chef 17.10.114 → 18.0.169

data/spec/functional/resource/zypper_package_spec.rb

@@ -74,6 +74,18 @@ describe Chef::Resource::ZypperPackage, :requires_root, :suse_only do
       expect(shell_out("rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' chef_rpm").stdout.chomp).to match("^chef_rpm-1.10-1.#{pkg_arch}$")
     end
 
+    it "install package with source argument" do
+      zypper_package.source = "#{CHEF_SPEC_ASSETS}/zypprepo/chef_rpm-1.10-1.#{pkg_arch}.rpm"
+      zypper_package.run_action(:install)
+      expect(zypper_package.updated_by_last_action?).to be true
+      expect(shell_out("rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' chef_rpm").stdout.chomp).to match("^chef_rpm-1.10-1.#{pkg_arch}$")
+    end
+
+    it "raises an error when passed a source that does not exist" do
+      zypper_package.source = "#{CHEF_SPEC_ASSETS}/false/zypprepo/chef_rpm-1.10-1.#{pkg_arch}.rpm"
+      expect { zypper_package.run_action(:install) }.to raise_error(Mixlib::ShellOut::ShellCommandFailed)
+    end
+
     it "does not install if the package is installed" do
       preinstall("chef_rpm-1.10-1.#{pkg_arch}.rpm")
       zypper_package.run_action(:install)
@@ -177,15 +189,6 @@ describe Chef::Resource::ZypperPackage, :requires_root, :suse_only do
         expect(zypper_package.updated_by_last_action?).to be true
         expect(shell_out("rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' chef_rpm").stdout.chomp).to match("^package chef_rpm is not installed$")
       end
-
-      context "Package doesn't exist" do
-        let(:package_name) { "nonexistent_repo" }
-        it "does nothing if the package is not installed" do
-          zypper_package.run_action(:remove)
-          expect(zypper_package.updated_by_last_action?).to be false
-        end
-
-      end
     end
 
     context "with no available version" do
@@ -256,7 +259,6 @@ describe Chef::Resource::ZypperPackage, :requires_root, :suse_only do
       expect(shell_out("zypper locks | grep chef_rpm_provides").stdout.chomp).not_to match("chef_rpm_provides")
     end
   end
-
   def remove_package
     pkg_to_remove = Chef::Resource::ZypperPackage.new(package_name, run_context)
     pkg_to_remove.run_action(:remove)

data/spec/functional/shell_spec.rb

@@ -78,7 +78,6 @@ describe Shell do
     def run_chef_shell_with(options)
       # Windows ruby installs don't (always?) have PTY,
       # so hide the require here
-
       require "pty"
 
       # FIXME this is temporary... Solaris envs have TERM set to unknown
@@ -87,7 +86,7 @@ describe Shell do
       ENV["TERM"] = "vt100" if ["", "unknown"].include?(ENV["TERM"].to_s)
 
       config = File.expand_path("shef-config.rb", CHEF_SPEC_DATA)
-      reader, writer, pid = PTY.spawn("bundle exec chef-shell --no-multiline --no-singleline --no-colorize -c #{config} #{options}")
+      reader, writer, pid = PTY.spawn("bundle exec #{ChefUtils::Dist::Infra::SHELL} --no-multiline --no-singleline --no-colorize -c #{config} #{options}")
       read_until(reader, "chef (#{Chef::VERSION})>")
       yield reader, writer if block_given?
       writer.puts('"done"')

data/spec/functional/version_spec.rb

@@ -25,7 +25,7 @@ describe "Chef Versions", :executables do
   include Chef::Mixin::ShellOut
   let(:chef_dir) { File.join(__dir__, "..", "..") }
 
-  binaries = [ ChefUtils::Dist::Infra::CLIENT, "chef-shell", "chef-apply", ChefUtils::Dist::Solo::EXEC ]
+  binaries = [ ChefUtils::Dist::Infra::CLIENT, ChefUtils::Dist::Infra::SHELL, "chef-apply", ChefUtils::Dist::Solo::EXEC ]
 
   binaries.each do |binary|
     it "#{binary} version should be sane" do

data/spec/integration/client/client_spec.rb

@@ -4,6 +4,10 @@ require "chef/mixin/shell_out"
 require "tiny_server"
 require "tmpdir"
 require "chef-utils/dist"
+require "chef/mixin/powershell_exec"
+
+# cspell:disable-next-line
+SOME_CHARS = "~!@#%^&*_-+=`|\\(){}[<]:;'>,.?/0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz".each_char.to_a.freeze
 
 describe "chef-client" do
 
@@ -31,8 +35,56 @@ describe "chef-client" do
     @server = @api = nil
   end
 
+  def install_certificate_in_store(client_name)
+    if ChefUtils.windows?
+      powershell_exec! <<~EOH
+        if (-not (($PSVersionTable.PSVersion.Major -ge 5) -and ($PSVersionTable.PSVersion.Build -ge 22000)) ) {
+          New-SelfSignedCertificate -CertStoreLocation Cert:\\LocalMachine\\My -DnsName "#{client_name}"
+        }
+        else {
+          New-SelfSignedCertificate -CertStoreLocation Cert:\\LocalMachine\\My -Subject "#{client_name}" -FriendlyName "#{client_name}" -KeyExportPolicy Exportable
+        }
+      EOH
+    end
+  end
+
+  def create_registry_key
+    ::Chef::HTTP::Authenticator.get_cert_password
+    # @win32registry = Chef::Win32::Registry.new
+    # path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
+    # unless @win32registry.key_exists?(path)
+    #   @win32registry.create_key(path, true)
+    # end
+    # password = SOME_CHARS.sample(1 + rand(SOME_CHARS.count)).join[0...14]
+    # values = { name: "PfxPass", type: :string, data: password }
+    # @win32registry.set_value(path, values)
+  end
+
+  def remove_certificate_from_store
+    powershell_exec! <<~EOH
+      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{client_name}" } -ErrorAction Stop | Remove-Item
+    EOH
+  end
+
+  def remove_registry_key
+    powershell_exec!("Remove-ItemProperty -Path HKLM:\\SOFTWARE\\Progress\\Authentication -Name 'PfxPass' ")
+  end
+
+  def verify_export_password_exists
+    powershell_exec! <<~EOH
+    Try {
+      $response = Get-ItemProperty -Path "HKLM:\\Software\\Progress\\Authentication" -Name "PfxPass" -ErrorAction Stop
+      if ($response) {return $true}
+      }
+    Catch {
+        return $false
+    }
+    EOH
+  end
+
   include IntegrationSupport
   include Chef::Mixin::ShellOut
+  include Chef::Mixin::PowershellExec
 
   let(:chef_dir) { File.join(__dir__, "..", "..", "..") }
 
@@ -45,8 +97,10 @@ describe "chef-client" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai" }
-  let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
+  let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai --always-dump-stacktrace" }
+  let(:client_name) { "chef-973334" }
+  let(:hostname) { "973334" }
 
   context "when validation.pem in current Directory" do
     let(:validation_path) { "" }
@@ -133,7 +187,6 @@ describe "chef-client" do
         # FATAL: Configuration error NoMethodError: undefined method `xxx' for nil:NilClass
         expect(result.stdout).to include("xxx")
       end
-
     end
 
     it "should complete with success" do
@@ -146,6 +199,32 @@ describe "chef-client" do
       result.error!
     end
 
+    if ChefUtils.windows?
+      context "and the private key is in the Windows CertStore" do
+        before do
+          install_certificate_in_store(client_name)
+          create_registry_key
+        end
+
+        after do
+          remove_certificate_from_store
+          remove_registry_key
+        end
+
+        it "should verify that the cert is loaded in the LocalMachine\\My" do
+          expect(Chef::HTTP::Authenticator.check_certstore_for_key(hostname)).to eq(true)
+        end
+
+        it "should verify that the export password for the pfx is loaded in the Registry" do
+          expect(verify_export_password_exists.result).to eq(true)
+        end
+
+        it "should verify that a private key is returned to me" do
+          expect(Chef::HTTP::Authenticator.retrieve_certificate_key(client_name)).not_to be nil
+        end
+      end
+    end
+
     context "and a private key" do
       before do
         file "mykey.pem", <<~EOM

data/spec/integration/client/exit_code_spec.rb

@@ -23,7 +23,7 @@ describe "chef-client" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --no-fork --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --no-fork --minimal-ohai --always-dump-stacktrace" }
 
   let(:critical_env_vars) { %w{PATH RUBYOPT BUNDLE_GEMFILE GEM_PATH}.map { |o| "#{o}=#{ENV[o]}" } .join(" ") }
 

data/spec/integration/client/ipv6_spec.rb

@@ -76,7 +76,7 @@ describe "chef-client" do
 
   let(:chef_dir) { File.join(__dir__, "..", "..", "..") }
 
-  let(:chef_client_cmd) { %Q{bundle exec chef-client --minimal-ohai -c "#{path_to("config/client.rb")}" -lwarn} }
+  let(:chef_client_cmd) { %Q{bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai -c "#{path_to("config/client.rb")}" -lwarn --always-dump-stacktrace} }
 
   after do
     FileUtils.rm_rf(cache_path)

data/spec/integration/compliance/compliance_spec.rb

@@ -20,7 +20,7 @@ describe "chef-client with compliance phase" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a custom profile" do
     let(:report_file) { path_to("report_file.json") }

data/spec/integration/recipes/accumulator_spec.rb

@@ -17,7 +17,7 @@ describe "Accumulators" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   let(:aliases_temppath) do
     t = Tempfile.new("chef_accumulator_test")

data/spec/integration/recipes/lwrp_inline_resources_spec.rb

@@ -17,7 +17,7 @@ describe "LWRPs with inline resources" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   context "with a use_inline_resources provider with 'def action_a' instead of action :a" do
     class LwrpInlineResourcesTest < Chef::Resource

data/spec/integration/recipes/lwrp_spec.rb

@@ -17,7 +17,7 @@ describe "LWRPs" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a cookbook named l-w-r-p" do
     before do

data/spec/integration/recipes/notifies_spec.rb

@@ -23,7 +23,7 @@ describe "notifications" do
   include Chef::Mixin::ShellOut
 
   let(:chef_dir) { File.expand_path("../../..", __dir__) }
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "notifies a nameless resource" do
     before do

data/spec/integration/recipes/notifying_block_spec.rb

@@ -24,7 +24,7 @@ describe "notifying_block" do
   include Chef::Mixin::ShellOut
 
   let(:chef_dir) { File.expand_path("../../..", __dir__) }
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "notifying_block test one" do
     before do

data/spec/integration/recipes/remote_directory.rb

@@ -16,7 +16,7 @@ describe Chef::Resource::RemoteDirectory do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a cookbook with a source_dir with two subdirectories, each with one file and subdir in a different alphabetical order" do
     before do

data/spec/integration/recipes/unified_mode_spec.rb

@@ -8,7 +8,7 @@ describe "Unified Mode" do
 
   let(:chef_dir) { File.expand_path("../../..", __dir__) }
 
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a cookbook with a unified_mode resource with a delayed notification from the second block to the first block" do
     before do

data/spec/integration/recipes/use_partial_spec.rb

@@ -23,10 +23,11 @@ describe "notifying_block" do
   include Chef::Mixin::ShellOut
 
   let(:chef_dir) { File.expand_path("../../..", __dir__) }
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a cookbook with partial resources" do
     before do
+      ::Chef::HTTP::Authenticator.get_cert_password if windows?
       directory "cookbooks/x" do
         file "resources/_shared_properties.rb", <<-EOM
           property :content, String

data/spec/integration/solo/solo_spec.rb

@@ -18,7 +18,7 @@ describe ChefUtils::Dist::Solo::EXEC do
 
   let(:cookbook_ancient_100_metadata_rb) { cb_metadata("ancient", "1.0.0") }
 
-  let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai" }
+  let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "creates nodes" do
     let(:nodes_dir) { File.join(@repository_dir, "nodes") }
@@ -28,7 +28,7 @@ describe ChefUtils::Dist::Solo::EXEC do
       file "config/solo.rb", <<~EOM
         chef_repo_path "#{@repository_dir}"
       EOM
-      result = shell_out("bundle exec chef-solo -c \"#{path_to("config/solo.rb")}\" -l debug", cwd: chef_dir)
+      result = shell_out("bundle exec #{ChefUtils::Dist::Solo::EXEC} --minimal-ohai --always-dump-stacktrace -c \"#{path_to("config/solo.rb")}\" -l debug", cwd: chef_dir)
       result.error!
     end
 

data/spec/spec_helper.rb

@@ -144,6 +144,7 @@ RSpec.configure do |config|
   config.filter_run_excluding macos_only: true unless macos?
   config.filter_run_excluding not_macos_gte_11: true if macos_gte_11?
   config.filter_run_excluding not_supported_on_aix: true if aix?
+  config.filter_run_excluding not_supported_on_freebsd_gte_12_3: true if freebsd_gte_12_3?
   config.filter_run_excluding not_supported_on_solaris: true if solaris?
   config.filter_run_excluding not_supported_on_gce: true if gce?
   config.filter_run_excluding win2012r2_only: true unless windows_2012r2?

data/spec/support/platform_helpers.rb

@@ -127,6 +127,10 @@ def freebsd?
   RUBY_PLATFORM.include?("freebsd")
 end
 
+def freebsd_gte_12_3?
+  RUBY_PLATFORM.include?("freebsd") && !!(ohai[:platform_version].to_f >= 12.3)
+end
+
 def intel_64bit?
   !!(ohai[:kernel][:machine] == "x86_64")
 end

data/spec/support/ruby_installer.rb

@@ -48,4 +48,4 @@ rescue LoadError
   $stderr.puts "Failed to load ruby_installer. Assuming Ruby Installer is not being used."
 end
 
-add_libarchive_dll_directory if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
+add_libarchive_dll_directory if RUBY_PLATFORM.match?(/mswin|mingw|windows/)

data/spec/support/shared/functional/windows_script.rb

@@ -163,7 +163,7 @@ shared_context Chef::Resource::WindowsScript do
 
     describe "when the run action is invoked on Windows" do
       it "executes the script code" do
-        resource.code("whoami > \"#{script_output_path}\"")
+        resource.code("chcp > \"#{script_output_path}\"")
         resource.returns(0)
         resource.run_action(:run)
       end
@@ -199,7 +199,7 @@ shared_context Chef::Resource::WindowsScript do
       end
 
       it "executes the script code" do
-        resource.code("whoami > \"#{script_output_path}\"")
+        resource.code("chcp > \"#{script_output_path}\"")
         resource.returns(0)
         resource.run_action(:run)
       end

data/spec/unit/application/client_spec.rb

@@ -564,16 +564,6 @@ describe Chef::Application::Client, "run_application", :unix_only do
         expect(IO.select([@pipe[0]], nil, nil, 0)).not_to be_nil
         expect(@pipe[0].gets).to eq("finished\n")
       end
-
-      it "should exit hard when sent before converge" do
-        pid = fork do
-          sleep 3
-          @app.run_application
-        end
-        Process.kill("TERM", pid)
-        _pid, result = Process.waitpid2(pid)
-        expect(result.exitstatus).to eq(3)
-      end
     end
   end
 

data/spec/unit/client_spec.rb

@@ -23,6 +23,11 @@ require "chef/run_context"
 require "chef/server_api"
 require "rbconfig"
 
+begin
+  require "chef-powershell"
+rescue LoadError
+end
+
 class FooError < RuntimeError
 end
 
@@ -113,6 +118,7 @@ shared_context "a client run" do
     # --Client.register
     #   Make sure Client#register thinks the client key doesn't
     #   exist, so it tries to register and create one.
+    allow(Chef::HTTP::Authenticator).to receive(:detect_certificate_key).with(fqdn).and_return(false)
     allow(File).to receive(:exists?).and_call_original
     expect(File).to receive(:exists?)
       .with(Chef::Config[:client_key])
@@ -201,7 +207,6 @@ shared_context "a client run" do
 
     # Post conditions: check that node has been filled in correctly
     expect(client).to receive(:run_started)
-
     stub_for_run
   end
 end
@@ -262,7 +267,7 @@ end
 
 # requires platform and platform_version be defined
 shared_examples "a completed run" do
-  include_context "run completed"
+  include_context "run completed" # should receive run_completed_successfully
 
   it "runs ohai, sets up authentication, loads node state, synchronizes policy, converges" do
     # This is what we're testing.
@@ -282,6 +287,53 @@ shared_examples "a failed run" do
   end
 end
 
+describe Chef::Client, :windows_only do
+  let(:hostname) { "test" }
+  let(:my_client) { Chef::Client.new }
+  let(:cert_name) { "chef-#{hostname}" }
+  let(:node_name) { "#{hostname}" }
+  let(:end_date) do
+    d = Time.now
+    if d.month == 10 || d.month == 11 || d.month == 12
+      end_date = Time.new(d.year + 1, d.month - 9, d.day, d.hour, d.min, d.sec).utc.iso8601
+    else
+      end_date = Time.new(d.year, d.month + 3, d.day, d.hour, d.min, d.sec).utc.iso8601
+    end
+  end
+  # include_context "client"
+  before(:each) do
+    Chef::Config[:migrate_key_to_keystore] = true
+  end
+
+  after(:each) do
+    delete_certificate(cert_name)
+  end
+
+  context "when the client intially boots the first time" do
+    it "verfies that a certificate was correctly created and exists in the Cert Store" do
+      new_pfx = my_client.generate_pfx_package(cert_name, end_date)
+      my_client.import_pfx_to_store(new_pfx)
+      expect(my_client.check_certstore_for_key(cert_name)).not_to be false
+    end
+
+    it "correctly returns a new Publc Key" do
+      new_pfx = my_client.generate_pfx_package(cert_name, end_date)
+      cert_object = new_pfx.certificate.public_key.to_pem
+      expect(cert_object.to_s).to match(/PUBLIC KEY/)
+    end
+
+  end
+
+  def delete_certificate(cert_name)
+    require "chef/mixin/powershell_exec"
+    extend Chef::Mixin::PowershellExec
+    powershell_code = <<~CODE
+      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
+    CODE
+    powershell_exec!(powershell_code)
+  end
+end
+
 describe Chef::Client do
   include_context "client"
 
@@ -311,17 +363,14 @@ describe Chef::Client do
   describe "eol release warning" do
     it "warns when running an EOL release" do
       stub_const("Chef::VERSION", 15)
-      # added a call to client because Time.now gets invoked multiple times during instantiation. Don't mock Time until after client initialized
-      client
-      expect(Time).to receive(:now).and_return(Time.new(2024, 12, 1, 5))
-      allow(client).to receive(:eol_override).and_return(false)
-      expect(logger).to receive(:warn).with("This release of Chef Infra Client became end of life (EOL) on Nov 30, 2024. Please update to a supported release to receive new features, bug fixes, and security updates.")
+      allow(Time).to receive(:now).and_return(Time.new(2021, 5, 1, 5))
+      expect(logger).to receive(:warn).with(/This release of.*became end of life \(EOL\) on May 1st 2021/)
       client.warn_if_eol
     end
 
     it "does not warn when running an non-EOL release" do
       stub_const("Chef::VERSION", 15)
-      allow(Time).to receive(:now).and_return(Time.new(2021, 4, 30))
+      allow(Time).to receive(:now).and_return(Time.new(2021, 4, 31))
       expect(logger).to_not receive(:warn).with(/became end of life/)
       client.warn_if_eol
     end

data/spec/unit/compliance/reporter/chef_server_automate_spec.rb

@@ -170,7 +170,7 @@ describe Chef::Compliance::Reporter::ChefServerAutomate do
           "X-Ops-Userid" => "spec-node",
           "X-Remote-Request-Id" => /.+/,
         }
-      ).to_return(status: 200, body: "OK")
+      ).to_return(status: 200)
 
     expect(reporter.send_report(inspec_report)).to eq(true)
 

data/spec/unit/cookbook/syntax_check_spec.rb

@@ -159,12 +159,15 @@ describe Chef::Cookbook::SyntaxCheck do
       end
 
       describe "and a file has a syntax error" do
+
         before do
           cookbook_path = File.join(CHEF_SPEC_DATA, "cookbooks", "borken")
           syntax_check.cookbook_path.replace(cookbook_path)
         end
 
         it "it indicates that a ruby file has a syntax error" do
+          expect(Chef::Log).to receive(:fatal).with("Cookbook file borken/recipes/default.rb has a ruby syntax error.")
+          allow(Chef::Log).to receive(:fatal)
           expect(syntax_check.validate_ruby_files).to be_falsey
         end
 

data/spec/unit/http/authenticator_spec.rb

@@ -19,6 +19,70 @@
 require "spec_helper"
 require "chef/http/authenticator"
 
+describe Chef::HTTP::Authenticator, :windows_only do
+  let(:class_instance) { Chef::HTTP::Authenticator.new(client_name: "test") }
+  let(:method) { "GET" }
+  let(:url) { URI("https://chef.example.com/organizations/test") }
+  let(:headers) { {} }
+  let(:data) { "" }
+  let(:node_name) { "test" }
+  let(:passwrd) { "some_insecure_password" }
+
+  before do
+    Chef::Config[:node_name] = node_name
+    cert_name = "chef-#{node_name}"
+    d = Time.now
+    end_date = Time.new + (3600 * 24 * 90)
+    end_date = end_date.utc.iso8601
+
+    my_client = Chef::Client.new
+    pfx = my_client.generate_pfx_package(cert_name, end_date)
+    my_client.import_pfx_to_store(pfx)
+  end
+
+  after(:each) do
+    require "chef/mixin/powershell_exec"
+    extend Chef::Mixin::PowershellExec
+    cert_name = "chef-#{node_name}"
+    delete_certificate(cert_name)
+  end
+
+  context "when retrieving a certificate from the certificate store" do
+    it "retrieves a certificate password from the registry when the hive does not already exist" do
+      delete_registry_hive
+      expect { class_instance.get_cert_password }.not_to raise_error
+    end
+
+    it "should return a password of at least 14 characters in length" do
+      password = class_instance.get_cert_password
+      expect(password.length).to eql(14)
+    end
+
+    it "correctly retrieves a valid certificate in pem format from the certstore" do
+      require "openssl"
+      certificate = class_instance.retrieve_certificate_key(node_name)
+      cert_object = OpenSSL::PKey::RSA.new(certificate)
+      expect(cert_object.to_s).to match(/BEGIN RSA PRIVATE KEY/)
+    end
+  end
+
+  def delete_certificate(cert_name)
+    powershell_code = <<~CODE
+      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
+    CODE
+    powershell_exec!(powershell_code)
+  end
+
+  def delete_registry_hive
+    @win32registry = Chef::Win32::Registry.new
+    path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
+    present = @win32registry.get_values(path)
+    unless present.nil? || present.empty?
+      @win32registry.delete_key(path, true)
+    end
+  end
+end
+
 describe Chef::HTTP::Authenticator do
   let(:class_instance) { Chef::HTTP::Authenticator.new(client_name: "test") }
   let(:method) { "GET" }
@@ -26,6 +90,10 @@ describe Chef::HTTP::Authenticator do
   let(:headers) { {} }
   let(:data) { "" }
 
+  before do
+    ::Chef::Config[:node_name] = "foo"
+  end
+
   context "when handle_request is called" do
     shared_examples_for "merging the server API version into the headers" do
       before do

data/spec/unit/mixin/checksum_spec.rb

@@ -51,32 +51,4 @@ describe Chef::Mixin::Checksum do
     end
   end
 
-  describe "checksum_match?" do
-    context "when checksum cases match" do
-      it "returns true" do
-        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true
-      end
-    end
-
-    context "when one checksum is uppercase and other is lowercase" do
-      it "returns true" do
-        expect(@checksum_user.checksum_match?("U7GHBXIKK3I9BLSIMMY2Y2IONMXX", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true
-      end
-    end
-
-    context "when checksums do not match" do
-      it "returns false" do
-        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "09ee9c8cc70501763563bcf9c218")).to be false
-      end
-    end
-
-    context "when checksum is nil" do
-      it "returns false" do
-        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", nil)).to be false
-        expect(@checksum_user.checksum_match?(nil, "09ee9c8cc70501763563bcf9c218")).to be false
-        expect(@checksum_user.checksum_match?(nil, nil)).to be false
-      end
-    end
-  end
-
 end