+      result = shell_out("mknod #{path} b 1 2")
+      result.stderr.empty?
+    end
+
+    after(:each) do
+      FileUtils.rm_rf(path)
+    end
+
+    it_behaves_like "file resource not pointing to a real file"
+  end
+
+  context "when the target file is a chardev",:unix_only, :requires_root, :not_supported_on_solaris do
+    include Chef::Mixin::ShellOut
+    let(:path) do
+      File.join(CHEF_SPEC_DATA, "testdev")
+    end
+
+    before(:each) do
+      result = shell_out("mknod #{path} c 1 2")
+      result.stderr.empty?
+    end
+
+    after(:each) do
+      FileUtils.rm_rf(path)
+    end
+
+    it_behaves_like "file resource not pointing to a real file"
+  end
+
+  context "when the target file is a pipe",:unix_only do
+    include Chef::Mixin::ShellOut
+    let(:path) do
+      File.join(CHEF_SPEC_DATA, "testpipe")
+    end
+
+    before(:each) do
+      result = shell_out("mkfifo #{path}")
+      result.stderr.empty?
+    end
+
+    after(:each) do
+      FileUtils.rm_rf(path)
+    end
+
+    it_behaves_like "file resource not pointing to a real file"
+  end
+
+  context "when the target file is a socket",:unix_only do
+    require 'socket'
+
+    # It turns out that the path to a socket can have at most ~104
+    # bytes. Therefore we are creating our sockets in tmpdir so that
+    # they have a shorter path.
+    let(:test_socket_dir) { File.join(Dir.tmpdir, "sockets") }
+
+    before do
+      FileUtils::mkdir_p(test_socket_dir)
+    end
+
+    after do
+      FileUtils::rm_rf(test_socket_dir)
+    end
+
+    let(:path) do
+      File.join(test_socket_dir, "testsocket")
+    end
+
+    before(:each) do
+      path.bytesize.should <= 104
+      UNIXServer.new(path)
+    end
+
+    after(:each) do
+      FileUtils.rm_rf(path)
+    end
+
+    it_behaves_like "file resource not pointing to a real file"
+  end
+
+  # Regression test for http://tickets.opscode.com/browse/CHEF-4082
+  context "when notification is configured" do
+    describe "when path is specified with normal seperator" do
+      before do
+        @notified_resource = Chef::Resource.new("punk", resource.run_context)
+        resource.notifies(:run, @notified_resource, :immediately)
+        resource.run_action(:create)
+      end
+
+      it "should notify the other resources correctly" do
+        resource.should be_updated_by_last_action
+        resource.run_context.immediate_notifications(resource).length.should == 1
+      end
+    end
+
+    describe "when path is specified with windows seperator", :windows_only do
+      let(:path) {
+        File.join(test_file_dir, make_tmpname(file_base)).gsub(::File::SEPARATOR, ::File::ALT_SEPARATOR)
+      }
+
+      before do
+        @notified_resource = Chef::Resource.new("punk", resource.run_context)
+        resource.notifies(:run, @notified_resource, :immediately)
+        resource.run_action(:create)
+      end
+
+      it "should notify the other resources correctly" do
+        resource.should be_updated_by_last_action
+        resource.run_context.immediate_notifications(resource).length.should == 1
+      end
+    end
+  end
+
   context "when the target file does not exist" do
     before do
       # Assert starting state is expected
@@ -194,6 +778,10 @@ shared_examples_for "a file resource" do
       it "is marked as updated by last action" do
         resource.should be_updated_by_last_action
       end
+
+      it "should restore the security contexts on selinux", :selinux_only do
+        selinux_security_context_restored?(path).should be_true
+      end
     end
 
     describe "when running action :create_if_missing" do
@@ -208,6 +796,10 @@ shared_examples_for "a file resource" do
       it "is marked as updated by last action" do
         resource.should be_updated_by_last_action
       end
+
+      it "should restore the security contexts on selinux", :selinux_only do
+        selinux_security_context_restored?(path).should be_true
+      end
     end
 
     describe "when running action :delete" do
@@ -234,6 +826,15 @@ shared_examples_for "a file resource" do
     [ ACE.access_denied(sid, expected_perms[:specific]) ]
   end
 
+  def parent_inheritable_acls
+    dummy_file_path = File.join(test_file_dir, "dummy_file")
+    FileUtils.touch(dummy_file_path)
+    dummy_desc = get_security_descriptor(dummy_file_path)
+    FileUtils.rm_rf(dummy_file_path)
+    dummy_desc
+  end
+
+  it_behaves_like "a securable resource without existing target"
 
   context "when the target file has the wrong content" do
     before(:each) do
@@ -250,7 +851,7 @@ shared_examples_for "a file resource" do
 
       it_behaves_like "a file with the wrong content"
 
-      it_behaves_like "a securable resource"
+      it_behaves_like "a securable resource with existing target"
     end
 
     context "and the target file has incorrect permissions" do
@@ -258,7 +859,7 @@ shared_examples_for "a file resource" do
 
       it_behaves_like "a file with the wrong content"
 
-      it_behaves_like "a securable resource"
+      it_behaves_like "a securable resource with existing target"
     end
   end
 
@@ -282,46 +883,86 @@ shared_examples_for "a file resource" do
 
       it_behaves_like "a file with the correct content"
 
-      it_behaves_like "a securable resource"
+      it_behaves_like "a securable resource with existing target"
     end
 
     context "and the target file has incorrect permissions" do
       include_context "setup broken permissions"
 
       it_behaves_like "a file with the correct content"
-  
-      it_behaves_like "a securable resource"
+
+      it_behaves_like "a securable resource with existing target"
     end
   end
 
-  it_behaves_like "a file that inherits permissions from a parent directory"
-  
-end
+  # Regression test for http://tickets.opscode.com/browse/CHEF-4419
+  context "when the path starts with '/' and target file exists", :windows_only do
+    let(:path) do
+      File.join(test_file_dir[2..test_file_dir.length], make_tmpname(file_base))
+    end
 
-shared_examples_for "a file that inherits permissions from a parent directory" do
-  include_context "diff disabled"
-  include_context "use Windows permissions"
-  context "on Windows", :windows_only do
-    it "has only inherited aces if no explicit aces were specified" do
-      File.exist?(path).should == false
+    before do
+      File.open(path, "wb") { |f| f.print expected_content }
+      now = Time.now.to_i
+      File.utime(now - 9000, now - 9000, path)
 
-      resource.run_action(:create)
+      @expected_mtime = File.stat(path).mtime
+      @expected_checksum = sha256_checksum(path)
+    end
+
+    describe ":create action should run without any updates" do
+      before do
+        # Assert starting state is as expected
+        File.should exist(path)
+        sha256_checksum(path).should == @expected_checksum
+        resource.run_action(:create)
+      end
 
-      descriptor.dacl_inherits?.should == true
-      descriptor.dacl.each do | ace |
-        ace.inherited?.should == true
+      it "does not overwrite the original when the :create action is run" do
+        sha256_checksum(path).should == @expected_checksum
+      end
+
+      it "does not update the mtime of the file when the :create action is run" do
+        File.stat(path).mtime.should == @expected_mtime
+      end
+
+      it "is not marked as updated by last action" do
+        resource.should_not be_updated_by_last_action
       end
     end
   end
+
 end
 
 shared_context Chef::Resource::File  do
+  if windows?
+    require 'chef/win32/file'
+  end
+
+  # We create the files in a different directory than tmp to exercise
+  # different file deployment strategies more completely.
+  let(:test_file_dir) do
+    if windows?
+      File.join(ENV['systemdrive'], "test-dir")
+    else
+      File.join(CHEF_SPEC_DATA, "test-dir")
+    end
+  end
+
   let(:path) do
-    File.join(Dir.tmpdir, make_tmpname(file_base))
+    File.join(test_file_dir, make_tmpname(file_base))
+  end
+
+  before do
+    FileUtils::mkdir_p(test_file_dir)
   end
 
   after(:each) do
     FileUtils.rm_r(path) if File.exists?(path)
     FileUtils.rm_r(CHEF_SPEC_BACKUP_PATH) if File.exists?(CHEF_SPEC_BACKUP_PATH)
   end
+
+  after do
+    FileUtils::rm_rf(test_file_dir)
+  end
 end