chef 17.2.29-universal-mingw32 → 17.5.22-universal-mingw32

data/lib/chef/secret_fetcher/hashi_vault.rb

@@ -0,0 +1,100 @@
+#
+# Author:: Marc Paradise (<marc@chef.io>)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "base"
+require "aws-sdk-core" # Support for aws instance profile auth
+require "vault"
+class Chef
+  class SecretFetcher
+    # == Chef::SecretFetcher::HashiVault
+    # A fetcher that fetches a secret from Hashi Vault.
+    #
+    # Does not yet support fetching with version when a versioned key store is in use.
+    # In this initial iteration the only supported authentication is IAM role-based
+    #
+    # Required config:
+    # :auth_method - one of :iam_role, :token.  default: :iam_role
+    # :vault_addr - the address of a running Vault instance, eg https://vault.example.com:8200
+    #
+    # For `:token` auth: `:token` - a Vault token valid for authentication.
+    #
+    # For `:iam_role`:  `:role_name` - the name of the role in Vault that was created
+    # to support authentication via IAM.  See the Vault documentation for details[1].
+    # A Terraform example is also available[2]
+    #
+    #
+    # [1] https://www.vaultproject.io/docs/auth/aws#recommended-vault-iam-policy
+    # [2] https://registry.terraform.io/modules/hashicorp/vault/aws/latest/examples/vault-iam-auth
+    #             an IAM principal ARN bound to it.
+    #
+    # Optional config
+    # :namespace - the namespace under which secrets are kept.  Only supported in with Vault Enterprise
+    #
+    # @example
+    #
+    # fetcher = SecretFetcher.for_service(:hashi_vault, { role_name: "testing-role", vault_addr: https://localhost:8200}, run_context )
+    # fetcher.fetch("secretkey1")
+    #
+    # @example
+    #
+    # fetcher = SecretFetcher.for_service(:hashi_vault, { auth_method: :token, token: "s.1234abcdef", vault_addr: https://localhost:8200}, run_context )
+    # fetcher.fetch("secretkey1")
+    SUPPORTED_AUTH_TYPES = %i{iam_role token}.freeze
+    class HashiVault < Base
+
+      # Validate and authenticate the current session using the configured auth strategy and parameters
+      def validate!
+        if config[:vault_addr].nil?
+          raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the Vault address in the configuration as :vault_addr")
+        end
+
+        Vault.address = config[:vault_addr]
+        Vault.namespace = config[:namespace] unless config[:namespace].nil?
+
+        case config[:auth_method]
+        when :token
+          if config[:token].nil?
+            raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the token in the configuration as :token")
+          end
+
+          Vault.auth.token(config[:token])
+        when :iam_role, nil
+          if config[:role_name].nil?
+            raise Chef::Exceptions::Secret::ConfigurationInvalid.new("You must provide the authenticating Vault role name in the configuration as :role_name")
+          end
+
+          Vault.auth.aws_iam(config[:role_name], Aws::InstanceProfileCredentials.new)
+        else
+          raise Chef::Exceptions::Secret::ConfigurationInvalid.new("Invalid :auth_method provided.  You gave #{config[:auth_method]}, expected one of :#{SUPPORTED_AUTH_TYPES.join(", :")} ")
+        end
+      end
+
+      # @param identifier [String] Identifier of the secret to be fetched, which should
+      # be the full path of that secret, eg 'secret/example'
+      # @param _version [String] not used in this implementation
+      # @return [Hash] containing key/value pairs stored at the location given in 'identifier'
+      def do_fetch(identifier, _version)
+        result = Vault.logical.read(identifier)
+        raise Chef::Exceptions::Secret::FetchFailed.new("No secret found at #{identifier}. Check to ensure that there is a secrets engine configured for that path") if result.nil?
+
+        result.data
+      end
+    end
+  end
+end
+

data/lib/chef/secret_fetcher.rb

@@ -0,0 +1,61 @@
+#
+# Author:: Marc Paradise (<marc@chef.io>)
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require_relative "exceptions"
+
+class Chef
+  class SecretFetcher
+
+    SECRET_FETCHERS = %i{example aws_secrets_manager azure_key_vault hashi_vault akeyless_vault}.freeze
+
+    # Returns a configured and validated instance
+    # of a [Chef::SecretFetcher::Base]  for the given
+    # service and configuration.
+    #
+    # @param service [Symbol] the identifier for the service that will support this request. Must be in
+    #                         SECRET_FETCHERS
+    # @param config [Hash] configuration that the secrets service requires
+    # @param run_context [Chef::RunContext] the run context this is being invoked from
+    def self.for_service(service, config, run_context)
+      fetcher = case service
+                when :example
+                  require_relative "secret_fetcher/example"
+                  Chef::SecretFetcher::Example.new(config, run_context)
+                when :aws_secrets_manager
+                  require_relative "secret_fetcher/aws_secrets_manager"
+                  Chef::SecretFetcher::AWSSecretsManager.new(config, run_context)
+                when :azure_key_vault
+                  require_relative "secret_fetcher/azure_key_vault"
+                  Chef::SecretFetcher::AzureKeyVault.new(config, run_context)
+                when :hashi_vault
+                  require_relative "secret_fetcher/hashi_vault"
+                  Chef::SecretFetcher::HashiVault.new(config, run_context)
+                when :akeyless_vault
+                  require_relative "secret_fetcher/akeyless_vault"
+                  Chef::SecretFetcher::AKeylessVault.new(config, run_context)
+                when nil, ""
+                  raise Chef::Exceptions::Secret::MissingFetcher.new(SECRET_FETCHERS)
+                else
+                  raise Chef::Exceptions::Secret::InvalidFetcherService.new("Unsupported secret service: '#{service}'", SECRET_FETCHERS)
+                end
+      fetcher.validate!
+      fetcher
+    end
+  end
+end
+

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("17.2.29")
+  VERSION = Chef::VersionString.new("17.5.22")
 end
 
 #

data/spec/functional/mixin/from_file_spec.rb

@@ -33,7 +33,7 @@ describe Chef::Mixin::FromFile do
   end
 
   class ClassTestData
-    class <<self
+    class << self
       include Chef::Mixin::FromFile
 
       def a(a = nil)

data/spec/functional/resource/archive_file_spec.rb

@@ -0,0 +1,87 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tmpdir"
+
+# Exclude this test on platforms where ffi-libarchive loading is broken
+describe Chef::Resource::ArchiveFile, :libarchive_loading_broken do
+  include RecipeDSLHelper
+
+  let(:tmp_path) { Dir.mktmpdir }
+  let(:extract_destination) { "#{tmp_path}/extract_here" }
+  let(:test_archive_path) { File.expand_path("archive_file/test_archive.tar.gz", CHEF_SPEC_DATA) }
+
+  after do
+    FileUtils.remove_entry_secure(extract_destination) if File.exist?(extract_destination)
+  end
+
+  context "when strip_components is 0" do
+    it "extracts archive to destination" do
+      af = archive_file test_archive_path do
+        destination extract_destination
+      end
+      af.should_be_updated
+
+      expect(af.strip_components).to eq(0) # Validate defaults haven't changed here
+      expect(Dir.glob("#{extract_destination}/**/*").length).to eq(4)
+      expect(Dir.exist?("#{extract_destination}/folder-1")).to eq(true)
+      expect(File.exist?("#{extract_destination}/folder-1/file-1.txt")).to eq(true)
+      expect(Dir.exist?("#{extract_destination}/folder-1/folder-2")).to eq(true)
+      expect(File.exist?("#{extract_destination}/folder-1/folder-2/file-2.txt")).to eq(true)
+    end
+  end
+
+  context "when strip_components is 1" do
+    it "extracts archive to destination, with 1 component stripped" do
+      archive_file test_archive_path do
+        destination extract_destination
+        strip_components 1
+      end.should_be_updated
+
+      expect(Dir.exist?("#{extract_destination}/folder-1")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-1/file-1.txt")).to eq(false)
+      expect(Dir.exist?("#{extract_destination}/folder-1/folder-2")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-1/folder-2/file-2.txt")).to eq(false)
+
+      expect(Dir.glob("#{extract_destination}/**/*").length).to eq(3)
+      expect(File.exist?("#{extract_destination}/file-1.txt")).to eq(true)
+      expect(Dir.exist?("#{extract_destination}/folder-2")).to eq(true)
+      expect(File.exist?("#{extract_destination}/folder-2/file-2.txt")).to eq(true)
+    end
+  end
+
+  context "when strip_components is 2" do
+    it "extracts archive to destination, with 2 components stripped" do
+      archive_file test_archive_path do
+        destination extract_destination
+        strip_components 2
+      end.should_be_updated
+
+      expect(Dir.exist?("#{extract_destination}/folder-1")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-1/file-1.txt")).to eq(false)
+      expect(Dir.exist?("#{extract_destination}/folder-1/folder-2")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-1/folder-2/file-2.txt")).to eq(false)
+      expect(File.exist?("#{extract_destination}/file-1.txt")).to eq(false)
+      expect(Dir.exist?("#{extract_destination}/folder-2")).to eq(false)
+      expect(File.exist?("#{extract_destination}/folder-2/file-2.txt")).to eq(false)
+
+      expect(Dir.glob("#{extract_destination}/**/*").length).to eq(1)
+      expect(File.exist?("#{extract_destination}/file-2.txt")).to eq(true)
+    end
+  end
+end

data/spec/functional/resource/group_spec.rb

@@ -44,6 +44,10 @@ describe Chef::Resource::Group, :requires_root_or_running_windows do
       members.shift # Get rid of GroupMembership: string
       members.include?(user)
     else
+      # TODO For some reason our temporary AIX 7.2 system does not correctly report group membership immediately after changes have been made.
+      # Adding a 2 second delay for this platform is enough to get correct results.
+      # We hope to remove this delay after we get more permanent AIX 7.2 systems in our CI pipeline. reference: https://github.com/chef/release-engineering/issues/1617
+      sleep 2 if aix? && (ohai[:platform_version] == "7.2")
       Etc.getgrnam(group_name).mem.include?(user)
     end
   end
@@ -181,7 +185,7 @@ describe Chef::Resource::Group, :requires_root_or_running_windows do
 
     describe "when the users exist" do
       before do
-        high_uid = 30000
+        high_uid = 40000
         (spec_members).each do |member|
           remove_user(member)
           create_user(member, high_uid)

data/spec/functional/resource/link_spec.rb

@@ -345,9 +345,17 @@ describe Chef::Resource::Link do
             let(:test_user) { "test-link-user" }
             before do
               user(test_user).run_action(:create)
+              # TODO For some reason our temporary AIX 7.2 system does not correctly report user existence immediately after changes have been made.
+              # Adding a 2 second delay for this platform is enough to get correct results.
+              # We hope to remove this delay after we get more permanent AIX 7.2 systems in our CI pipeline. reference: https://github.com/chef/release-engineering/issues/1617
+              sleep 2 if aix? && (ohai[:platform_version] == "7.2")
             end
             after do
               user(test_user).run_action(:remove)
+              # TODO For some reason our temporary AIX 7.2 system does not correctly report user existence immediately after changes have been made.
+              # Adding a 2 second delay for this platform is enough to get correct results.
+              # We hope to remove this delay after we get more permanent AIX 7.2 systems in our CI pipeline. reference: https://github.com/chef/release-engineering/issues/1617
+              sleep 2 if aix? && (ohai[:platform_version] == "7.2")
             end
             before(:each) do
               resource.owner(test_user)

data/spec/integration/compliance/compliance_spec.rb

@@ -47,6 +47,7 @@ describe "chef-client with compliance phase" do
         {
           "audit": {
             "compliance_phase": true,
+            "reporter": "json-file",
             "json_file": {
               "location": "#{report_file}"
             },
@@ -79,4 +80,64 @@ describe "chef-client with compliance phase" do
       expect(result["status"]).to eq("passed")
     end
   end
+
+  when_the_repository "has a compliance segment" do
+    let(:report_file) { path_to("report_file.json") }
+
+    before do
+      directory "cookbooks/x" do
+        directory "compliance" do
+          directory "profiles/my_profile" do
+            file "inspec.yml", <<~FILE
+              ---
+              name: my-profile
+            FILE
+
+            directory "controls" do
+              file "my_control.rb", <<~FILE
+                control "my control" do
+                  describe Dir.home do
+                    it { should be_kind_of String }
+                  end
+                end
+              FILE
+            end
+          end
+        end
+        file "attributes/default.rb", <<~FILE
+        default['audit']['reporter'] = "json-file"
+        default['audit']['json_file'] = {
+              "location" => "#{report_file}"
+            }
+        FILE
+        file "recipes/default.rb", <<~FILE
+          include_profile ".*::.*"
+        FILE
+      end
+      file "config/client.rb", <<~EOM
+        local_mode true
+        cookbook_path "#{path_to("cookbooks")}"
+        log_level :warn
+      EOM
+    end
+
+    it "should complete with success" do
+      result = shell_out!("#{chef_client} -c \"#{path_to("config/client.rb")}\" -r 'recipe[x]'", cwd: chef_dir)
+      result.error!
+
+      inspec_report = JSON.parse(File.read(report_file))
+      expect(inspec_report["profiles"].length).to eq(1)
+
+      profile = inspec_report["profiles"].first
+      expect(profile["name"]).to eq("my-profile")
+      expect(profile["controls"].length).to eq(1)
+
+      control = profile["controls"].first
+      expect(control["id"]).to eq("my control")
+      expect(control["results"].length).to eq(1)
+
+      result = control["results"].first
+      expect(result["status"]).to eq("passed")
+    end
+  end
 end

data/spec/integration/recipes/recipe_dsl_spec.rb

@@ -19,7 +19,7 @@ describe "Recipe DSL methods" do
         provides :base_thingy
         default_action :create
 
-        class<<self
+        class << self
           attr_accessor :created_name
           attr_accessor :created_resource
           attr_accessor :created_provider

data/spec/integration/recipes/resource_action_spec.rb

@@ -9,7 +9,7 @@ class NoActionJackson < Chef::Resource
     @foo
   end
 
-  class <<self
+  class << self
     attr_accessor :action_was
   end
 end
@@ -17,7 +17,7 @@ end
 class WeirdActionJackson < Chef::Resource
   provides :weird_action_jackson
 
-  class <<self
+  class << self
     attr_accessor :action_was
   end
 
@@ -176,7 +176,7 @@ module ResourceActionSpec
           @blarghle
         end
 
-        class <<self
+        class << self
           attr_accessor :ran_action
           attr_accessor :succeeded
           attr_accessor :ruby_block_converged
@@ -284,7 +284,7 @@ module ResourceActionSpec
             @bar = "#{value}alope" if value
             @bar
           end
-          class <<self
+          class << self
             attr_accessor :load_current_resource_ran
             attr_accessor :jackalope_ran
           end
@@ -354,8 +354,8 @@ module ResourceActionSpec
         end
 
         it "allows overridden action to have a description separate from the action defined in the base resource" do
-          expect(ActionJackson.action_description(:test1)).to eql "Original description"
-          expect(ActionJackalope.action_description(:test1)).to eql "An old action with a new description"
+          expect(ActionJackson.new("ActionJackson", nil).action_description(:test1)).to eql "Original description"
+          expect(ActionJackalope.new("ActionJackalope", nil).action_description(:test1)).to eql "An old action with a new description"
         end
 
         it "non-overridden actions run and can access overridden and non-overridden variables (but not necessarily new ones)" do

data/spec/spec_helper.rb

@@ -68,6 +68,7 @@ end
 require "spec/support/local_gems" if File.exist?(File.join(File.dirname(__FILE__), "support", "local_gems.rb"))
 
 # Explicitly require spec helpers that need to load first
+require "spec/support/ruby_installer"
 require "spec/support/platform_helpers"
 require "spec/support/shared/unit/mock_shellout"
 
@@ -186,6 +187,8 @@ RSpec.configure do |config|
   config.filter_run_excluding not_rhel7: true if rhel7?
   config.filter_run_excluding not_intel_64bit: true if intel_64bit?
 
+  config.filter_run_excluding libarchive_loading_broken: true if aix? || amazon_linux? || rhel7?
+
   # these let us use chef: ">= 13" or ruby: "~> 2.0.0" or any other Gem::Dependency-style constraint
   config.filter_run_excluding chef: DependencyProc.with(Chef::VERSION)
   config.filter_run_excluding ruby: DependencyProc.with(RUBY_VERSION)

data/spec/support/platform_helpers.rb

@@ -163,6 +163,10 @@ def aix?
   RUBY_PLATFORM.include?("aix")
 end
 
+def amazon_linux?
+  ohai[:platform_family] == "amazon"
+end
+
 def wpar?
   !((ohai[:virtualization] || {})[:wpar_no].nil?)
 end

data/spec/support/ruby_installer.rb

@@ -0,0 +1,51 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+def add_libarchive_dll_directory
+  require "ruby_installer"
+  libarchive_paths = Dir.glob("{#{Gem.dir},C:/hab}/**/libarchive.dll").map { |f| File.expand_path(f) }
+  if libarchive_paths.empty?
+    $stderr.puts <<~EOL
+      !!!!
+        We couldn't find a libarchive.dll in #{Gem.dir} or C:/hab
+
+        If this is running in a CI/CD environment, this may end up causing failures
+        in the tests for archive_file. If this is not running in a CI/CD
+        environment then it may be safe to ignore this. That is especially true if
+        you're not using the Ruby Installer as your Ruby runtime.
+      !!!!
+    EOL
+    return
+  end
+
+  $stderr.puts "\nFound the following libarchive paths:\n\n#{libarchive_paths.map { |f| "- #{f}\n" }.join}\n\n"
+  libarchive_path = libarchive_paths.first
+  libarchive_dir = File.dirname(libarchive_path)
+
+  if defined?(RubyInstaller::Build) && RubyInstaller::Build.methods.include?(:add_dll_directory)
+    $stderr.puts "Adding #{libarchive_dir} as a DLL load path using RubyInstaller::Build#add_dll_directory"
+    RubyInstaller::Build.add_dll_directory(libarchive_dir)
+  elsif defined?(RubyInstaller::Runtime) && RubyInstaller::Runtime.methods.include?(:add_dll_directory)
+    $stderr.puts "Adding #{libarchive_dir} as a DLL load path using RubyInstaller::Runtime#add_dll_directory"
+    RubyInstaller::Runtime.add_dll_directory(libarchive_dir)
+  else
+    $stderr.puts "Unable to find the right namespace to call #add_dll_directory! Please raise an issue on [GitHub](https://github.com/chef/chef/issues/new/choose)."
+  end
+rescue LoadError
+  $stderr.puts "Failed to load ruby_installer. Assuming Ruby Installer is not being used."
+end
+
+add_libarchive_dll_directory if RUBY_PLATFORM =~ /mswin|mingw32|windows/

data/spec/support/shared/unit/provider/file.rb

@@ -43,7 +43,6 @@ end
 def setup_normal_file
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(true)
-    allow(File).to receive(:exists?).with(path).and_return(true)
     allow(File).to receive(:exist?).with(path).and_return(true)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(true)
@@ -57,7 +56,6 @@ def setup_missing_file
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(false)
     allow(File).to receive(:realpath?).with(path).and_return(resource_path)
-    allow(File).to receive(:exists?).with(path).and_return(false)
     allow(File).to receive(:exist?).with(path).and_return(false)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(false)
@@ -70,7 +68,6 @@ def setup_symlink
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(true)
     allow(File).to receive(:realpath?).with(path).and_return(normalized_path)
-    allow(File).to receive(:exists?).with(path).and_return(true)
     allow(File).to receive(:exist?).with(path).and_return(true)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(true)
@@ -84,7 +81,6 @@ def setup_unwritable_file
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(false)
     allow(File).to receive(:realpath?).with(path).and_raise(Errno::ENOENT)
-    allow(File).to receive(:exists?).with(path).and_return(true)
     allow(File).to receive(:exist?).with(path).and_return(true)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(false)
@@ -97,7 +93,6 @@ def setup_missing_enclosing_directory
   [ resource_path, normalized_path, windows_path].each do |path|
     allow(File).to receive(:file?).with(path).and_return(false)
     allow(File).to receive(:realpath?).with(path).and_raise(Errno::ENOENT)
-    allow(File).to receive(:exists?).with(path).and_return(false)
     allow(File).to receive(:exist?).with(path).and_return(false)
     allow(File).to receive(:directory?).with(path).and_return(false)
     allow(File).to receive(:writable?).with(path).and_return(false)
@@ -138,7 +133,6 @@ shared_examples_for Chef::Provider::File do
   before(:each) do
     allow(content).to receive(:tempfile).and_return(tempfile)
     allow(File).to receive(:exist?).with(tempfile.path).and_call_original
-    allow(File).to receive(:exists?).with(tempfile.path).and_call_original
   end
 
   after do
@@ -547,7 +541,7 @@ shared_examples_for Chef::Provider::File do
           provider.load_current_resource
           tempfile = double("Tempfile", path: "/tmp/foo-bar-baz")
           allow(content).to receive(:tempfile).and_return(tempfile)
-          expect(File).to receive(:exists?).with("/tmp/foo-bar-baz").and_return(true)
+          expect(File).to receive(:exist?).with("/tmp/foo-bar-baz").and_return(true)
           expect(tempfile).to receive(:close).once
           expect(tempfile).to receive(:unlink).once
         end
@@ -630,7 +624,7 @@ shared_examples_for Chef::Provider::File do
       it "raises an exception when the content object returns a tempfile that does not exist" do
         tempfile = double("Tempfile", path: "/tmp/foo-bar-baz")
         expect(provider.send(:content)).to receive(:tempfile).at_least(:once).and_return(tempfile)
-        expect(File).to receive(:exists?).with("/tmp/foo-bar-baz").and_return(false)
+        expect(File).to receive(:exist?).with("/tmp/foo-bar-baz").and_return(false)
         expect { provider.send(:do_contents_changes) }.to raise_error(RuntimeError)
       end
     end