chef 17.10.163 → 18.0.169

data/spec/integration/client/client_spec.rb

@@ -4,6 +4,10 @@ require "chef/mixin/shell_out"
 require "tiny_server"
 require "tmpdir"
 require "chef-utils/dist"
+require "chef/mixin/powershell_exec"
+
+# cspell:disable-next-line
+SOME_CHARS = "~!@#%^&*_-+=`|\\(){}[<]:;'>,.?/0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ_abcdefghijklmnopqrstuvwxyz".each_char.to_a.freeze
 
 describe "chef-client" do
 
@@ -31,8 +35,56 @@ describe "chef-client" do
     @server = @api = nil
   end
 
+  def install_certificate_in_store(client_name)
+    if ChefUtils.windows?
+      powershell_exec! <<~EOH
+        if (-not (($PSVersionTable.PSVersion.Major -ge 5) -and ($PSVersionTable.PSVersion.Build -ge 22000)) ) {
+          New-SelfSignedCertificate -CertStoreLocation Cert:\\LocalMachine\\My -DnsName "#{client_name}"
+        }
+        else {
+          New-SelfSignedCertificate -CertStoreLocation Cert:\\LocalMachine\\My -Subject "#{client_name}" -FriendlyName "#{client_name}" -KeyExportPolicy Exportable
+        }
+      EOH
+    end
+  end
+
+  def create_registry_key
+    ::Chef::HTTP::Authenticator.get_cert_password
+    # @win32registry = Chef::Win32::Registry.new
+    # path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
+    # unless @win32registry.key_exists?(path)
+    #   @win32registry.create_key(path, true)
+    # end
+    # password = SOME_CHARS.sample(1 + rand(SOME_CHARS.count)).join[0...14]
+    # values = { name: "PfxPass", type: :string, data: password }
+    # @win32registry.set_value(path, values)
+  end
+
+  def remove_certificate_from_store
+    powershell_exec! <<~EOH
+      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{client_name}" } -ErrorAction Stop | Remove-Item
+    EOH
+  end
+
+  def remove_registry_key
+    powershell_exec!("Remove-ItemProperty -Path HKLM:\\SOFTWARE\\Progress\\Authentication -Name 'PfxPass' ")
+  end
+
+  def verify_export_password_exists
+    powershell_exec! <<~EOH
+    Try {
+      $response = Get-ItemProperty -Path "HKLM:\\Software\\Progress\\Authentication" -Name "PfxPass" -ErrorAction Stop
+      if ($response) {return $true}
+      }
+    Catch {
+        return $false
+    }
+    EOH
+  end
+
   include IntegrationSupport
   include Chef::Mixin::ShellOut
+  include Chef::Mixin::PowershellExec
 
   let(:chef_dir) { File.join(__dir__, "..", "..", "..") }
 
@@ -45,8 +97,10 @@ describe "chef-client" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai" }
-  let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
+  let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai --always-dump-stacktrace" }
+  let(:client_name) { "chef-973334" }
+  let(:hostname) { "973334" }
 
   context "when validation.pem in current Directory" do
     let(:validation_path) { "" }
@@ -133,7 +187,6 @@ describe "chef-client" do
         # FATAL: Configuration error NoMethodError: undefined method `xxx' for nil:NilClass
         expect(result.stdout).to include("xxx")
       end
-
     end
 
     it "should complete with success" do
@@ -146,6 +199,32 @@ describe "chef-client" do
       result.error!
     end
 
+    if ChefUtils.windows?
+      context "and the private key is in the Windows CertStore" do
+        before do
+          install_certificate_in_store(client_name)
+          create_registry_key
+        end
+
+        after do
+          remove_certificate_from_store
+          remove_registry_key
+        end
+
+        it "should verify that the cert is loaded in the LocalMachine\\My" do
+          expect(Chef::HTTP::Authenticator.check_certstore_for_key(hostname)).to eq(true)
+        end
+
+        it "should verify that the export password for the pfx is loaded in the Registry" do
+          expect(verify_export_password_exists.result).to eq(true)
+        end
+
+        it "should verify that a private key is returned to me" do
+          expect(Chef::HTTP::Authenticator.retrieve_certificate_key(client_name)).not_to be nil
+        end
+      end
+    end
+
     context "and a private key" do
       before do
         file "mykey.pem", <<~EOM

data/spec/integration/client/exit_code_spec.rb

@@ -23,7 +23,7 @@ describe "chef-client" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --no-fork --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --no-fork --minimal-ohai --always-dump-stacktrace" }
 
   let(:critical_env_vars) { %w{PATH RUBYOPT BUNDLE_GEMFILE GEM_PATH}.map { |o| "#{o}=#{ENV[o]}" } .join(" ") }
 

data/spec/integration/client/ipv6_spec.rb

@@ -76,7 +76,7 @@ describe "chef-client" do
 
   let(:chef_dir) { File.join(__dir__, "..", "..", "..") }
 
-  let(:chef_client_cmd) { %Q{bundle exec chef-client --minimal-ohai -c "#{path_to("config/client.rb")}" -lwarn} }
+  let(:chef_client_cmd) { %Q{bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai -c "#{path_to("config/client.rb")}" -lwarn --always-dump-stacktrace} }
 
   after do
     FileUtils.rm_rf(cache_path)

data/spec/integration/compliance/compliance_spec.rb

@@ -20,7 +20,7 @@ describe "chef-client with compliance phase" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a custom profile" do
     let(:report_file) { path_to("report_file.json") }

data/spec/integration/recipes/accumulator_spec.rb

@@ -17,7 +17,7 @@ describe "Accumulators" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   let(:aliases_temppath) do
     t = Tempfile.new("chef_accumulator_test")

data/spec/integration/recipes/lwrp_inline_resources_spec.rb

@@ -17,7 +17,7 @@ describe "LWRPs with inline resources" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   context "with a use_inline_resources provider with 'def action_a' instead of action :a" do
     class LwrpInlineResourcesTest < Chef::Resource

data/spec/integration/recipes/lwrp_spec.rb

@@ -17,7 +17,7 @@ describe "LWRPs" do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a cookbook named l-w-r-p" do
     before do

data/spec/integration/recipes/notifies_spec.rb

@@ -23,7 +23,7 @@ describe "notifications" do
   include Chef::Mixin::ShellOut
 
   let(:chef_dir) { File.expand_path("../../..", __dir__) }
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "notifies a nameless resource" do
     before do

data/spec/integration/recipes/notifying_block_spec.rb

@@ -24,7 +24,7 @@ describe "notifying_block" do
   include Chef::Mixin::ShellOut
 
   let(:chef_dir) { File.expand_path("../../..", __dir__) }
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "notifying_block test one" do
     before do

data/spec/integration/recipes/remote_directory.rb

@@ -16,7 +16,7 @@ describe Chef::Resource::RemoteDirectory do
   # machine that has omnibus chef installed. In that case we need to ensure
   # we're running `chef-client` from the source tree and not the external one.
   # cf. CHEF-4914
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a cookbook with a source_dir with two subdirectories, each with one file and subdir in a different alphabetical order" do
     before do

data/spec/integration/recipes/unified_mode_spec.rb

@@ -8,7 +8,7 @@ describe "Unified Mode" do
 
   let(:chef_dir) { File.expand_path("../../..", __dir__) }
 
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a cookbook with a unified_mode resource with a delayed notification from the second block to the first block" do
     before do

data/spec/integration/recipes/use_partial_spec.rb

@@ -23,10 +23,11 @@ describe "notifying_block" do
   include Chef::Mixin::ShellOut
 
   let(:chef_dir) { File.expand_path("../../..", __dir__) }
-  let(:chef_client) { "bundle exec chef-client --minimal-ohai" }
+  let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "has a cookbook with partial resources" do
     before do
+      ::Chef::HTTP::Authenticator.get_cert_password if windows?
       directory "cookbooks/x" do
         file "resources/_shared_properties.rb", <<-EOM
           property :content, String

data/spec/integration/solo/solo_spec.rb

@@ -18,7 +18,7 @@ describe ChefUtils::Dist::Solo::EXEC do
 
   let(:cookbook_ancient_100_metadata_rb) { cb_metadata("ancient", "1.0.0") }
 
-  let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai" }
+  let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai --always-dump-stacktrace" }
 
   when_the_repository "creates nodes" do
     let(:nodes_dir) { File.join(@repository_dir, "nodes") }
@@ -28,7 +28,7 @@ describe ChefUtils::Dist::Solo::EXEC do
       file "config/solo.rb", <<~EOM
         chef_repo_path "#{@repository_dir}"
       EOM
-      result = shell_out("bundle exec chef-solo -c \"#{path_to("config/solo.rb")}\" -l debug", cwd: chef_dir)
+      result = shell_out("bundle exec #{ChefUtils::Dist::Solo::EXEC} --minimal-ohai --always-dump-stacktrace -c \"#{path_to("config/solo.rb")}\" -l debug", cwd: chef_dir)
       result.error!
     end
 

data/spec/spec_helper.rb

@@ -138,15 +138,13 @@ RSpec.configure do |config|
 
   config.filter_run_excluding skip_buildkite: true if ENV["BUILDKITE"]
 
-  config.filter_run_excluding fips_mode: !fips_mode_build?
-
-  config.filter_run_excluding not_supported_on_freebsd_gte_12_3: true if freebsd_gte_12_3?
   config.filter_run_excluding windows_only: true unless windows?
   config.filter_run_excluding not_supported_on_windows: true if windows?
   config.filter_run_excluding not_supported_on_macos: true if macos?
   config.filter_run_excluding macos_only: true unless macos?
   config.filter_run_excluding not_macos_gte_11: true if macos_gte_11?
   config.filter_run_excluding not_supported_on_aix: true if aix?
+  config.filter_run_excluding not_supported_on_freebsd_gte_12_3: true if freebsd_gte_12_3?
   config.filter_run_excluding not_supported_on_solaris: true if solaris?
   config.filter_run_excluding not_supported_on_gce: true if gce?
   config.filter_run_excluding win2012r2_only: true unless windows_2012r2?
@@ -166,8 +164,6 @@ RSpec.configure do |config|
   config.filter_run_excluding linux_only: true unless linux?
   config.filter_run_excluding aix_only: true unless aix?
   config.filter_run_excluding suse_only: true unless suse?
-  # These aren't valid on verify pipeline because the docker container brings its own OpenSSL
-  config.filter_run_excluding openssl_version_check: true if ENV["BUILDKITE_PIPELINE_SLUG"] =~ /verify/
   config.filter_run_excluding opensuse: true unless opensuse?
   config.filter_run_excluding debian_family_only: true unless debian_family?
   config.filter_run_excluding supports_cloexec: true unless supports_cloexec?

data/spec/support/platform_helpers.rb

@@ -223,10 +223,6 @@ def aes_256_gcm?
   OpenSSL::Cipher.ciphers.include?("aes-256-gcm")
 end
 
-def fips_mode_build?
-  OpenSSL::OPENSSL_FIPS
-end
-
 def fips?
   ENV["CHEF_FIPS"] == "1"
 end

data/spec/support/ruby_installer.rb

@@ -48,4 +48,4 @@ rescue LoadError
   $stderr.puts "Failed to load ruby_installer. Assuming Ruby Installer is not being used."
 end
 
-add_libarchive_dll_directory if RUBY_PLATFORM.match?(/mswin|mingw32|windows/)
+add_libarchive_dll_directory if RUBY_PLATFORM.match?(/mswin|mingw|windows/)

data/spec/support/shared/functional/windows_script.rb

@@ -163,7 +163,7 @@ shared_context Chef::Resource::WindowsScript do
 
     describe "when the run action is invoked on Windows" do
       it "executes the script code" do
-        resource.code("whoami > \"#{script_output_path}\"")
+        resource.code("chcp > \"#{script_output_path}\"")
         resource.returns(0)
         resource.run_action(:run)
       end
@@ -199,7 +199,7 @@ shared_context Chef::Resource::WindowsScript do
       end
 
       it "executes the script code" do
-        resource.code("whoami > \"#{script_output_path}\"")
+        resource.code("chcp > \"#{script_output_path}\"")
         resource.returns(0)
         resource.run_action(:run)
       end

data/spec/unit/application/client_spec.rb

@@ -564,16 +564,6 @@ describe Chef::Application::Client, "run_application", :unix_only do
         expect(IO.select([@pipe[0]], nil, nil, 0)).not_to be_nil
         expect(@pipe[0].gets).to eq("finished\n")
       end
-
-      it "should exit hard when sent before converge" do
-        pid = fork do
-          sleep 3
-          @app.run_application
-        end
-        Process.kill("TERM", pid)
-        _pid, result = Process.waitpid2(pid)
-        expect(result.exitstatus).to eq(3)
-      end
     end
   end
 

data/spec/unit/client_spec.rb

@@ -23,6 +23,11 @@ require "chef/run_context"
 require "chef/server_api"
 require "rbconfig"
 
+begin
+  require "chef-powershell"
+rescue LoadError
+end
+
 class FooError < RuntimeError
 end
 
@@ -113,6 +118,7 @@ shared_context "a client run" do
     # --Client.register
     #   Make sure Client#register thinks the client key doesn't
     #   exist, so it tries to register and create one.
+    allow(Chef::HTTP::Authenticator).to receive(:detect_certificate_key).with(fqdn).and_return(false)
     allow(File).to receive(:exists?).and_call_original
     expect(File).to receive(:exists?)
       .with(Chef::Config[:client_key])
@@ -201,7 +207,6 @@ shared_context "a client run" do
 
     # Post conditions: check that node has been filled in correctly
     expect(client).to receive(:run_started)
-
     stub_for_run
   end
 end
@@ -262,7 +267,7 @@ end
 
 # requires platform and platform_version be defined
 shared_examples "a completed run" do
-  include_context "run completed"
+  include_context "run completed" # should receive run_completed_successfully
 
   it "runs ohai, sets up authentication, loads node state, synchronizes policy, converges" do
     # This is what we're testing.
@@ -282,6 +287,53 @@ shared_examples "a failed run" do
   end
 end
 
+describe Chef::Client, :windows_only do
+  let(:hostname) { "test" }
+  let(:my_client) { Chef::Client.new }
+  let(:cert_name) { "chef-#{hostname}" }
+  let(:node_name) { "#{hostname}" }
+  let(:end_date) do
+    d = Time.now
+    if d.month == 10 || d.month == 11 || d.month == 12
+      end_date = Time.new(d.year + 1, d.month - 9, d.day, d.hour, d.min, d.sec).utc.iso8601
+    else
+      end_date = Time.new(d.year, d.month + 3, d.day, d.hour, d.min, d.sec).utc.iso8601
+    end
+  end
+  # include_context "client"
+  before(:each) do
+    Chef::Config[:migrate_key_to_keystore] = true
+  end
+
+  after(:each) do
+    delete_certificate(cert_name)
+  end
+
+  context "when the client intially boots the first time" do
+    it "verfies that a certificate was correctly created and exists in the Cert Store" do
+      new_pfx = my_client.generate_pfx_package(cert_name, end_date)
+      my_client.import_pfx_to_store(new_pfx)
+      expect(my_client.check_certstore_for_key(cert_name)).not_to be false
+    end
+
+    it "correctly returns a new Publc Key" do
+      new_pfx = my_client.generate_pfx_package(cert_name, end_date)
+      cert_object = new_pfx.certificate.public_key.to_pem
+      expect(cert_object.to_s).to match(/PUBLIC KEY/)
+    end
+
+  end
+
+  def delete_certificate(cert_name)
+    require "chef/mixin/powershell_exec"
+    extend Chef::Mixin::PowershellExec
+    powershell_code = <<~CODE
+      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
+    CODE
+    powershell_exec!(powershell_code)
+  end
+end
+
 describe Chef::Client do
   include_context "client"
 
@@ -308,6 +360,22 @@ describe Chef::Client do
     end
   end
 
+  describe "eol release warning" do
+    it "warns when running an EOL release" do
+      stub_const("Chef::VERSION", 15)
+      allow(Time).to receive(:now).and_return(Time.new(2021, 5, 1, 5))
+      expect(logger).to receive(:warn).with(/This release of.*became end of life \(EOL\) on May 1st 2021/)
+      client.warn_if_eol
+    end
+
+    it "does not warn when running an non-EOL release" do
+      stub_const("Chef::VERSION", 15)
+      allow(Time).to receive(:now).and_return(Time.new(2021, 4, 31))
+      expect(logger).to_not receive(:warn).with(/became end of life/)
+      client.warn_if_eol
+    end
+  end
+
   describe "authentication protocol selection" do
     context "when FIPS is disabled" do
       before do

data/spec/unit/compliance/reporter/chef_server_automate_spec.rb

@@ -170,7 +170,7 @@ describe Chef::Compliance::Reporter::ChefServerAutomate do
           "X-Ops-Userid" => "spec-node",
           "X-Remote-Request-Id" => /.+/,
         }
-      ).to_return(status: 200, body: "OK")
+      ).to_return(status: 200)
 
     expect(reporter.send_report(inspec_report)).to eq(true)
 

data/spec/unit/cookbook/syntax_check_spec.rb

@@ -159,12 +159,15 @@ describe Chef::Cookbook::SyntaxCheck do
       end
 
       describe "and a file has a syntax error" do
+
         before do
           cookbook_path = File.join(CHEF_SPEC_DATA, "cookbooks", "borken")
           syntax_check.cookbook_path.replace(cookbook_path)
         end
 
         it "it indicates that a ruby file has a syntax error" do
+          expect(Chef::Log).to receive(:fatal).with("Cookbook file borken/recipes/default.rb has a ruby syntax error.")
+          allow(Chef::Log).to receive(:fatal)
           expect(syntax_check.validate_ruby_files).to be_falsey
         end
 

data/spec/unit/http/authenticator_spec.rb

@@ -19,6 +19,70 @@
 require "spec_helper"
 require "chef/http/authenticator"
 
+describe Chef::HTTP::Authenticator, :windows_only do
+  let(:class_instance) { Chef::HTTP::Authenticator.new(client_name: "test") }
+  let(:method) { "GET" }
+  let(:url) { URI("https://chef.example.com/organizations/test") }
+  let(:headers) { {} }
+  let(:data) { "" }
+  let(:node_name) { "test" }
+  let(:passwrd) { "some_insecure_password" }
+
+  before do
+    Chef::Config[:node_name] = node_name
+    cert_name = "chef-#{node_name}"
+    d = Time.now
+    end_date = Time.new + (3600 * 24 * 90)
+    end_date = end_date.utc.iso8601
+
+    my_client = Chef::Client.new
+    pfx = my_client.generate_pfx_package(cert_name, end_date)
+    my_client.import_pfx_to_store(pfx)
+  end
+
+  after(:each) do
+    require "chef/mixin/powershell_exec"
+    extend Chef::Mixin::PowershellExec
+    cert_name = "chef-#{node_name}"
+    delete_certificate(cert_name)
+  end
+
+  context "when retrieving a certificate from the certificate store" do
+    it "retrieves a certificate password from the registry when the hive does not already exist" do
+      delete_registry_hive
+      expect { class_instance.get_cert_password }.not_to raise_error
+    end
+
+    it "should return a password of at least 14 characters in length" do
+      password = class_instance.get_cert_password
+      expect(password.length).to eql(14)
+    end
+
+    it "correctly retrieves a valid certificate in pem format from the certstore" do
+      require "openssl"
+      certificate = class_instance.retrieve_certificate_key(node_name)
+      cert_object = OpenSSL::PKey::RSA.new(certificate)
+      expect(cert_object.to_s).to match(/BEGIN RSA PRIVATE KEY/)
+    end
+  end
+
+  def delete_certificate(cert_name)
+    powershell_code = <<~CODE
+      Get-ChildItem -path cert:\\LocalMachine\\My -Recurse -Force  | Where-Object { $_.Subject -Match "#{cert_name}" } | Remove-item
+    CODE
+    powershell_exec!(powershell_code)
+  end
+
+  def delete_registry_hive
+    @win32registry = Chef::Win32::Registry.new
+    path = "HKEY_LOCAL_MACHINE\\Software\\Progress\\Authentication"
+    present = @win32registry.get_values(path)
+    unless present.nil? || present.empty?
+      @win32registry.delete_key(path, true)
+    end
+  end
+end
+
 describe Chef::HTTP::Authenticator do
   let(:class_instance) { Chef::HTTP::Authenticator.new(client_name: "test") }
   let(:method) { "GET" }
@@ -26,6 +90,10 @@ describe Chef::HTTP::Authenticator do
   let(:headers) { {} }
   let(:data) { "" }
 
+  before do
+    ::Chef::Config[:node_name] = "foo"
+  end
+
   context "when handle_request is called" do
     shared_examples_for "merging the server API version into the headers" do
       before do

data/spec/unit/mixin/checksum_spec.rb

@@ -51,32 +51,4 @@ describe Chef::Mixin::Checksum do
     end
   end
 
-  describe "checksum_match?" do
-    context "when checksum cases match" do
-      it "returns true" do
-        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true
-      end
-    end
-
-    context "when one checksum is uppercase and other is lowercase" do
-      it "returns true" do
-        expect(@checksum_user.checksum_match?("U7GHBXIKK3I9BLSIMMY2Y2IONMXX", "u7ghbxikk3i9blsimmy2y2ionmxx")).to be true
-      end
-    end
-
-    context "when checksums do not match" do
-      it "returns false" do
-        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", "09ee9c8cc70501763563bcf9c218")).to be false
-      end
-    end
-
-    context "when checksum is nil" do
-      it "returns false" do
-        expect(@checksum_user.checksum_match?("u7ghbxikk3i9blsimmy2y2ionmxx", nil)).to be false
-        expect(@checksum_user.checksum_match?(nil, "09ee9c8cc70501763563bcf9c218")).to be false
-        expect(@checksum_user.checksum_match?(nil, nil)).to be false
-      end
-    end
-  end
-
 end

data/spec/unit/mixin/homebrew_user_spec.rb

@@ -47,8 +47,6 @@ describe Chef::Mixin::HomebrewUser do
     let(:user) { nil }
     let(:brew_owner) { 2001 }
     let(:default_brew_path) { "/usr/local/bin/brew" }
-    let(:default_brew_path_arm) { "/opt/homebrew/bin/brew" }
-    let(:default_brew_path_linux) { "/home/linuxbrew/.linuxbrew/bin/brew" }
     let(:stat_double) do
       d = double
       expect(d).to receive(:uid).and_return(brew_owner)
@@ -61,38 +59,16 @@ describe Chef::Mixin::HomebrewUser do
         expect(Etc).to receive(:getpwuid).with(brew_owner).and_return(OpenStruct.new(name: "name"))
       end
 
-      def false_unless_specific_value(object, method, value)
-        allow(object).to receive(method).and_return(false)
-        allow(object).to receive(method).with(value).and_return(true)
-      end
-
-      it "returns the owner of the brew executable when it is at a default location for x86_64 machines" do
-        false_unless_specific_value(File, :exist?, default_brew_path)
-        false_unless_specific_value(File, :executable?, default_brew_path)
-        allow(File).to receive(:stat).with(default_brew_path).and_return(stat_double)
-        expect(homebrew_user.find_homebrew_uid(user)).to eq(brew_owner)
-      end
-
-      it "returns the owner of the brew executable when it is at a default location for arm machines" do
-        false_unless_specific_value(File, :exist?, default_brew_path_arm)
-        false_unless_specific_value(File, :executable?, default_brew_path_arm)
-        allow(File).to receive(:stat).with(default_brew_path_arm).and_return(stat_double)
-        expect(homebrew_user.find_homebrew_uid(user)).to eq(brew_owner)
-      end
-
-      it "returns the owner of the brew executable when it is at a default location for linux machines" do
-        false_unless_specific_value(File, :exist?, default_brew_path_linux)
-        false_unless_specific_value(File, :executable?, default_brew_path_linux)
-        allow(File).to receive(:stat).with(default_brew_path_linux).and_return(stat_double)
+      it "returns the owner of the brew executable when it is at a default location" do
+        expect(File).to receive(:exist?).with(default_brew_path).and_return(true)
+        expect(File).to receive(:stat).with(default_brew_path).and_return(stat_double)
         expect(homebrew_user.find_homebrew_uid(user)).to eq(brew_owner)
       end
 
       it "returns the owner of the brew executable when it is not at a default location" do
-        allow_any_instance_of(ExampleHomebrewUser).to receive(:which).and_return("/foo")
-        false_unless_specific_value(File, :exist?, "/foo")
-        false_unless_specific_value(File, :executable?, "/foo")
+        expect(File).to receive(:exist?).with(default_brew_path).and_return(false)
         allow(homebrew_user).to receive_message_chain(:shell_out, :stdout, :strip).and_return("/foo")
-        allow(File).to receive(:stat).with("/foo").and_return(stat_double)
+        expect(File).to receive(:stat).with("/foo").and_return(stat_double)
         expect(homebrew_user.find_homebrew_uid(user)).to eq(brew_owner)
       end
 
@@ -102,7 +78,8 @@ describe Chef::Mixin::HomebrewUser do
   describe "when the homebrew user is not provided" do
 
     it "raises an error if no executable is found" do
-      expect(File).to receive(:exist?).and_return(nil).at_least(:once)
+      expect(File).to receive(:exist?).with(default_brew_path).and_return(false)
+      allow(homebrew_user).to receive_message_chain(:shell_out, :stdout, :strip).and_return("")
       expect { homebrew_user.find_homebrew_uid(user) }.to raise_error(Chef::Exceptions::CannotDetermineHomebrewOwner)
     end