chef 16.3.45-universal-mingw32 → 16.5.77-universal-mingw32

data/spec/unit/resource/chef_client_systemd_timer_spec.rb

@@ -33,6 +33,12 @@ describe Chef::Resource::ChefClientSystemdTimer do
     expect(resource.user).to eql("root")
   end
 
+  it "validates the cpu_quota property input" do
+    expect { resource.cpu_quota(0) }.to raise_error(Chef::Exceptions::ValidationFailed)
+    expect { resource.cpu_quota(50) }.not_to raise_error
+    expect { resource.cpu_quota(101) }.not_to raise_error
+  end
+
   it "builds a default value for chef_binary_path dist values" do
     expect(resource.chef_binary_path).to eql("/opt/chef/bin/chef-client")
   end
@@ -70,4 +76,33 @@ describe Chef::Resource::ChefClientSystemdTimer do
       expect(provider.chef_client_cmd).to eql("/opt/chef/bin/chef-client --chef-license accept -c #{root_path}")
     end
   end
-end
+
+  describe "#service_content" do
+    it "does not set ConditionACPower if run_on_battery property is set to true (the default)" do
+      expect(provider.service_content["Service"]).not_to have_key("ConditionACPower")
+    end
+
+    it "sets ConditionACPower if run_on_battery property is set to false" do
+      resource.run_on_battery false
+      expect(provider.service_content["Service"]["ConditionACPower"]).to eq("true")
+    end
+
+    it "does not set Environment if environment property is empty" do
+      expect(provider.service_content["Service"]).not_to have_key("Environment")
+    end
+
+    it "sets Environment if environment property is set" do
+      resource.environment({ "foo" => "bar" })
+      expect(provider.service_content["Service"]["Environment"]).to eq(["\"foo=bar\""])
+    end
+
+    it "does not set CPUQuota if cpu_quota property is not set" do
+      expect(provider.service_content["Service"]).not_to have_key("CPUQuota")
+    end
+
+    it "sets CPUQuota if cpu_quota property is set" do
+      resource.cpu_quota 50
+      expect(provider.service_content["Service"]["CPUQuota"]).to eq(50)
+    end
+  end
+end

data/spec/unit/resource/chef_client_trusted_certificate_spec.rb

@@ -0,0 +1,54 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Resource::ChefClientTrustedCertificate do
+  let(:node) { Chef::Node.new }
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:run_context) { Chef::RunContext.new(node, {}, events) }
+  let(:resource) { Chef::Resource::ChefClientTrustedCertificate.new("foo", run_context) }
+  let(:provider) { resource.provider_for_action(:add) }
+
+  it "has a resource name of :chef_client_trusted_certificate" do
+    expect(resource.resource_name).to eql(:chef_client_trusted_certificate)
+  end
+
+  it "has a name property of cert_name" do
+    expect(resource.cert_name).to eql("foo")
+  end
+
+  it "sets the default action as :add" do
+    expect(resource.action).to eql([:add])
+  end
+
+  it "supports :remove action" do
+    expect { resource.action :remove }.not_to raise_error
+  end
+
+  describe "#cert_path" do
+    it "appends .pem to new_resource.cert_name value" do
+      resource.cert_name "something"
+      expect(provider.cert_path).to match(%r{trusted_certs/something.pem$})
+    end
+
+    it "does not append .pem if cert_name already ends in .pem" do
+      resource.cert_name "something.pem"
+      expect(provider.cert_path).to match(%r{trusted_certs/something.pem$})
+    end
+  end
+end

data/spec/unit/resource/execute_spec.rb

@@ -116,172 +116,167 @@ describe Chef::Resource::Execute do
     end
   end
 
-  shared_examples_for "a consumer of the Execute resource" do
-    context "when running on Windows" do
-      before do
-        allow(resource).to receive(:windows?).and_return(true)
-      end
-
-      context "when no user, domain, or password is specified" do
-        let(:username) { nil }
-        let(:domain) { nil }
-        let(:password) { nil }
-        it_behaves_like "it received valid credentials"
-      end
-
-      context "when a valid username is specified" do
-        let(:username) { "starchild" }
-        let(:elevated) { false }
-        context "when a valid domain is specified" do
-          let(:domain) { "mothership" }
-
-          context "when the password is not specified" do
-            let(:password) { nil }
-            it_behaves_like "it received invalid credentials"
-          end
-
-          context "when the password is specified" do
-            let(:password) { "we.funk!" }
-            it_behaves_like "it received valid credentials"
-          end
-        end
+  context "when running on Windows" do
+    before do
+      allow(resource).to receive(:windows?).and_return(true)
+    end
 
-        context "when the domain is not specified" do
-          let(:domain) { nil }
-          let(:elevated) { false }
+    context "when no user, domain, or password is specified" do
+      let(:username) { nil }
+      let(:domain) { nil }
+      let(:password) { nil }
+      it_behaves_like "it received valid credentials"
+    end
 
-          context "when the password is not specified" do
-            let(:password) { nil }
-            it_behaves_like "it received invalid credentials"
-          end
+    context "when a valid username is specified" do
+      let(:username) { "starchild" }
+      let(:elevated) { false }
+      context "when a valid domain is specified" do
+        let(:domain) { "mothership" }
 
-          context "when the password is specified" do
-            let(:password) { "we.funk!" }
-            it_behaves_like "it received valid credentials"
-          end
+        context "when the password is not specified" do
+          let(:password) { nil }
+          it_behaves_like "it received invalid credentials"
         end
 
-        context "when username is not specified" do
-          let(:username) { nil }
-
-          context "when domain is specified" do
-            let(:domain) { "mothership" }
-            let(:password) { nil }
-            it_behaves_like "it received invalid username and domain"
-          end
-
-          context "when password is specified" do
-            let(:domain) { nil }
-            let(:password) { "we.funk!" }
-            it_behaves_like "it received invalid username and domain"
-          end
+        context "when the password is specified" do
+          let(:password) { "we.funk!" }
+          it_behaves_like "it received valid credentials"
         end
       end
 
-      context "when invalid username is specified" do
-        let(:username) { "user@domain@domain" }
+      context "when the domain is not specified" do
         let(:domain) { nil }
-        let(:password) { "we.funk!" }
-        it_behaves_like "it received invalid username and domain"
-      end
-
-      context "when the domain is provided in both username and domain" do
-        let(:domain) { "some_domain" }
-        let(:password) { "we.funk!" }
+        let(:elevated) { false }
 
-        context "when username is in the form domain\\user" do
-          let(:username) { "mothership\\starchild" }
-          it_behaves_like "it received invalid username and domain"
+        context "when the password is not specified" do
+          let(:password) { nil }
+          it_behaves_like "it received invalid credentials"
         end
 
-        context "when username is in the form user@domain" do
-          let(:username) { "starchild@mothership" }
-          it_behaves_like "it received invalid username and domain"
+        context "when the password is specified" do
+          let(:password) { "we.funk!" }
+          it_behaves_like "it received valid credentials"
         end
       end
 
-      context "when elevated is passed" do
-        let(:elevated) { true }
+      context "when username is not specified" do
+        let(:username) { nil }
 
-        context "when username and password are not passed" do
-          let(:username) { nil }
-          let(:domain) { nil }
+        context "when domain is specified" do
+          let(:domain) { "mothership" }
           let(:password) { nil }
-          it_behaves_like "it received invalid credentials"
+          it_behaves_like "it received invalid username and domain"
         end
 
-        context "when username and password are passed" do
-          let(:username) { "user" }
+        context "when password is specified" do
           let(:domain) { nil }
           let(:password) { "we.funk!" }
-          it_behaves_like "it received valid credentials"
+          it_behaves_like "it received invalid username and domain"
         end
       end
     end
 
-    context "when not running on Windows" do
-      before do
-        allow(resource).to receive(:node).and_return({ platform_family: "ubuntu" })
+    context "when invalid username is specified" do
+      let(:username) { "user@domain@domain" }
+      let(:domain) { nil }
+      let(:password) { "we.funk!" }
+      it_behaves_like "it received invalid username and domain"
+    end
+
+    context "when the domain is provided in both username and domain" do
+      let(:domain) { "some_domain" }
+      let(:password) { "we.funk!" }
+
+      context "when username is in the form domain\\user" do
+        let(:username) { "mothership\\starchild" }
+        it_behaves_like "it received invalid username and domain"
+      end
+
+      context "when username is in the form user@domain" do
+        let(:username) { "starchild@mothership" }
+        it_behaves_like "it received invalid username and domain"
       end
+    end
 
-      context "when no user, domain, or password is specified" do
+    context "when elevated is passed" do
+      let(:elevated) { true }
+
+      context "when username and password are not passed" do
         let(:username) { nil }
         let(:domain) { nil }
         let(:password) { nil }
+        it_behaves_like "it received invalid credentials"
+      end
+
+      context "when username and password are passed" do
+        let(:username) { "user" }
+        let(:domain) { nil }
+        let(:password) { "we.funk!" }
         it_behaves_like "it received valid credentials"
       end
+    end
+  end
+
+  context "when not running on Windows" do
+    before do
+      allow(resource).to receive(:node).and_return({ platform_family: "ubuntu" })
+    end
+
+    context "when no user, domain, or password is specified" do
+      let(:username) { nil }
+      let(:domain) { nil }
+      let(:password) { nil }
+      it_behaves_like "it received valid credentials"
+    end
+
+    context "when the user is specified and the domain and password are not" do
+      let(:username) { "starchild" }
+      let(:domain) { nil }
+      let(:password) { nil }
+      it_behaves_like "it received valid credentials"
 
-      context "when the user is specified and the domain and password are not" do
-        let(:username) { "starchild" }
+      context "when the password is specified and the domain is not" do
+        let(:password) { "we.funk!" }
         let(:domain) { nil }
+        it_behaves_like "it received credentials that are not valid on the platform"
+      end
+
+      context "when the domain is specified and the password is not" do
+        let(:domain) { "mothership" }
         let(:password) { nil }
-        it_behaves_like "it received valid credentials"
+        it_behaves_like "it received credentials that are not valid on the platform"
+      end
+
+      context "when the domain and password are specified" do
+        let(:domain) { "mothership" }
+        let(:password) { "we.funk!" }
+        it_behaves_like "it received credentials that are not valid on the platform"
+      end
+    end
 
-        context "when the password is specified and the domain is not" do
+    context "when the user is not specified" do
+      let(:username) { nil }
+      context "when the domain is specified" do
+        let(:domain) { "mothership" }
+        context "when the password is specified" do
           let(:password) { "we.funk!" }
-          let(:domain) { nil }
           it_behaves_like "it received credentials that are not valid on the platform"
         end
 
-        context "when the domain is specified and the password is not" do
-          let(:domain) { "mothership" }
+        context "when password is not specified" do
           let(:password) { nil }
           it_behaves_like "it received credentials that are not valid on the platform"
         end
+      end
 
-        context "when the domain and password are specified" do
-          let(:domain) { "mothership" }
+      context "when the domain is not specified" do
+        let(:domain) { nil }
+        context "when the password is specified" do
           let(:password) { "we.funk!" }
           it_behaves_like "it received credentials that are not valid on the platform"
         end
       end
-
-      context "when the user is not specified" do
-        let(:username) { nil }
-        context "when the domain is specified" do
-          let(:domain) { "mothership" }
-          context "when the password is specified" do
-            let(:password) { "we.funk!" }
-            it_behaves_like "it received credentials that are not valid on the platform"
-          end
-
-          context "when password is not specified" do
-            let(:password) { nil }
-            it_behaves_like "it received credentials that are not valid on the platform"
-          end
-        end
-
-        context "when the domain is not specified" do
-          let(:domain) { nil }
-          context "when the password is specified" do
-            let(:password) { "we.funk!" }
-            it_behaves_like "it received credentials that are not valid on the platform"
-          end
-        end
-      end
     end
   end
-
-  it_behaves_like "a consumer of the Execute resource"
-
 end

data/spec/unit/resource/launchd_spec.rb

@@ -37,4 +37,12 @@ describe Chef::Resource::Launchd do
     expect { resource.action :enable }.not_to raise_error
     expect { resource.action :restart }.not_to raise_error
   end
+
+  it "raises an error if nice is less than -20" do
+    expect { resource.nice(-21) }.to raise_error(Chef::Exceptions::ValidationFailed)
+  end
+
+  it "raises an error if nice is greater than 19" do
+    expect { resource.nice(20) }.to raise_error(Chef::Exceptions::ValidationFailed)
+  end
 end

data/spec/unit/resource/osx_profile_spec.rb

@@ -58,4 +58,303 @@ describe Chef::Resource::OsxProfile do
     resource.profile test_profile
     expect(resource.profile).to be_a(Hash)
   end
+
+  let(:shell_out_success) do
+    double("shell_out", exitstatus: 0, error?: false)
+  end
+
+  describe "action_create" do
+    let(:node) { Chef::Node.new }
+    let(:events) { Chef::EventDispatch::Dispatcher.new }
+    let(:run_context) { Chef::RunContext.new(node, {}, events) }
+    let(:resource) { Chef::Resource::OsxProfile.new("Profile Test", run_context) }
+    let(:provider) { resource.provider_for_action(:create) }
+    let(:all_profiles) do
+      { "_computerlevel" => [{ "ProfileDisplayName" => "Finder Settings",
+                               "ProfileIdentifier" => "com.apple.finder",
+                               "ProfileInstallDate" => "2015-11-08 23:15:21 +0000",
+                               "ProfileItems" => [{ "PayloadContent" => { "PayloadContentManagedPreferences" => { "com.apple.finder" => { "Forced" => [{ "mcx_preference_settings" => { "ShowExternalHardDrivesOnDesktop" => false } }] } } },
+                                                    "PayloadDisplayName" => "Custom: (com.apple.finder)",
+                                                    "PayloadIdentifier" => "com.apple.finder",
+                                                    "PayloadType" => "com.apple.ManagedClient.preferences",
+                                                    "PayloadUUID" => "a017048f-684b-4e81-baa3-43afe316d739",
+                                                    "PayloadVersion" => 1 }],
+                               "ProfileOrganization" => "Chef",
+                               "ProfileRemovalDisallowed" => "false",
+                               "ProfileType" => "Configuration",
+                               "ProfileUUID" => "e2e09bef-e673-44a6-bcbe-ecb5f1c1b740",
+                               "ProfileVerificationState" => "unsigned",
+                               "ProfileVersion" => 1 },
+        { "ProfileDisplayName" => "ScreenSaver Settings",
+          "ProfileIdentifier" => "com.testprofile.screensaver",
+          "ProfileInstallDate" => "2015-10-05 23:15:21 +0000",
+          "ProfileItems" => [{ "PayloadContent" => { "PayloadContentManagedPreferences" => { "com.apple.screensaver" => { "Forced" => [{ "mcx_preference_settings" => { "idleTime" => 0 } }] } } },
+                               "PayloadDisplayName" => "Custom: (com.apple.screensaver)",
+                               "PayloadIdentifier" => "com.apple.screensaver",
+                               "PayloadType" => "com.apple.ManagedClient.preferences",
+                               "PayloadUUID" => "73fc30e0-1e57-0131-c32d-000c2944c110",
+                               "PayloadVersion" => 1 }],
+          "ProfileOrganization" => "Chef",
+          "ProfileRemovalDisallowed" => "false",
+          "ProfileType" => "Configuration",
+          "ProfileUUID" => "6e95927c-f200-54b4-85c7-52ab99b61c47",
+          "ProfileVerificationState" => "unsigned",
+          "ProfileVersion" => 1 }],
+      }
+    end
+    let(:profile_raw_xml) do
+      <<~OUT
+      <?xml version="1.0" encoding="UTF-8"?>
+      <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+      <plist version="1.0">
+        <dict>
+            <key>tsmith</key>
+            <array>
+              <dict>
+                  <key>ProfileDisplayName</key>
+                  <string>Screensaver Settings</string>
+                  <key>ProfileIdentifier</key>
+                  <string>com.company.screensaver</string>
+                  <key>ProfileInstallDate</key>
+                  <string>2020-09-17 17:20:49 +0000</string>
+                  <key>ProfileItems</key>
+                  <array>
+                    <dict>
+                        <key>PayloadContent</key>
+                        <dict>
+                          <key>PayloadContentManagedPreferences</key>
+                          <dict>
+                              <key>com.apple.screensaver</key>
+                              <dict>
+                                <key>Forced</key>
+                                <array>
+                                    <dict>
+                                      <key>mcx_preference_settings</key>
+                                      <dict>
+                                          <key>idleTime</key>
+                                          <integer>0</integer>
+                                      </dict>
+                                    </dict>
+                                </array>
+                              </dict>
+                          </dict>
+                        </dict>
+                        <key>PayloadDisplayName</key>
+                        <string>com.apple.screensaver</string>
+                        <key>PayloadIdentifier</key>
+                        <string>com.company.screensaver</string>
+                        <key>PayloadType</key>
+                        <string>com.apple.ManagedClient.preferences</string>
+                        <key>PayloadUUID</key>
+                        <string>73fc30e0-1e57-0131-c32d-000c2944c108</string>
+                        <key>PayloadVersion</key>
+                        <integer>1</integer>
+                    </dict>
+                  </array>
+                  <key>ProfileOrganization</key>
+                  <string>Chef</string>
+                  <key>ProfileType</key>
+                  <string>Configuration</string>
+                  <key>ProfileUUID</key>
+                  <string>ed5e36c8-ea0b-5960-8f49-3c7d9121687e</string>
+                  <key>ProfileVersion</key>
+                  <integer>1</integer>
+              </dict>
+            </array>
+        </dict>
+      </plist>
+      OUT
+    end
+    let(:shell_out_profiles) do
+      double("shell_out", exitstatus: 0, error?: false, stdout: profile_raw_xml)
+    end
+    # If anything is changed within this profile, be sure to update the
+    # ProfileUUID in all_profiles to match the new config specific UUID
+    let(:test_profile) do
+      {
+        "PayloadIdentifier" => "com.testprofile.screensaver",
+        "PayloadRemovalDisallowed" => false,
+        "PayloadScope" => "System",
+        "PayloadType" => "Configuration",
+        "PayloadUUID" => "1781fbec-3325-565f-9022-8aa28135c3cc",
+        "PayloadOrganization" => "Chef",
+        "PayloadVersion" => 1,
+        "PayloadDisplayName" => "Screensaver Settings",
+        "PayloadContent" => [
+          {
+            "PayloadType" => "com.apple.ManagedClient.preferences",
+            "PayloadVersion" => 1,
+            "PayloadIdentifier" => "com.testprofile.screensaver",
+            "PayloadUUID" => "73fc30e0-1e57-0131-c32d-000c2944c108",
+            "PayloadEnabled" => true,
+            "PayloadDisplayName" => "com.apple.screensaver",
+            "PayloadContent" => {
+              "com.apple.screensaver" => {
+                "Forced" => [
+                  {
+                    "mcx_preference_settings" => {
+                      "idleTime" => 0,
+                    },
+                  },
+                ],
+              },
+            },
+          },
+        ],
+        }
+    end
+    let(:no_profiles) do
+      {}
+    end
+
+    before(:each) do
+      allow(provider).to receive(:cookbook_file_available?).and_return(true)
+      allow(provider).to receive(:cache_cookbook_profile).and_return("/tmp/test.mobileconfig.remote")
+      allow(provider).to receive(:get_new_profile_hash).and_return(test_profile)
+      allow(provider).to receive(:get_installed_profiles).and_return(all_profiles)
+      allow(provider).to receive(:read_plist).and_return(all_profiles)
+      allow(::File).to receive(:unlink).and_return(true)
+    end
+
+    it "should build the get all profiles shellout command correctly" do
+      profile_name = "com.testprofile.screensaver.mobileconfig"
+      resource.profile_name profile_name
+      allow(provider).to receive(:get_installed_profiles).and_call_original
+      allow(provider).to receive(:read_plist).and_return(all_profiles)
+      expect(provider).to receive(:shell_out_compacted).with("/usr/bin/profiles", "-P", "-o", "stdout-xml").and_return(shell_out_profiles)
+      provider.load_current_resource
+    end
+
+    it "should use profile name as profile when no profile is set" do
+      profile_name = "com.testprofile.screensaver.mobileconfig"
+      resource.profile_name profile_name
+      provider.load_current_resource
+      expect(resource.profile_name).to eql(profile_name)
+    end
+
+    it "should use identifier from specified profile" do
+      resource.profile test_profile
+      provider.load_current_resource
+      expect(
+        provider.instance_variable_get(:@new_profile_identifier)
+      ).to eql(test_profile["PayloadIdentifier"])
+    end
+
+    it "should install when not installed" do
+      resource.profile test_profile
+      allow(provider).to receive(:get_installed_profiles).and_return(no_profiles)
+      provider.load_current_resource
+      expect(provider).to receive(:install_profile)
+      expect { provider.run_action(:install) }.to_not raise_error
+    end
+
+    it "does not install if the profile is already installed" do
+      resource.profile test_profile
+      allow(provider).to receive(:get_installed_profiles).and_return(all_profiles)
+      provider.load_current_resource
+      expect(provider).to_not receive(:install_profile)
+      expect { provider.action_install }.to_not raise_error
+    end
+
+    it "should install when installed but uuid differs" do
+      resource.profile test_profile
+      all_profiles["_computerlevel"][1]["ProfileUUID"] = "1781fbec-3325-565f-9022-9bb39245d4dd"
+      provider.load_current_resource
+      expect(provider).to receive(:install_profile)
+      expect { provider.run_action(:install) }.to_not raise_error
+    end
+
+    it "should build the shellout install command correctly" do
+      profile_path = "/tmp/test.mobileconfig"
+      resource.profile test_profile
+      # Change the profile so it triggers an install
+      all_profiles["_computerlevel"][1]["ProfileUUID"] = "1781fbec-3325-565f-9022-9bb39245d4dd"
+      provider.load_current_resource
+      allow(provider).to receive(:write_profile_to_disk).and_return(profile_path)
+      expect(provider).to receive(:shell_out_compacted!).with("/usr/bin/profiles", "-I", "-F", profile_path).and_return(shell_out_success)
+      provider.action_install
+    end
+
+    it "should fail if there is no identifier inside the profile" do
+      test_profile.delete("PayloadIdentifier")
+      resource.profile test_profile
+      error_message = "The specified profile does not seem to be valid"
+      expect { provider.run_action(:install) }.to raise_error(RuntimeError, error_message)
+    end
+  end
+
+  describe "action_remove" do
+    let(:node) { Chef::Node.new }
+    let(:events) { Chef::EventDispatch::Dispatcher.new }
+    let(:run_context) { Chef::RunContext.new(node, {}, events) }
+    let(:resource) { Chef::Resource::OsxProfile.new("Profile Test", run_context) }
+    let(:provider) { resource.provider_for_action(:remove) }
+    let(:current_resource) { Chef::Resource::OsxProfile.new("Profile Test") }
+    let(:all_profiles) do
+      { "_computerlevel" => [{ "ProfileDisplayName" => "ScreenSaver Settings",
+                               "ProfileIdentifier" => "com.apple.screensaver",
+                               "ProfileInstallDate" => "2015-10-05 23:15:21 +0000",
+                               "ProfileItems" => [{ "PayloadContent" => { "PayloadContentManagedPreferences" => { "com.apple.screensaver" => { "Forced" => [{ "mcx_preference_settings" => { "idleTime" => 0 } }] } } },
+                                                    "PayloadDisplayName" => "Custom: (com.apple.screensaver)",
+                                                    "PayloadIdentifier" => "com.apple.screensaver",
+                                                    "PayloadType" => "com.apple.ManagedClient.preferences",
+                                                    "PayloadUUID" => "73fc30e0-1e57-0131-c32d-000c2944c108",
+                                                    "PayloadVersion" => 1 }],
+                               "ProfileOrganization" => "Chef",
+                               "ProfileRemovalDisallowed" => "false",
+                               "ProfileType" => "Configuration",
+                               "ProfileUUID" => "1781fbec-3325-565f-9022-8aa28135c3cc",
+                               "ProfileVerificationState" => "unsigned",
+                               "ProfileVersion" => 1 },
+        { "ProfileDisplayName" => "ScreenSaver Settings",
+          "ProfileIdentifier" => "com.testprofile.screensaver",
+          "ProfileInstallDate" => "2015-10-05 23:15:21 +0000",
+          "ProfileItems" => [{ "PayloadContent" => { "PayloadContentManagedPreferences" => { "com.apple.screensaver" => { "Forced" => [{ "mcx_preference_settings" => { "idleTime" => 0 } }] } } },
+                               "PayloadDisplayName" => "Custom: (com.apple.screensaver)",
+                               "PayloadIdentifier" => "com.apple.screensaver",
+                               "PayloadType" => "com.apple.ManagedClient.preferences",
+                               "PayloadUUID" => "73fc30e0-1e57-0131-c32d-000c2944c110",
+                               "PayloadVersion" => 1 }],
+          "ProfileOrganization" => "Chef",
+          "ProfileRemovalDisallowed" => "false",
+          "ProfileType" => "Configuration",
+          "ProfileUUID" => "1781fbec-3325-565f-9022-8aa28135c3cc",
+          "ProfileVerificationState" => "unsigned",
+          "ProfileVersion" => 1 }],
+      }
+    end
+
+    before(:each) do
+      provider.current_resource = current_resource
+      allow(provider).to receive(:get_installed_profiles).and_return(all_profiles)
+    end
+
+    it "should use resource name for identifier when not specified" do
+      resource.profile_name "com.testprofile.screensaver"
+      resource.action(:remove)
+      provider.load_current_resource
+      expect(provider.instance_variable_get(:@new_profile_identifier)).to eql(resource.profile_name)
+    end
+
+    it "should use specified identifier" do
+      resource.identifier "com.testprofile.screensaver"
+      resource.action(:remove)
+      provider.load_current_resource
+      expect(provider.instance_variable_get(:@new_profile_identifier)).to eql(resource.identifier)
+    end
+
+    it "should work with spaces in the identifier" do
+      provider.action = :remove
+      provider.define_resource_requirements
+      expect { provider.process_resource_requirements }.not_to raise_error
+    end
+
+    it "should build the shellout remove command correctly" do
+      resource.identifier "com.testprofile.screensaver"
+      resource.action(:remove)
+      provider.load_current_resource
+      expect(provider).to receive(:shell_out_compacted!).with("/usr/bin/profiles", "-R", "-p", resource.identifier).and_return(shell_out_success)
+      provider.action_remove
+    end
+  end
 end