chef 17.4.38-universal-mingw32 → 17.7.22-universal-mingw32

data/spec/support/ruby_installer.rb

@@ -0,0 +1,51 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+def add_libarchive_dll_directory
+  require "ruby_installer"
+  libarchive_paths = Dir.glob("{#{Gem.dir},C:/hab}/**/libarchive.dll").map { |f| File.expand_path(f) }
+  if libarchive_paths.empty?
+    $stderr.puts <<~EOL
+      !!!!
+        We couldn't find a libarchive.dll in #{Gem.dir} or C:/hab
+
+        If this is running in a CI/CD environment, this may end up causing failures
+        in the tests for archive_file. If this is not running in a CI/CD
+        environment then it may be safe to ignore this. That is especially true if
+        you're not using the Ruby Installer as your Ruby runtime.
+      !!!!
+    EOL
+    return
+  end
+
+  $stderr.puts "\nFound the following libarchive paths:\n\n#{libarchive_paths.map { |f| "- #{f}\n" }.join}\n\n"
+  libarchive_path = libarchive_paths.first
+  libarchive_dir = File.dirname(libarchive_path)
+
+  if defined?(RubyInstaller::Build) && RubyInstaller::Build.methods.include?(:add_dll_directory)
+    $stderr.puts "Adding #{libarchive_dir} as a DLL load path using RubyInstaller::Build#add_dll_directory"
+    RubyInstaller::Build.add_dll_directory(libarchive_dir)
+  elsif defined?(RubyInstaller::Runtime) && RubyInstaller::Runtime.methods.include?(:add_dll_directory)
+    $stderr.puts "Adding #{libarchive_dir} as a DLL load path using RubyInstaller::Runtime#add_dll_directory"
+    RubyInstaller::Runtime.add_dll_directory(libarchive_dir)
+  else
+    $stderr.puts "Unable to find the right namespace to call #add_dll_directory! Please raise an issue on [GitHub](https://github.com/chef/chef/issues/new/choose)."
+  end
+rescue LoadError
+  $stderr.puts "Failed to load ruby_installer. Assuming Ruby Installer is not being used."
+end
+
+add_libarchive_dll_directory if RUBY_PLATFORM =~ /mswin|mingw32|windows/

data/spec/unit/compliance/input_spec.rb

@@ -0,0 +1,104 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Input do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "ssh-01" => { "expiration_date" => Date.jd(2463810), "justification" => "waived, yo", "run" => false } } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/inputs/default.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:input) { Chef::Compliance::Input.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(input.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(input.path).to eql(path)
+  end
+
+  it "has a pathname based on the path" do
+    expect(input.pathname).to eql("default")
+  end
+
+  it "is disabled" do
+    expect(input.enabled).to eql(false)
+    expect(input.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(input.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    input.enable!
+    expect(input.enabled).to eql(true)
+    expect(input.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_input_enabled).with(input)
+    input.enable!
+  end
+
+  it "can be disabled by disable!" do
+    input.enable!
+    input.disable!
+    expect(input.enabled).to eql(false)
+    expect(input.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the data" do
+    expect(input.inspec_data).to eql(data)
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(input.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    newinput = Chef::Compliance::Input.from_yaml(events, string, path, cookbook_name)
+    expect(newinput.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newinput = Chef::Compliance::Input.from_file(events, tempfile.path, cookbook_name)
+    expect(newinput.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newinput = Chef::Compliance::Input.from_hash(events, data, path, cookbook_name)
+    expect(newinput.data).to eql(data)
+  end
+end

data/spec/unit/compliance/profile_spec.rb

@@ -0,0 +1,120 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Profile do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "copyright" => "DevSec Hardening Framework Team", "copyright_email" => "hello@dev-sec.io", "license" => "Apache-2.0", "maintainer" => "DevSec Hardening Framework Team", "name" => "ssh-baseline", "summary" => "Test-suite for best-practice SSH hardening", "supports" => [{ "os-family" => "unix" }], "title" => "DevSec SSH Baseline", "version" => "2.6.4" } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/profiles/thisdirectoryisnotthename/inspec.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:profile) { Chef::Compliance::Profile.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(profile.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(profile.path).to eql(path)
+  end
+
+  it "has a name based on the yml" do
+    expect(profile.name).to eql("ssh-baseline")
+  end
+
+  it "has a pathname based on the path" do
+    expect(profile.pathname).to eql("thisdirectoryisnotthename")
+  end
+
+  it "is disabled" do
+    expect(profile.enabled).to eql(false)
+    expect(profile.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(profile.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    profile.enable!
+    expect(profile.enabled).to eql(true)
+    expect(profile.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_profile_enabled).with(profile)
+    profile.enable!
+  end
+
+  it "can be disabled by disable!" do
+    profile.enable!
+    profile.disable!
+    expect(profile.enabled).to eql(false)
+    expect(profile.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the path" do
+    expect(profile.inspec_data).to eql( { name: "ssh-baseline", path: "/var/chef/cache/cookbooks/acme_compliance/compliance/profiles/thisdirectoryisnotthename" } )
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(profile.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+name: ssh-baseline#{" "}
+title: DevSec SSH Baseline#{" "}
+maintainer: DevSec Hardening Framework Team#{" "}
+copyright: DevSec Hardening Framework Team#{" "}
+copyright_email: hello@dev-sec.io#{" "}
+license: Apache-2.0#{" "}
+summary: Test-suite for best-practice SSH hardening#{" "}
+version: 2.6.4#{" "}
+supports:#{"     "}
+  - os-family: unix
+    EOH
+    newprofile = Chef::Compliance::Profile.from_yaml(events, string, path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+name: ssh-baseline#{" "}
+title: DevSec SSH Baseline#{" "}
+maintainer: DevSec Hardening Framework Team#{" "}
+copyright: DevSec Hardening Framework Team#{" "}
+copyright_email: hello@dev-sec.io#{" "}
+license: Apache-2.0#{" "}
+summary: Test-suite for best-practice SSH hardening#{" "}
+version: 2.6.4#{" "}
+supports:#{"     "}
+  - os-family: unix
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newprofile = Chef::Compliance::Profile.from_file(events, tempfile.path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newprofile = Chef::Compliance::Profile.from_hash(events, data, path, cookbook_name)
+    expect(newprofile.data).to eql(data)
+  end
+end

data/spec/unit/compliance/waiver_spec.rb

@@ -0,0 +1,104 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+require "tempfile"
+
+describe Chef::Compliance::Waiver do
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:data) { { "ssh-01" => { "expiration_date" => Date.jd(2463810), "justification" => "waived, yo", "run" => false } } }
+  let(:path) { "/var/chef/cache/cookbooks/acme_compliance/compliance/waivers/default.yml" }
+  let(:cookbook_name) { "acme_compliance" }
+  let(:waiver) { Chef::Compliance::Waiver.new(events, data, path, cookbook_name) }
+
+  it "has a cookbook_name" do
+    expect(waiver.cookbook_name).to eql(cookbook_name)
+  end
+
+  it "has a path" do
+    expect(waiver.path).to eql(path)
+  end
+
+  it "has a pathname based on the path" do
+    expect(waiver.pathname).to eql("default")
+  end
+
+  it "is disabled" do
+    expect(waiver.enabled).to eql(false)
+    expect(waiver.enabled?).to eql(false)
+  end
+
+  it "has an event handler" do
+    expect(waiver.events).to eql(events)
+  end
+
+  it "can be enabled by enable!" do
+    waiver.enable!
+    expect(waiver.enabled).to eql(true)
+    expect(waiver.enabled?).to eql(true)
+  end
+
+  it "enabling sends an event" do
+    expect(events).to receive(:compliance_waiver_enabled).with(waiver)
+    waiver.enable!
+  end
+
+  it "can be disabled by disable!" do
+    waiver.enable!
+    waiver.disable!
+    expect(waiver.enabled).to eql(false)
+    expect(waiver.enabled?).to eql(false)
+  end
+
+  it "has a #inspec_data method that renders the data" do
+    expect(waiver.inspec_data).to eql(data)
+  end
+
+  it "doesn't render the events in the inspect output" do
+    expect(waiver.inspect).not_to include("events")
+  end
+
+  it "inflates objects from YAML" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    newwaiver = Chef::Compliance::Waiver.from_yaml(events, string, path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+
+  it "inflates objects from files" do
+    string = <<~EOH
+ssh-01:
+  expiration_date: 2033-07-31
+  run: false
+  justification: "waived, yo"
+    EOH
+    tempfile = Tempfile.new("chef-compliance-test")
+    tempfile.write string
+    tempfile.close
+    newwaiver = Chef::Compliance::Waiver.from_file(events, tempfile.path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+
+  it "inflates objects from hashes" do
+    newwaiver = Chef::Compliance::Waiver.from_hash(events, data, path, cookbook_name)
+    expect(newwaiver.data).to eql(data)
+  end
+end

data/spec/unit/data_collector_spec.rb

@@ -164,7 +164,7 @@ describe Chef::DataCollector do
       "after" => after_resource&.state_for_resource_reporter || {},
       "before" => before_resource&.state_for_resource_reporter || {},
       "cookbook_name" => cookbook_name,
-      "cookbook_version" => cookbook_version.version,
+      "cookbook_version" => cookbook_version&.version,
       "delta" => resource_has_diff(new_resource, status) ? new_resource.diff : "",
       "duration" => duration,
       "id" => new_resource.identity,
@@ -567,6 +567,29 @@ describe Chef::DataCollector do
         it_behaves_like "sends a converge message"
       end
 
+      context "when the run contains a file resource that is up-to-date from a @recipe_files, returns nil for the version" do
+        let(:total_resource_count) { 1 }
+        let(:updated_resource_count) { 0 }
+        let(:cookbook_name) { "@recipe_files" }
+        let(:resource_record) { [ resource_record_for(new_resource, current_resource, after_resource, :create, "up-to-date", "1234") ] }
+        let(:status) { "success" }
+        let(:cookbook_version) { nil }
+
+        before do
+          allow(new_resource).to receive(:cookbook_version).and_call_original
+          events.resource_action_start(new_resource, :create)
+          events.resource_current_state_loaded(new_resource, :create, current_resource)
+          events.resource_up_to_date(new_resource, :create)
+          events.resource_after_state_loaded(new_resource, :create, after_resource)
+          new_resource.instance_variable_set(:@elapsed_time, 1.2345)
+          events.resource_completed(new_resource)
+          events.converge_complete
+          run_status.stop_clock
+        end
+
+        it_behaves_like "sends a converge message"
+      end
+
       context "when the run contains a file resource that is updated" do
         let(:total_resource_count) { 1 }
         let(:updated_resource_count) { 1 }

data/spec/unit/dsl/reboot_pending_spec.rb

@@ -36,7 +36,7 @@ describe Chef::DSL::RebootPending do
         end
 
         it 'should return true if "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations" exists' do
-          allow(recipe).to receive(:registry_value_exists?).with('HKLM\SYSTEM\CurrentControlSet\Control\Session Manager', { name: "PendingFileRenameOperations" }).and_return(true)
+          allow(recipe).to receive(:registry_value_exists?).with("HKLM\\SYSTEM\\CurrentControlSet\\Control\\Session Manager", { name: "PendingFileRenameOperations" }).and_return(true)
           expect(recipe.reboot_pending?).to be_truthy
         end
 

data/spec/unit/http/basic_client_spec.rb

@@ -47,6 +47,36 @@ describe "HTTP Connection" do
       expect(Net::HTTP).to receive(:new).and_return(net_http_mock)
       expect(basic_client.http_client).to eql(net_http_mock)
     end
+
+    it "allows setting net-http accessor options" do
+      basic_client = Chef::HTTP::BasicClient.new(uri, nethttp_opts: {
+        "continue_timeout" => 5,
+        "max_retries" => 5,
+        "read_timeout" => 5,
+        "write_timeout" => 5,
+        "ssl_timeout" => 5,
+      })
+      expect(basic_client.http_client.continue_timeout).to eql(5)
+      expect(basic_client.http_client.max_retries).to eql(5)
+      expect(basic_client.http_client.read_timeout).to eql(5)
+      expect(basic_client.http_client.write_timeout).to eql(5)
+      expect(basic_client.http_client.ssl_timeout).to eql(5)
+    end
+
+    it "allows setting net-http accssor options as symbols" do
+      basic_client = Chef::HTTP::BasicClient.new(uri, nethttp_opts: {
+        continue_timeout: 5,
+        max_retries: 5,
+        read_timeout: 5,
+        write_timeout: 5,
+        ssl_timeout: 5,
+      })
+      expect(basic_client.http_client.continue_timeout).to eql(5)
+      expect(basic_client.http_client.max_retries).to eql(5)
+      expect(basic_client.http_client.read_timeout).to eql(5)
+      expect(basic_client.http_client.write_timeout).to eql(5)
+      expect(basic_client.http_client.ssl_timeout).to eql(5)
+    end
   end
 
   describe "#build_http_client" do

data/spec/unit/http_spec.rb

@@ -46,13 +46,19 @@ describe Chef::HTTP do
   describe "#initialize" do
     it "accepts a keepalive option and passes it to the http_client" do
       http = Chef::HTTP.new(uri, keepalives: true)
-      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: true).and_call_original
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: {}, keepalives: true).and_call_original
       expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
     end
 
     it "the default is not to use keepalives" do
       http = Chef::HTTP.new(uri)
-      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, keepalives: false).and_call_original
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: {}, keepalives: false).and_call_original
+      expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
+    end
+
+    it "allows setting the nethttp options hash" do
+      http = Chef::HTTP.new(uri, { nethttp: { "continue_timeout" => 5 } })
+      expect(Chef::HTTP::BasicClient).to receive(:new).with(uri, ssl_policy: Chef::HTTP::APISSLPolicy, nethttp_opts: { "continue_timeout" => 5 }, keepalives: false).and_call_original
       expect(http.http_client).to be_a_kind_of(Chef::HTTP::BasicClient)
     end
   end

data/spec/unit/mixin/default_paths_spec.rb

@@ -84,7 +84,7 @@ describe Chef::Mixin::DefaultPaths do
       allow(Gem).to receive(:bindir).and_return(gem_bindir)
       allow(RbConfig::CONFIG).to receive(:[]).with("bindir").and_return(ruby_bindir)
       allow(ChefUtils).to receive(:windows?).and_return(true)
-      env = { "PATH" => 'C:\Windows\system32;C:\mr\softie' }
+      env = { "PATH" => "C:\\Windows\\system32;C:\\mr\\softie" }
       @default_paths.enforce_default_paths(env)
       expect(env["PATH"]).to eq("#{gem_bindir};#{ruby_bindir};C:\\Windows\\system32;C:\\mr\\softie")
     end

data/spec/unit/mixin/securable_spec.rb

@@ -53,8 +53,8 @@ describe Chef::Mixin::Securable do
     end
 
     it "should accept group/owner names with spaces and backslashes" do
-      expect { @securable.group 'test\ group' }.not_to raise_error
-      expect { @securable.owner 'test\ group' }.not_to raise_error
+      expect { @securable.group "test\\ group" }.not_to raise_error
+      expect { @securable.owner "test\\ group" }.not_to raise_error
     end
 
     it "should accept group/owner names that are a single character or digit" do
@@ -186,7 +186,7 @@ describe Chef::Mixin::Securable do
     end
 
     it "should not accept a group name or id for group with spaces and multiple backslashes" do
-      expect { @securable.group 'test\ \group' }.to raise_error(ArgumentError)
+      expect { @securable.group "test\\ \\group" }.to raise_error(ArgumentError)
     end
 
     it "should accept a unix file mode in string form as an octal number" do

data/spec/unit/provider/cron_spec.rb

@@ -392,6 +392,27 @@ describe Chef::Provider::Cron do
         expect(cron.command).to eq("/bin/true")
       end
     end
+
+    context "with a matching entry with a commented crontab line" do
+      it "should set cron_exists" do
+        allow(@provider).to receive(:read_crontab).and_return(<<~CRONTAB)
+          0 2 * * * /some/other/command
+
+          # Chef Name: cronhole some stuff
+          #* * * * * /bin/true
+        CRONTAB
+        cron = @provider.load_current_resource
+        expect(@provider.cron_exists).to eq(true)
+        expect(@provider.cron_empty).to eq(false)
+        expect(cron.minute).to eq("*")
+        expect(cron.hour).to eq("*")
+        expect(cron.day).to eq("*")
+        expect(cron.month).to eq("*")
+        expect(cron.weekday).to eq("*")
+        expect(cron.time).to eq(nil)
+        expect(cron.property_is_set?(:command)).to eq(false)
+      end
+    end
   end
 
   describe "cron_different?" do
@@ -691,6 +712,30 @@ describe Chef::Provider::Cron do
       end
     end
 
+    context "when there is a crontab with a matching section with a commented crontab line in it" do
+      before :each do
+        @provider.cron_exists = true
+      end
+
+      it "should add the crontab to the entry" do
+        allow(@provider).to receive(:read_crontab).and_return(<<~CRONTAB)
+          0 2 * * * /some/other/command
+
+          # Chef Name: cronhole some stuff
+          # * * * * * /bin/true
+        CRONTAB
+        expect(@provider).to receive(:write_crontab).with(<<~ENDCRON)
+          0 2 * * * /some/other/command
+
+          # Chef Name: cronhole some stuff
+          * * * * * /bin/true
+          # * * * * * /bin/true
+        ENDCRON
+        @new_resource.minute "*"
+        @provider.run_action(:create)
+      end
+    end
+
     context "when there is a crontab with a matching and identical section" do
       context "when environment variable is not used" do
         before :each do

data/spec/unit/provider/link_spec.rb

@@ -125,7 +125,7 @@ describe Chef::Resource::Link do
 
   describe "when the target doesn't exist" do
     before do
-      allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
+      allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
       allow(provider.file_class).to receive(:symlink?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
       provider.load_current_resource
     end
@@ -152,13 +152,16 @@ describe Chef::Resource::Link do
       allow(stat).to receive(:mode).and_return(0755)
       allow(provider.file_class).to receive(:stat).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(stat)
 
-      allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(true)
+      # XXX: this might be broken?  it preserves prior behavior in the specs caused by File.exist?/exists? interactions
+      allow(Chef::ScanAccessControl).to receive(:new).and_return(instance_double(Chef::ScanAccessControl, set_all!: nil))
+
+      allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(true)
       allow(provider.file_class).to receive(:symlink?).with("#{CHEF_SPEC_DATA}/fofile-link").and_return(false)
     end
 
     describe "and the source does not exist" do
       before do
-        allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile").and_return(false)
+        expect(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile").and_return(false)
         provider.load_current_resource
       end
 
@@ -185,7 +188,7 @@ describe Chef::Resource::Link do
 
         allow(provider.file_class).to receive(:stat).with("#{CHEF_SPEC_DATA}/fofile").and_return(stat)
 
-        allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
+        allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
         provider.load_current_resource
       end
 
@@ -212,7 +215,7 @@ describe Chef::Resource::Link do
 
         allow(provider.file_class).to receive(:stat).with("#{CHEF_SPEC_DATA}/fofile").and_return(stat)
 
-        allow(File).to receive(:exists?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
+        allow(File).to receive(:exist?).with("#{CHEF_SPEC_DATA}/fofile").and_return(true)
         provider.load_current_resource
       end
 
@@ -262,6 +265,9 @@ describe Chef::Resource::Link do
         "#{CHEF_SPEC_DATA}/fofile-link"
       ).and_return(stat)
 
+      # XXX: this might be broken?  it preserves prior behavior in the specs caused by File.exist?/exists? interactions
+      allow(Chef::ScanAccessControl).to receive(:new).and_return(instance_double(Chef::ScanAccessControl, set_all!: nil))
+
       provider.load_current_resource
     end
 
@@ -336,10 +342,10 @@ describe Chef::Resource::Link do
           "#{CHEF_SPEC_DATA}/fofile-link"
         ).and_return(false)
 
-        allow(File).to receive(:exists?).with(
+        allow(File).to receive(:exist?).with(
           "#{CHEF_SPEC_DATA}/fofile-link"
         ).and_return(true)
-        allow(File).to receive(:exists?).with(
+        allow(File).to receive(:exist?).with(
           "#{CHEF_SPEC_DATA}/fofile"
         ).and_return(true)
 

data/spec/unit/provider/package/rubygems_spec.rb

@@ -503,11 +503,11 @@ describe Chef::Provider::Package::Rubygems do
           platform_mock :windows do
             allow(ENV).to receive(:[]).with("PATH").and_return('C:\windows\system32;C:\windows;C:\Ruby186\bin')
             allow(ENV).to receive(:[]).with("PATHEXT").and_return(nil)
-            allow(File).to receive(:executable?).with('C:\\windows\\system32/gem').and_return(false)
-            allow(File).to receive(:executable?).with('C:\\windows/gem').and_return(false)
-            allow(File).to receive(:executable?).with('C:\\Ruby186\\bin/gem').and_return(true)
-            allow(File).to receive(:executable?).with('d:\\opscode\\chef\\bin/gem').and_return(false) # should not get here
-            allow(File).to receive(:executable?).with('d:\\opscode\\chef\\bin/gem').and_return(false) # should not get here
+            allow(File).to receive(:executable?).with("C:\\windows\\system32/gem").and_return(false)
+            allow(File).to receive(:executable?).with("C:\\windows/gem").and_return(false)
+            allow(File).to receive(:executable?).with("C:\\Ruby186\\bin/gem").and_return(true)
+            allow(File).to receive(:executable?).with("d:\\opscode\\chef\\bin/gem").and_return(false) # should not get here
+            allow(File).to receive(:executable?).with("d:\\opscode\\chef\\bin/gem").and_return(false) # should not get here
             allow(File).to receive(:executable?).with("d:/opscode/chef/embedded/bin/gem").and_return(false) # should not get here
             expect(provider.gem_env.gem_binary_location).to eq('C:\Ruby186\bin/gem')
           end