chef 12.18.31-universal-mingw32 → 12.19.33-universal-mingw32

data/spec/unit/provider/package_spec.rb

@@ -517,6 +517,10 @@ describe "Subclass with use_multipackage_api" do
   end
 
   context "#a_to_s utility for subclasses" do
+    before(:each) do
+      Chef::Config[:treat_deprecation_warnings_as_errors] = false
+    end
+
     it "converts varargs of strings to a single string" do
       expect(provider.send(:a_to_s, "a", nil, "b", "", "c", " ", "d e", "f-g")).to eq("a b c   d e f-g")
     end
@@ -906,6 +910,10 @@ describe "Chef::Provider::Package - Multi" do
   end
 
   describe "shell_out helpers" do
+    before(:each) do
+      Chef::Config[:treat_deprecation_warnings_as_errors] = false
+    end
+
     [ :shell_out_with_timeout, :shell_out_with_timeout! ].each do |method|
       stubbed_method = method == :shell_out_with_timeout! ? :shell_out! : :shell_out
       [ %w{command arg1 arg2}, "command arg1 arg2" ].each do |command|

data/spec/unit/provider/remote_file/sftp_spec.rb

@@ -117,7 +117,7 @@ describe Chef::Provider::RemoteFile::SFTP do
     end
 
     context "and the URI specifies an alternate port" do
-      let(:uri) { URI.parse("ftp://conan:cthu1hu@opscode.com:8021/seattle.txt") }
+      let(:uri) { URI.parse("sftp://conan:cthu1hu@opscode.com:8021/seattle.txt") }
 
       it "should connect on an alternate port when one is provided" do
         expect(Net::SFTP).to receive(:start).with("opscode.com:8021", "conan", :password => "cthu1hu")
@@ -127,10 +127,10 @@ describe Chef::Provider::RemoteFile::SFTP do
     end
 
     context "and the uri specifies a nested path" do
-      let(:uri) { URI.parse("ftp://conan:cthu1hu@opscode.com/the/whole/path/seattle.txt") }
+      let(:uri) { URI.parse("sftp://conan:cthu1hu@opscode.com/the/whole/path/seattle.txt") }
 
       it "should fetch the file from the correct path" do
-        expect(sftp).to receive(:download!).with("the/whole/path/seattle.txt", "/tmp/somedir/remote-file-sftp-backend-spec-test")
+        expect(sftp).to receive(:download!).with("/the/whole/path/seattle.txt", "/tmp/somedir/remote-file-sftp-backend-spec-test")
         fetcher.fetch
       end
     end

data/spec/unit/provider/route_spec.rb

@@ -230,13 +230,19 @@ describe Chef::Provider::Route do
       @run_context.resource_collection << Chef::Resource::Route.new("192.168.1.0/24 via 192.168.0.1")
       @run_context.resource_collection << Chef::Resource::Route.new("192.168.2.0/24 via 192.168.0.1")
       @run_context.resource_collection << Chef::Resource::Route.new("192.168.3.0/24 via 192.168.0.1")
+      @run_context.resource_collection << Chef::Resource::Route.new("Complex Route").tap do |r|
+        r.target "192.168.4.0"
+        r.gateway "192.168.0.1"
+        r.netmask "255.255.255.0"
+      end
 
       @provider.action = :add
       @provider.generate_config
-      expect(route_file.string.split("\n").size).to eq(3)
+      expect(route_file.string.split("\n").size).to eq(4)
       expect(route_file.string).to match(/^192\.168\.1\.0\/24 via 192\.168\.0\.1$/)
       expect(route_file.string).to match(/^192\.168\.2\.0\/24 via 192\.168\.0\.1$/)
       expect(route_file.string).to match(/^192\.168\.3\.0\/24 via 192\.168\.0\.1$/)
+      expect(route_file.string).to match(/^192\.168\.4\.0\/24 via 192\.168\.0\.1$/)
     end
   end
 end

data/spec/unit/provider/script_spec.rb

@@ -56,12 +56,55 @@ describe Chef::Provider::Script, "action_run" do
     end
   end
 
-  context "#set_owner_and_group" do
-    it "sets the owner and group for the script file" do
-      new_resource.user "toor"
-      new_resource.group "wheel"
-      expect(FileUtils).to receive(:chown).with("toor", "wheel", tempfile.path)
-      provider.set_owner_and_group
+  context "when configuring the script file's security" do
+    context "when not running on Windows" do
+      before do
+        allow(::Chef::Platform).to receive(:windows?).and_return(false)
+      end
+      context "#set_owner_and_group" do
+        it "sets the owner and group for the script file" do
+          new_resource.user "toor"
+          new_resource.group "wheel"
+          expect(FileUtils).to receive(:chown).with("toor", "wheel", tempfile.path)
+          provider.set_owner_and_group
+        end
+      end
+    end
+
+    context "when running on Windows" do
+      before do
+        allow(::Chef::Platform).to receive(:windows?).and_return(true)
+        expect(new_resource.user).to eq(nil)
+        stub_const("Chef::ReservedNames::Win32::API::Security::GENERIC_READ", 1)
+        stub_const("Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE", 4)
+        stub_const("Chef::ReservedNames::Win32::Security", Class.new)
+        stub_const("Chef::ReservedNames::Win32::Security::SecurableObject", Class.new)
+        stub_const("Chef::ReservedNames::Win32::Security::SID", Class.new)
+        stub_const("Chef::ReservedNames::Win32::Security::ACE", Class.new)
+        stub_const("Chef::ReservedNames::Win32::Security::ACL", Class.new)
+      end
+
+      context "when an alternate user is not specified" do
+        it "does not attempt to set the script file's security descriptor" do
+          expect(provider).to receive(:grant_alternate_user_read_access)
+          expect(Chef::ReservedNames::Win32::Security::SecurableObject).not_to receive(:new)
+          provider.set_owner_and_group
+        end
+      end
+
+      context "when an alternate user is specified" do
+        let(:security_descriptor) { instance_double("Chef::ReservedNames::Win32::Security::SecurityDescriptor", :dacl => []) }
+        let(:securable_object) { instance_double("Chef::ReservedNames::Win32::Security::SecurableObject", :security_descriptor => security_descriptor, :dacl= => nil) }
+        it "sets the script file's security descriptor" do
+          new_resource.user("toor")
+          expect(Chef::ReservedNames::Win32::Security::SecurableObject).to receive(:new).and_return(securable_object)
+          expect(Chef::ReservedNames::Win32::Security::SID).to receive(:from_account).and_return(nil)
+          expect(Chef::ReservedNames::Win32::Security::ACE).to receive(:access_allowed).and_return(nil)
+          expect(Chef::ReservedNames::Win32::Security::ACL).to receive(:create).and_return(nil)
+          expect(securable_object).to receive(:dacl=)
+          provider.set_owner_and_group
+        end
+      end
     end
   end
 

data/spec/unit/resource/dsc_resource_spec.rb

@@ -18,6 +18,7 @@
 require "spec_helper"
 describe Chef::Resource::DscResource do
   let(:dsc_test_resource_name) { "DSCTest" }
+  let(:dsc_test_resource_module_version) { "2.7.2" }
   let(:dsc_test_property_name) { :DSCTestProperty }
   let(:dsc_test_property_value) { "DSCTestValue" }
   let(:dsc_test_reboot_action) { :reboot_now }
@@ -53,6 +54,11 @@ describe Chef::Resource::DscResource do
       expect(dsc_test_resource.module_name).to eq(dsc_test_resource_name)
     end
 
+    it "allows the module_version attribute to be set" do
+      dsc_test_resource.module_version(dsc_test_resource_module_version)
+      expect(dsc_test_resource.module_version).to eq(dsc_test_resource_module_version)
+    end
+
     it "allows the reboot_action attribute to be set" do
       dsc_test_resource.reboot_action(dsc_test_reboot_action)
       expect(dsc_test_resource.reboot_action).to eq(dsc_test_reboot_action)

data/spec/unit/resource/execute_spec.rb

@@ -32,4 +32,218 @@ describe Chef::Resource::Execute do
     expect(execute_resource.is_guard_interpreter).to eq(false)
   end
 
+  describe "#qualify_user" do
+    let(:password) { "password" }
+    let(:domain) { nil }
+
+    context "when username is passed as user@domain" do
+      let(:username) { "user@domain" }
+
+      it "correctly parses the user and domain" do
+        identity = execute_resource.qualify_user(username, password, domain)
+        expect(identity[:domain]).to eq("domain")
+        expect(identity[:user]).to eq("user")
+      end
+    end
+
+    context "when username is passed as domain\\user" do
+      let(:username) { "domain\\user" }
+
+      it "correctly parses the user and domain" do
+        identity = execute_resource.qualify_user(username, password, domain)
+        expect(identity[:domain]).to eq("domain")
+        expect(identity[:user]).to eq("user")
+      end
+    end
+  end
+
+  shared_examples_for "it received valid credentials" do
+    describe "the validation method" do
+      it "should not raise an error" do
+        expect { execute_resource.validate_identity_platform(username, password, domain) }.not_to raise_error
+      end
+    end
+
+    describe "the name qualification method" do
+      it "should correctly translate the user and domain" do
+        identity = nil
+        expect { identity = execute_resource.qualify_user(username, password, domain) }.not_to raise_error
+        expect(identity[:domain]).to eq(domain)
+        expect(identity[:user]).to eq(username)
+      end
+    end
+  end
+
+  shared_examples_for "it received invalid credentials" do
+    describe "the validation method" do
+      it "should raise an error" do
+        expect { execute_resource.validate_identity_platform(username, password, domain) }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  shared_examples_for "it received invalid username and domain" do
+    describe "the validation method" do
+      it "should raise an error" do
+        expect { execute_resource.qualify_user(username, password, domain) }.to raise_error(ArgumentError)
+      end
+    end
+  end
+
+  shared_examples_for "it received credentials that are not valid on the platform" do
+    describe "the validation method" do
+      it "should raise an error" do
+        expect { execute_resource.validate_identity_platform(username, password, domain) }.to raise_error(Chef::Exceptions::UnsupportedPlatform)
+      end
+    end
+  end
+
+  shared_examples_for "a consumer of the Execute resource" do
+    context "when running on Windows" do
+      before do
+        allow(execute_resource).to receive(:node).and_return({ :platform_family => "windows" })
+      end
+
+      context "when no user, domain, or password is specified" do
+        let(:username) { nil }
+        let(:domain) { nil }
+        let(:password) { nil }
+        it_behaves_like "it received valid credentials"
+      end
+
+      context "when a valid username is specified" do
+        let(:username) { "starchild" }
+        context "when a valid domain is specified" do
+          let(:domain) { "mothership" }
+
+          context "when the password is not specified" do
+            let(:password) { nil }
+            it_behaves_like "it received invalid credentials"
+          end
+
+          context "when the password is specified" do
+            let(:password) { "we.funk!" }
+            it_behaves_like "it received valid credentials"
+          end
+        end
+
+        context "when the domain is not specified" do
+          let(:domain) { nil }
+
+          context "when the password is not specified" do
+            let(:password) { nil }
+            it_behaves_like "it received invalid credentials"
+          end
+
+          context "when the password is specified" do
+            let(:password) { "we.funk!" }
+            it_behaves_like "it received valid credentials"
+          end
+        end
+
+        context "when username is not specified" do
+          let(:username) { nil }
+
+          context "when domain is specified" do
+            let(:domain) { "mothership" }
+            let(:password) { nil }
+            it_behaves_like "it received invalid username and domain"
+          end
+
+          context "when password is specified" do
+            let(:domain) { nil }
+            let(:password) { "we.funk!" }
+            it_behaves_like "it received invalid username and domain"
+          end
+        end
+      end
+
+      context "when invalid username is specified" do
+        let(:username) { "user@domain@domain" }
+        let(:domain) { nil }
+        let(:password) { "we.funk!" }
+        it_behaves_like "it received invalid username and domain"
+      end
+
+      context "when the domain is provided in both username and domain" do
+        let(:domain) { "some_domain" }
+        let(:password) { "we.funk!" }
+
+        context "when username is in the form domain\\user" do
+          let(:username) { "mothership\\starchild" }
+          it_behaves_like "it received invalid username and domain"
+        end
+
+        context "when username is in the form user@domain" do
+          let(:username) { "starchild@mothership" }
+          it_behaves_like "it received invalid username and domain"
+        end
+      end
+    end
+
+    context "when not running on Windows" do
+      before do
+        allow(execute_resource).to receive(:node).and_return({ :platform_family => "ubuntu" })
+      end
+
+      context "when no user, domain, or password is specified" do
+        let(:username) { nil }
+        let(:domain) { nil }
+        let(:password) { nil }
+        it_behaves_like "it received valid credentials"
+      end
+
+      context "when the user is specified and the domain and password are not" do
+        let(:username) { "starchild" }
+        let(:domain) { nil }
+        let(:password) { nil }
+        it_behaves_like "it received valid credentials"
+
+        context "when the password is specified and the domain is not" do
+          let(:password) { "we.funk!" }
+          let(:domain) { nil }
+          it_behaves_like "it received credentials that are not valid on the platform"
+        end
+
+        context "when the domain is specified and the password is not" do
+          let(:domain) { "mothership" }
+          let(:password) { nil }
+          it_behaves_like "it received credentials that are not valid on the platform"
+        end
+
+        context "when the domain and password are specified" do
+          let(:domain) { "mothership" }
+          let(:password) { "we.funk!" }
+          it_behaves_like "it received credentials that are not valid on the platform"
+        end
+      end
+
+      context "when the user is not specified" do
+        let(:username) { nil }
+        context "when the domain is specified" do
+          let(:domain) { "mothership" }
+          context "when the password is specified" do
+            let(:password) { "we.funk!" }
+            it_behaves_like "it received credentials that are not valid on the platform"
+          end
+
+          context "when password is not specified" do
+            let(:password) { nil }
+            it_behaves_like "it received credentials that are not valid on the platform"
+          end
+        end
+
+        context "when the domain is not specified" do
+          let(:domain) { nil }
+          context "when the password is specified" do
+            let(:password) { "we.funk!" }
+            it_behaves_like "it received credentials that are not valid on the platform"
+          end
+        end
+      end
+    end
+  end
+
+  it_behaves_like "a consumer of the Execute resource"
+
 end

data/spec/unit/resource/file/verification/systemd_unit_spec.rb

@@ -0,0 +1,103 @@
+#
+# Author:: Mal Graty (<mal.graty@googlemail.com>)
+# Copyright:: Copyright 2014-2017, Chef Software, Inc
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::File::Verification::SystemdUnit do
+  let(:command) { "#{systemd_analyze_path} verify %{path}" }
+  let(:opts) { { :future => true } }
+  let(:parent_resource) { Chef::Resource.new("llama") }
+  let(:systemd_analyze_path) { "/usr/bin/systemd-analyze" }
+  let(:systemd_dir) { "/etc/systemd/system" }
+  let(:temp_path) { "/tmp" }
+  let(:unit_name) { "sysstat-collect.timer" }
+  let(:unit_path) { "#{systemd_dir}/#{unit_name}" }
+  let(:unit_temp_path) { "#{systemd_dir}/.chef-#{unit_name}" }
+  let(:unit_test_path) { "#{temp_path}/#{unit_name}" }
+
+  describe "verification registration" do
+    it "registers itself for later use" do
+      expect(Chef::Resource::File::Verification.lookup(:systemd_unit)).to eq(Chef::Resource::File::Verification::SystemdUnit)
+    end
+  end
+
+  describe "#initialize" do
+    before(:each) do
+      allow_any_instance_of(Chef::Resource::File::Verification::SystemdUnit).to receive(:which)
+        .with("systemd-analyze")
+        .and_return(systemd_analyze_path)
+    end
+
+    it "overwrites the @command variable with the verification command" do
+      v = Chef::Resource::File::Verification::SystemdUnit.new(parent_resource, :systemd_unit, {})
+      expect(v.instance_variable_get(:@command)).to eql(command)
+    end
+  end
+
+  describe "#verify" do
+    context "with the systemd-analyze binary available" do
+      before(:each) do
+        allow_any_instance_of(Chef::Resource::File::Verification::SystemdUnit).to receive(:which)
+          .with("systemd-analyze")
+          .and_return(systemd_analyze_path)
+
+        allow(parent_resource).to receive(:path)
+          .and_return(unit_path)
+        allow(Dir).to receive(:mktmpdir)
+          .with("chef-systemd-unit") { |&b| b.call temp_path }
+        allow(FileUtils).to receive(:cp)
+          .with(unit_temp_path, unit_test_path)
+      end
+
+      it "copies the temp file to secondary location under correct name" do
+        v = Chef::Resource::File::Verification::SystemdUnit.new(parent_resource, :systemd_unit, {})
+
+        expect(FileUtils).to receive(:cp).with(unit_temp_path, unit_test_path)
+        expect(v).to receive(:verify_command).with(unit_test_path, opts)
+
+        v.verify(unit_temp_path, opts)
+      end
+
+      it "returns the value given by #verify_command" do
+        v = Chef::Resource::File::Verification::SystemdUnit.new(parent_resource, :systemd_unit, {})
+
+        expect(v).to receive(:verify_command)
+          .with(unit_test_path, opts)
+          .and_return("foo")
+
+        expect(v.verify(unit_temp_path, opts)).to eql("foo")
+      end
+    end
+
+    context "with the systemd-analyze binary unavailable" do
+      before(:each) do
+        allow_any_instance_of(Chef::Resource::File::Verification::SystemdUnit).to receive(:which)
+          .with("systemd-analyze")
+          .and_return(false)
+      end
+
+      it "skips verification" do
+        v = Chef::Resource::File::Verification::SystemdUnit.new(parent_resource, :systemd_unit, {})
+
+        expect(v).to_not receive(:verify_command)
+
+        expect(v.verify(unit_temp_path)).to eq(true)
+      end
+    end
+  end
+end