chef 17.2.29-universal-mingw32 → 17.5.22-universal-mingw32

data/spec/unit/compliance/input_spec.rb

@@ -0,0 +1,104 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Input do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "ssh-01" => { "expiration_date" => Date.jd(2463810), "justification" => "waived, yo", "run" => false } } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/inputs/default.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:input) { Chef::Compliance::Input.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(input.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(input.path).to eql(path)
+  end
+
+  it "has a pathname based on the path" do
+    expect(input.pathname).to eql("default")
+  end
+
+  it "is disabled" do
+    expect(input.enabled).to eql(false)
+    expect(input.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(input.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    input.enable!
+    expect(input.enabled).to eql(true)
+    expect(input.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_input_enabled).with(input)
+    input.enable!
+  end
+
+  it "can be disabled by disable!" do
+    input.enable!
+    input.disable!
+    expect(input.enabled).to eql(false)
+    expect(input.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the data" do
+    expect(input.inspec_data).to eql(data)
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(input.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    newinput = Chef::Compliance::Input.from_yaml(events, string, path, cookbook_name)
+    expect(newinput.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newinput = Chef::Compliance::Input.from_file(events, tempfile.path, cookbook_name)
+    expect(newinput.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newinput = Chef::Compliance::Input.from_hash(events, data, path, cookbook_name)
+    expect(newinput.data).to eql(data)
+  end
+end

data/spec/unit/compliance/profile_spec.rb

@@ -0,0 +1,120 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Profile do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "copyright" => "DevSec Hardening Framework Team", "copyright_email" => "hello@dev-sec.io", "license" => "Apache-2.0", "maintainer" => "DevSec Hardening Framework Team", "name" => "ssh-baseline", "summary" => "Test-suite for best-practice SSH hardening", "supports" => [{ "os-family" => "unix" }], "title" => "DevSec SSH Baseline", "version" => "2.6.4" } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/profiles/thisdirectoryisnotthename/inspec.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:profile) { Chef::Compliance::Profile.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(profile.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(profile.path).to eql(path)
+  end
+
+  it "has a name based on the yml" do
+    expect(profile.name).to eql("ssh-baseline")
+  end
+
+  it "has a pathname based on the path" do
+    expect(profile.pathname).to eql("thisdirectoryisnotthename")
+  end
+
+  it "is disabled" do
+    expect(profile.enabled).to eql(false)
+    expect(profile.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(profile.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    profile.enable!
+    expect(profile.enabled).to eql(true)
+    expect(profile.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_profile_enabled).with(profile)
+    profile.enable!
+  end
+
+  it "can be disabled by disable!" do
+    profile.enable!
+    profile.disable!
+    expect(profile.enabled).to eql(false)
+    expect(profile.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the path" do
+    expect(profile.inspec_data).to eql( { name: "ssh-baseline", path: "/var/chef/cache/cookbooks/acme_compliance/compliance/profiles/thisdirectoryisnotthename" } )
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(profile.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+name: ssh-baseline#{" "}
+title: DevSec SSH Baseline#{" "}
+maintainer: DevSec Hardening Framework Team#{" "}
+copyright: DevSec Hardening Framework Team#{" "}
+copyright_email: hello@dev-sec.io#{" "}
+license: Apache-2.0#{" "}
+summary: Test-suite for best-practice SSH hardening#{" "}
+version: 2.6.4#{" "}
+supports:#{"     "}
+  - os-family: unix
+    EOH
+    newprofile = Chef::Compliance::Profile.from_yaml(events, string, path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+name: ssh-baseline#{" "}
+title: DevSec SSH Baseline#{" "}
+maintainer: DevSec Hardening Framework Team#{" "}
+copyright: DevSec Hardening Framework Team#{" "}
+copyright_email: hello@dev-sec.io#{" "}
+license: Apache-2.0#{" "}
+summary: Test-suite for best-practice SSH hardening#{" "}
+version: 2.6.4#{" "}
+supports:#{"     "}
+  - os-family: unix
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newprofile = Chef::Compliance::Profile.from_file(events, tempfile.path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newprofile = Chef::Compliance::Profile.from_hash(events, data, path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+end

data/spec/unit/compliance/runner_spec.rb

@@ -202,6 +202,16 @@ describe Chef::Compliance::Runner do
       expect { runner.load_and_validate! }.to raise_error(/^CMPL002:/)
     end
 
+    it "raises CMPL004 if both the inputs and attributes node attributes are set" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "lunch",
+      }
+      node.normal["audit"]["inputs"] = {
+        "tacos" => "lunch",
+      }
+      expect { runner.load_and_validate! }.to raise_error(/^CMPL011:/)
+    end
+
     it "validates configured reporters" do
       node.normal["audit"]["reporter"] = [ "chef-automate" ]
       reporter_double = double("reporter", validate_config!: nil)
@@ -212,6 +222,40 @@ describe Chef::Compliance::Runner do
   end
 
   describe "#inspec_opts" do
+    it "pulls inputs from the attributes setting" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "lunch",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+    end
+
+    it "pulls inputs from the inputs setting" do
+      node.normal["audit"]["inputs"] = {
+        "tacos" => "lunch",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+    end
+
+    it "favors inputs over attributes" do
+      node.normal["audit"]["attributes"] = {
+        "tacos" => "dinner",
+      }
+
+      node.normal["audit"]["inputs"] = {
+        "tacos" => "lunch",
+      }
+
+      inputs = runner.inspec_opts[:inputs]
+
+      expect(inputs["tacos"]).to eq("lunch")
+    end
+
     it "does not include chef_node in inputs by default" do
       node.normal["audit"]["attributes"] = {
         "tacos" => "lunch",
@@ -221,7 +265,7 @@ describe Chef::Compliance::Runner do
       inputs = runner.inspec_opts[:inputs]
 
       expect(inputs["tacos"]).to eq("lunch")
-      expect(inputs.key?("chef_node")).to eq(false)
+      expect(inputs.key?("chef_node")).to eq(true)
     end
 
     it "includes chef_node in inputs with chef_node_attribute_enabled set" do
@@ -234,7 +278,7 @@ describe Chef::Compliance::Runner do
       inputs = runner.inspec_opts[:inputs]
 
       expect(inputs["tacos"]).to eq("lunch")
-      expect(inputs["chef_node"]["audit"]["reporter"]).to eq(%w{json-file cli})
+      expect(inputs["chef_node"]["audit"]["reporter"]).to eq("cli")
       expect(inputs["chef_node"]["chef_environment"]).to eq("_default")
     end
   end

data/spec/unit/compliance/waiver_spec.rb

@@ -0,0 +1,104 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Waiver do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "ssh-01" => { "expiration_date" => Date.jd(2463810), "justification" => "waived, yo", "run" => false } } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/waivers/default.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:waiver) { Chef::Compliance::Waiver.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(waiver.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(waiver.path).to eql(path)
+  end
+
+  it "has a pathname based on the path" do
+    expect(waiver.pathname).to eql("default")
+  end
+
+  it "is disabled" do
+    expect(waiver.enabled).to eql(false)
+    expect(waiver.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(waiver.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    waiver.enable!
+    expect(waiver.enabled).to eql(true)
+    expect(waiver.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_waiver_enabled).with(waiver)
+    waiver.enable!
+  end
+
+  it "can be disabled by disable!" do
+    waiver.enable!
+    waiver.disable!
+    expect(waiver.enabled).to eql(false)
+    expect(waiver.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the data" do
+    expect(waiver.inspec_data).to eql(data)
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(waiver.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    newwaiver = Chef::Compliance::Waiver.from_yaml(events, string, path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newwaiver = Chef::Compliance::Waiver.from_file(events, tempfile.path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newwaiver = Chef::Compliance::Waiver.from_hash(events, data, path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+end

data/spec/unit/data_bag_item_spec.rb

@@ -73,11 +73,11 @@ describe Chef::DataBagItem do
     end
 
     it "should accept alphanum.alphanum for the id" do
-      expect { data_bag_item.raw_data = { "id" => "foo.bar" } }.to raise_error(ArgumentError)
+      expect { data_bag_item.raw_data = { "id" => "foo.bar" } }.not_to raise_error
     end
 
     it "should accept .alphanum for the id" do
-      expect { data_bag_item.raw_data = { "id" => ".bozo" } }.to raise_error(ArgumentError)
+      expect { data_bag_item.raw_data = { "id" => ".bozo" } }.not_to raise_error
     end
 
     it "should raise an exception if the id contains anything but alphanum/-/_" do

data/spec/unit/data_bag_spec.rb

@@ -49,7 +49,7 @@ describe Chef::DataBag do
       expect { @data_bag.name({}) }.to raise_error(ArgumentError)
     end
 
-    ["-", "_", "1"].each do |char|
+    [ ".", "-", "_", "1"].each do |char|
       it "should allow a '#{char}' character in the data bag name" do
         expect(@data_bag.name("clown#{char}clown")).to eq("clown#{char}clown")
       end

data/spec/unit/dsl/render_helpers_spec.rb

@@ -0,0 +1,102 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "chef/dsl/render_helpers"
+
+describe Chef::DSL::RenderHelpers do
+
+  hash = {
+          "golf": "hotel",
+          "kilo": %w{lima mike},
+          "india": {
+                    "juliett": "blue",
+                   },
+          "alpha": {
+                    "charlie": true,
+                    "bravo": 10,
+                   },
+          "echo": "foxtrot",
+         }
+
+  context "render_json" do
+    json = Chef::DSL::RenderHelpers.render_json(hash)
+    describe "JSON content" do
+      it "expected JSON output" do
+        expected = <<-EXPECTED
+{
+  "golf": "hotel",
+  "kilo": [
+    "lima",
+    "mike"
+  ],
+  "india": {
+    "juliett": "blue"
+  },
+  "alpha": {
+    "charlie": true,
+    "bravo": 10
+  },
+  "echo": "foxtrot"
+}
+        EXPECTED
+        expect(json).to eq(expected)
+      end
+    end
+  end
+
+  context "render_toml" do
+    toml = Chef::DSL::RenderHelpers.render_toml(hash)
+    describe "TOML content" do
+      it "expected TOML output" do
+        expected = <<-EXPECTED
+echo = "foxtrot"
+golf = "hotel"
+kilo = ["lima", "mike"]
+[alpha]
+bravo = 10
+charlie = true
+[india]
+juliett = "blue"
+        EXPECTED
+        expect(toml).to eq(expected)
+      end
+    end
+  end
+
+  context "render_yaml" do
+    yaml = Chef::DSL::RenderHelpers.render_yaml(hash)
+    describe "YAML content" do
+      it "expected YAML output" do
+        expected = <<-EXPECTED
+---
+golf: hotel
+kilo:
+- lima
+- mike
+india:
+  juliett: blue
+alpha:
+  charlie: true
+  bravo: 10
+echo: foxtrot
+        EXPECTED
+        expect(yaml).to eq(expected)
+      end
+    end
+  end
+end

data/spec/unit/dsl/secret_spec.rb

@@ -0,0 +1,71 @@
+#
+# Author:: Marc Paradise <marc@chef.io>
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "chef/dsl/secret"
+require "chef/secret_fetcher/base"
+class SecretDSLTester
+  include Chef::DSL::Secret
+  # Because DSL is invoked in the context of a recipe,
+  # we expect run_context to always be available when SecretFetcher::Base
+  # requests it - making it safe to mock here
+  def run_context
+    nil
+  end
+end
+
+class SecretFetcherImpl < Chef::SecretFetcher::Base
+  def do_fetch(name, version)
+    name
+  end
+end
+
+describe Chef::DSL::Secret do
+  let(:dsl) { SecretDSLTester.new }
+  it "responds to 'secret'" do
+    expect(dsl.respond_to?(:secret)).to eq true
+  end
+
+  it "uses SecretFetcher.for_service to find the fetcher" do
+    substitute_fetcher = SecretFetcherImpl.new({}, nil)
+    expect(Chef::SecretFetcher).to receive(:for_service).with(:example, {}, nil).and_return(substitute_fetcher)
+    expect(substitute_fetcher).to receive(:fetch).with("key1", nil)
+    dsl.secret(name: "key1", service: :example, config: {})
+  end
+
+  it "resolves a secret when using the example fetcher" do
+    secret_value = dsl.secret(name: "test1", service: :example, config: { "test1" => "secret value" })
+    expect(secret_value).to eq "secret value"
+  end
+
+  context "when used within a resource" do
+    let(:run_context) {
+      Chef::RunContext.new(Chef::Node.new,
+                           Chef::CookbookCollection.new(Chef::CookbookLoader.new(File.join(CHEF_SPEC_DATA, "cookbooks"))),
+                           Chef::EventDispatch::Dispatcher.new)
+    }
+
+    it "marks that resource as 'sensitive'" do
+      recipe = Chef::Recipe.new("secrets", "test", run_context)
+      recipe.zen_master "secret_test" do
+        peace secret(name: "test1", service: :example, config: { "test1" => true })
+      end
+      expect(run_context.resource_collection.lookup("zen_master[secret_test]").sensitive).to eql(true)
+    end
+  end
+end

data/spec/unit/formatters/doc_spec.rb

@@ -40,7 +40,7 @@ describe Chef::Formatters::Base do
     }
 
     formatter.policyfile_loaded(minimal_policyfile)
-    expect(out.string).to include("Using policy 'jenkins' at revision '613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073'")
+    expect(out.string).to include("Using Policyfile 'jenkins' at revision '613f803bdd035d574df7fa6da525b38df45a74ca82b38b79655efed8a189e073'")
   end
 
   it "prints cookbook name and version" do

data/spec/unit/http/basic_client_spec.rb

@@ -47,6 +47,36 @@ describe "HTTP Connection" do
       expect(Net::HTTP).to receive(:new).and_return(net_http_mock)
       expect(basic_client.http_client).to eql(net_http_mock)
     end
+
+    it "allows setting net-http accessor options" do
+      basic_client = Chef::HTTP::BasicClient.new(uri, nethttp_opts: {
+        "continue_timeout" => 5,
+        "max_retries" => 5,
+        "read_timeout" => 5,
+        "write_timeout" => 5,
+        "ssl_timeout" => 5,
+      })
+      expect(basic_client.http_client.continue_timeout).to eql(5)
+      expect(basic_client.http_client.max_retries).to eql(5)
+      expect(basic_client.http_client.read_timeout).to eql(5)
+      expect(basic_client.http_client.write_timeout).to eql(5)
+      expect(basic_client.http_client.ssl_timeout).to eql(5)
+    end
+
+    it "allows setting net-http accssor options as symbols" do
+      basic_client = Chef::HTTP::BasicClient.new(uri, nethttp_opts: {
+        continue_timeout: 5,
+        max_retries: 5,
+        read_timeout: 5,
+        write_timeout: 5,
+        ssl_timeout: 5,
+      })
+      expect(basic_client.http_client.continue_timeout).to eql(5)
+      expect(basic_client.http_client.max_retries).to eql(5)
+      expect(basic_client.http_client.read_timeout).to eql(5)
+      expect(basic_client.http_client.write_timeout).to eql(5)
+      expect(basic_client.http_client.ssl_timeout).to eql(5)
+    end
   end
 
   describe "#build_http_client" do

data/spec/unit/http_spec.rb

@@ -46,13 +46,19 @@ describe Chef::HTTP do
   describe "#initialize" do
     it "accepts a keepalive option and passes it to the http_client" do
       http = Chef::HTTP.new(uri, keepalives: true)
-      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: true).and_call_original
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: {}, keepalives: true).and_call_original
       expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
     end
 
     it "the default is not to use keepalives" do
       http = Chef::HTTP.new(uri)
-      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: false).and_call_original
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: {}, keepalives: false).and_call_original
+      expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
+    end
+
+    it "allows setting the nethttp options hash" do
+      http = Chef::HTTP.new(uri, { nethttp: { "continue_timeout" => 5 } })
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: { "continue_timeout" => 5 }, keepalives: false).and_call_original
       expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
     end
   end

data/spec/unit/policy_builder/dynamic_spec.rb

@@ -55,11 +55,6 @@ describe Chef::PolicyBuilder::Dynamic do
         expect(policy_builder).to respond_to(:load_node)
       end
 
-      it "forwards #original_runlist" do
-        expect(implementation).to receive(:original_runlist)
-        policy_builder.original_runlist
-      end
-
       it "forwards #run_context" do
         expect(implementation).to receive(:run_context)
         policy_builder.run_context