chef 17.7.29 → 17.8.25

data/lib/chef/resource/execute.rb

@@ -346,7 +346,7 @@ class Chef
 
         By default, notifications are `:delayed`, that is they are queued up as they are
         triggered, and then executed at the very end of a Chef Infra Client run. To run
-        kan action immediately, use `:immediately`:
+        an action immediately, use `:immediately`:
 
         ```ruby
         template '/etc/nagios3/configures-nagios.conf' do
@@ -517,9 +517,6 @@ class Chef
         name_property: true,
         description: "An optional property to set the command to be executed if it differs from the resource block's name. Note: Use the **execute** resource to run a single command. Use multiple **execute** resource blocks to run multiple commands."
 
-      property :umask, [ String, Integer ],
-        description: "The file mode creation mask, or umask."
-
       property :creates, String,
         description: "Prevent a command from creating a file when that file already exists."
 

data/lib/chef/resource/launchd.rb

@@ -238,9 +238,6 @@ class Chef
       property :time_out, Integer,
         description: "The amount of time (in seconds) a job may be idle before it times out. If no value is specified, the default timeout value for launchd will be used."
 
-      property :umask, Integer,
-        description: "A decimal value to pass to `umask` before running a job."
-
       property :username, String,
         description: "When launchd is run as the root user, the user to run the job as."
 

data/lib/chef/resource/macos_userdefaults.rb

@@ -81,8 +81,7 @@ class Chef
       property :host, [String, Symbol],
         description: "Set either :current, :all or a hostname to set the user default at the host level.",
         desired_state: false,
-        introduced: "16.3",
-        coerce: proc { |value| to_cf_host(value) }
+        introduced: "16.3"
 
       property :value, [Integer, Float, String, TrueClass, FalseClass, Hash, Array],
         description: "The value of the key. Note: With the `type` property set to `bool`, `String` forms of Boolean true/false values that Apple accepts in the defaults command will be coerced: 0/1, 'TRUE'/'FALSE,' 'true'/false', 'YES'/'NO', or 'yes'/'no'.",
@@ -96,8 +95,7 @@ class Chef
 
       property :user, [String, Symbol],
         description: "The system user that the default will be applied to. Set :current for current user, :all for all users or pass a valid username",
-        desired_state: false,
-        coerce: proc { |value| to_cf_user(value) }
+        desired_state: false
 
       property :sudo, [TrueClass, FalseClass],
         description: "Set to true if the setting you wish to modify requires privileged access. This requires passwordless sudo for the `/usr/bin/defaults` command to be setup for the user running #{ChefUtils::Dist::Infra::PRODUCT}.",
@@ -118,7 +116,7 @@ class Chef
       action :write, description: "Write the value to the specified domain/key." do
         converge_if_changed do
           Chef::Log.debug("Updating defaults value for #{new_resource.key} in #{new_resource.domain}")
-          CF::Preferences.set!(new_resource.key, new_resource.value, new_resource.domain, new_resource.user, new_resource.host)
+          CF::Preferences.set!(new_resource.key, new_resource.value, new_resource.domain, to_cf_user(new_resource.user), to_cf_host(new_resource.host))
         end
       end
 
@@ -128,12 +126,12 @@ class Chef
 
         converge_by("delete domain:#{new_resource.domain} key:#{new_resource.key}") do
           Chef::Log.debug("Removing defaults key: #{new_resource.key}")
-          CF::Preferences.set!(new_resource.key, nil, new_resource.domain, new_resource.user, new_resource.host)
+          CF::Preferences.set!(new_resource.key, nil, new_resource.domain, to_cf_user(new_resource.user), to_cf_host(new_resource.host))
         end
       end
 
       def get_preference(new_resource)
-        CF::Preferences.get(new_resource.key, new_resource.domain, new_resource.user, new_resource.host)
+        CF::Preferences.get(new_resource.key, new_resource.domain, to_cf_user(new_resource.user), to_cf_host(new_resource.host))
       end
 
       # Return valid hostname based on the input from host property

data/lib/chef/resource/rhsm_register.rb

@@ -79,6 +79,23 @@ class Chef
         default: false, desired_state: false,
         introduced: "15.9"
 
+      property :server_url, String,
+        description: "The hostname of the subscription service to use. The default is for Customer Portal Subscription Management, subscription.rhn.redhat.com. If this option is not used, the system is registered with Customer Portal Subscription Management.",
+          introduced: "17.8"
+
+      property :base_url, String,
+        description: "The hostname of the content delivery server to use to receive updates. Both Customer Portal Subscription Management and Subscription Asset Manager use Red Hat's hosted content delivery services, with the URL https://cdn.redhat.com. Since Satellite 6 hosts its own content, the URL must be used for systems registered with Satellite 6.",
+        introduced: "17.8"
+
+      property :service_level, String,
+        description: "Sets the service level to use for subscriptions on the registering machine. This is only used with the auto_attach option.",
+        introduced: "17.8"
+
+      property :release,
+        [Float, String],
+        description: "Sets the operating system minor release to use for subscriptions for the system. Products and updates are limited to the specified minor release version. This is used only used with the auto_attach option.  For example, `release '6.4'` will append `--release=6.4` to the register command.",
+        introduced: "17.8"
+
       action :register, description: "Register the node with RHSM." do
         package "subscription-manager"
 
@@ -170,6 +187,8 @@ class Chef
               command << new_resource.activation_key.map { |key| "--activationkey=#{Shellwords.shellescape(key)}" }
               command << "--org=#{Shellwords.shellescape(new_resource.organization)}"
               command << "--name=#{Shellwords.shellescape(new_resource.system_name)}" if new_resource.system_name
+              command << "--serverurl=#{Shellwords.shellescape(new_resource.server_url)}" if new_resource.server_url
+              command << "--baseurl=#{Shellwords.shellescape(new_resource.base_url)}" if new_resource.base_url
               command << "--force" if new_resource.force
 
               return command.join(" ")
@@ -179,11 +198,23 @@ class Chef
           if new_resource.username && new_resource.password
             raise "Unable to register - you must specify environment when using username/password" if new_resource.environment.nil? && using_satellite_host?
 
+            if new_resource.service_level
+              raise "Unable to register - 'auto_attach' must be enabled when using property `service_level`." unless new_resource.auto_attach
+            end
+
+            if new_resource.release
+              raise "Unable to register - `auto_attach` must be enabled when using property `release`." unless new_resource.auto_attach
+            end
+
             command << "--username=#{Shellwords.shellescape(new_resource.username)}"
             command << "--password=#{Shellwords.shellescape(new_resource.password)}"
             command << "--environment=#{Shellwords.shellescape(new_resource.environment)}" if using_satellite_host?
             command << "--name=#{Shellwords.shellescape(new_resource.system_name)}" if new_resource.system_name
+            command << "--serverurl=#{Shellwords.shellescape(new_resource.server_url)}" if new_resource.server_url
+            command << "--baseurl=#{Shellwords.shellescape(new_resource.base_url)}" if new_resource.base_url
             command << "--auto-attach" if new_resource.auto_attach
+            command << "--servicelevel=#{Shellwords.shellescape(new_resource.service_level)}" if new_resource.service_level
+            command << "--release=#{Shellwords.shellescape(new_resource.release)}" if new_resource.release
             command << "--force" if new_resource.force
 
             return command.join(" ")

data/lib/chef/resource/support/client.erb

@@ -37,6 +37,13 @@ log_location <%= @log_location %>
 log_location <%= @log_location.inspect %>
   <% end -%>
 <% end -%>
+<%# These data_collector options are special as they have a '.' -%>
+<% unless @data_collector_server_url.nil? || @data_collector_server_url.empty? %>
+data_collector.server_url <%= @data_collector_server_url %>
+<% end %>
+<% unless @data_collector_token.nil? || @data_collector_token.empty? %>
+data_collector.token <%= @data_collector_token %>
+<% end %>
 <%# The code below is not DRY on purpose to improve readability -%>
 <% unless @start_handlers.empty? -%>
   # Do not crash if a start handler is missing / not installed yet

data/lib/chef/resource/windows_feature_powershell.rb

@@ -100,8 +100,8 @@ class Chef
             install_command << " -Source \"#{new_resource.source}\"" if new_resource.source
             install_command << " -IncludeManagementTools" if new_resource.management_tools
 
-            cmd = powershell_out!(install_command, timeout: new_resource.timeout)
-            Chef::Log.info(cmd.stdout)
+            cmd = powershell_exec!(install_command, timeout: new_resource.timeout)
+            Chef::Log.info(cmd.result)
 
             reload_cached_powershell_data # Reload cached powershell feature state
           end
@@ -115,8 +115,8 @@ class Chef
 
         unless features_to_remove.empty?
           converge_by("remove Windows feature#{"s" if features_to_remove.count > 1} #{features_to_remove.join(",")}") do
-            cmd = powershell_out!("Uninstall-WindowsFeature #{features_to_remove.join(",")}", timeout: new_resource.timeout)
-            Chef::Log.info(cmd.stdout)
+            cmd = powershell_exec!("Uninstall-WindowsFeature #{features_to_remove.join(",")}", timeout: new_resource.timeout)
+            Chef::Log.info(cmd.result)
 
             reload_cached_powershell_data # Reload cached powershell feature state
           end
@@ -132,8 +132,8 @@ class Chef
 
         unless features_to_delete.empty?
           converge_by("delete Windows feature#{"s" if features_to_delete.count > 1} #{features_to_delete.join(",")} from the image") do
-            cmd = powershell_out!("Uninstall-WindowsFeature #{features_to_delete.join(",")} -Remove", timeout: new_resource.timeout)
-            Chef::Log.info(cmd.stdout)
+            cmd = powershell_exec!("Uninstall-WindowsFeature #{features_to_delete.join(",")} -Remove", timeout: new_resource.timeout)
+            Chef::Log.info(cmd.result)
 
             reload_cached_powershell_data # Reload cached powershell feature state
           end
@@ -215,7 +215,7 @@ class Chef
         # fetch the list of available feature names and state in JSON and parse the JSON
         def parsed_feature_list
           # Grab raw feature information from WindowsFeature
-          raw_list_of_features = powershell_out!("Get-WindowsFeature | Select-Object -Property Name,InstallState | ConvertTo-Json -Compress", timeout: new_resource.timeout).stdout
+          raw_list_of_features = powershell_exec!("Get-WindowsFeature | Select-Object -Property Name,InstallState", timeout: new_resource.timeout).result
 
           Chef::JSONCompat.from_json(raw_list_of_features)
         end

data/lib/chef/resource.rb

@@ -454,7 +454,7 @@ class Chef
     # @param arg [String] The umask to apply while converging the resource.
     # @return [Boolean] The umask to apply while converging the resource.
     #
-    property :umask, String,
+    property :umask, [String, Integer],
       desired_state: false,
       introduced: "16.2",
       description: "Set a umask to be used for the duration of converging the resource. Defaults to `nil`, which means to use the system umask. Unsupported on Windows because Windows lacks a direct equivalent to UNIX's umask."

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("17.7.29")
+  VERSION = Chef::VersionString.new("17.8.25")
 end
 
 #

data/spec/functional/resource/dnf_package_spec.rb

@@ -455,7 +455,7 @@ describe Chef::Resource::DnfPackage, :requires_root, external: exclude_test do
     end
 
     context "downgrades" do
-      it "downgrades the package when allow_downgrade" do
+      it "downgrades the package when allow_downgrade is true" do
         flush_cache
         preinstall("chef_rpm-1.10-1.#{pkg_arch}.rpm")
         dnf_package "chef_rpm" do
@@ -470,6 +470,18 @@ describe Chef::Resource::DnfPackage, :requires_root, external: exclude_test do
           action :install
         end.should_not_be_updated
       end
+
+      it "does not downgrade the package when allow_downgrade is false" do
+        flush_cache
+        preinstall("chef_rpm-1.10-1.#{pkg_arch}.rpm")
+        dnf_package "chef_rpm" do
+          options default_options
+          allow_downgrade false
+          version "1.2-1"
+          action :install
+        end.should_not_be_updated
+        expect(shell_out("rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' chef_rpm").stdout.chomp).to match("^chef_rpm-1.10-1.#{pkg_arch}$")
+      end
     end
 
     context "with arches", :intel_64bit do
@@ -763,6 +775,17 @@ describe Chef::Resource::DnfPackage, :requires_root, external: exclude_test do
         end.should_not_be_updated
       end
 
+      it "downgrade on a local file with allow_downgrade false does not downgrade" do
+        preinstall("chef_rpm-1.10-1.#{pkg_arch}.rpm")
+        dnf_package "#{CHEF_SPEC_ASSETS}/yumrepo/chef_rpm-1.2-1.#{pkg_arch}.rpm" do
+          options default_options
+          allow_downgrade false
+          version "1.2-1"
+          action :install
+        end.should_not_be_updated
+        expect(shell_out("rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' chef_rpm").stdout.chomp).to match("^chef_rpm-1.10-1.#{pkg_arch}$")
+      end
+
       it "does not downgrade the package with :install" do
         preinstall("chef_rpm-1.10-1.#{pkg_arch}.rpm")
         dnf_package "#{CHEF_SPEC_ASSETS}/yumrepo/chef_rpm-1.2-1.#{pkg_arch}.rpm" do
@@ -1027,25 +1050,6 @@ describe Chef::Resource::DnfPackage, :requires_root, external: exclude_test do
           action :install
         end.should_not_be_updated
       end
-
-      it "throws a deprecation warning with allow_downgrade" do
-        Chef::Config[:treat_deprecation_warnings_as_errors] = false
-        expect(Chef).to receive(:deprecated).at_least(:once).with(:dnf_package_allow_downgrade, /^the allow_downgrade property on the dnf_package provider is not used/)
-        preinstall("chef_rpm-1.10-1.#{pkg_arch}.rpm")
-        dnf_package "chef_rpm" do
-          options default_options
-          version "1.2"
-          allow_downgrade true
-          action :install
-        end.should_be_updated
-        expect(shell_out("rpm -q chef_rpm").stdout.chomp).to match("^chef_rpm-1.2-1.#{pkg_arch}")
-        dnf_package "chef_rpm" do
-          options default_options
-          version "1.2"
-          allow_downgrade true
-          action :install
-        end.should_not_be_updated
-      end
     end
 
     context "with source arguments" do
@@ -1092,6 +1096,16 @@ describe Chef::Resource::DnfPackage, :requires_root, external: exclude_test do
         end.should_not_be_updated
       end
 
+      it "does not downgrade the package when allow_downgrade is false" do
+        preinstall("chef_rpm-1.10-1.#{pkg_arch}.rpm")
+        dnf_package "#{CHEF_SPEC_ASSETS}/yumrepo/chef_rpm-1.2-1.#{pkg_arch}.rpm" do
+          options default_options
+          allow_downgrade false
+          action :upgrade
+        end.should_not_be_updated
+        expect(shell_out("rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' chef_rpm").stdout.chomp).to match("^chef_rpm-1.10-1.#{pkg_arch}$")
+      end
+
       it "upgrades the package" do
         preinstall("chef_rpm-1.2-1.#{pkg_arch}.rpm")
         dnf_package "#{CHEF_SPEC_ASSETS}/yumrepo/chef_rpm-1.10-1.#{pkg_arch}.rpm" do

data/spec/functional/resource/dpkg_package_spec.rb

@@ -184,6 +184,22 @@ describe Chef::Resource::DpkgPackage, :requires_root, :debian_family_only, arch:
       dpkg_package.run_action(action)
       expect(dpkg_package).to be_updated_by_last_action
     end
+
+    it "should not allow downgrade a package" do
+      dpkg_package.allow_downgrade false
+      shell_out!("dpkg -i #{test1_1}")
+      set_dpkg_package_name test1_0
+      dpkg_package.run_action(action)
+      expect(dpkg_package).not_to be_updated_by_last_action
+    end
+
+    it "should allow downgrade a package" do
+      dpkg_package.allow_downgrade true
+      shell_out!("dpkg -i #{test1_1}")
+      set_dpkg_package_name test1_0
+      dpkg_package.run_action(action)
+      expect(dpkg_package).to be_updated_by_last_action
+    end
   end
 
   shared_examples_for "common behavior for remove or purge" do

data/spec/functional/resource/macos_userdefaults_spec.rb

@@ -116,4 +116,24 @@ describe Chef::Resource::MacosUserDefaults, :macos_only do
     resource.key "titlesize"
     expect { resource.run_action(:delete) }. to_not raise_error
   end
+
+  context "resource can process FFI::Pointer type" do
+    it "for host property" do
+      resource.domain "/Library/Preferences/ManagedInstalls"
+      resource.key "TestDictionaryValues"
+      resource.value "User": "/Library/Managed Installs/way_fake.log"
+      resource.host :current
+      resource.run_action(:write)
+      expect { resource.run_action(:write) }. to_not raise_error
+    end
+
+    it "for user property" do
+      resource.domain "/Library/Preferences/ManagedInstalls"
+      resource.key "TestDictionaryValues"
+      resource.value "User": "/Library/Managed Installs/way_fake.log"
+      resource.user :current
+      resource.run_action(:write)
+      expect { resource.run_action(:write) }. to_not raise_error
+    end
+  end
 end

data/spec/functional/resource/zypper_package_spec.rb

@@ -187,6 +187,13 @@ describe Chef::Resource::ZypperPackage, :requires_root, :suse_only do
         expect(zypper_package.updated_by_last_action?).to be true
         expect(shell_out("rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' chef_rpm").stdout.chomp).to match("^package chef_rpm is not installed$")
       end
+
+      it "is idempotent when a package isn't installed" do
+        FileUtils.rm_f "/etc/zypp/repos.d/chef-zypp-localtesting.repo"
+        zypper_package.run_action(:remove)
+        expect(zypper_package.updated_by_last_action?).to be false
+        expect(shell_out("rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' chef_rpm").stdout.chomp).to match("^package chef_rpm is not installed$")
+      end
     end
   end
 

data/spec/integration/client/client_spec.rb

@@ -48,6 +48,37 @@ describe "chef-client" do
   let(:chef_client) { "bundle exec #{ChefUtils::Dist::Infra::CLIENT} --minimal-ohai" }
   let(:chef_solo) { "bundle exec #{ChefUtils::Dist::Solo::EXEC} --legacy-mode --minimal-ohai" }
 
+  context "when validation.pem in current Directory" do
+    let(:validation_path) { "" }
+
+    before do
+      tempfile = Tempfile.new(validation_path)
+      tempfile.write "string"
+      tempfile.close
+      @path = tempfile.path
+      Chef::Config.validation_key = @path
+
+      file "config/client.rb", <<~EOM
+       local_mode true
+       cookbook_path "#{path_to("cookbooks")}"
+      EOM
+    end
+
+    it "should find validation.pem successfully in current dir" do
+      validation_path = "validation.pem"
+      shell_out!("#{chef_client} -c \"#{path_to("config/client.rb")}\" -K #{@path} ", cwd: chef_dir)
+    end
+
+    it "should find validation.pem successfully in current dir" do
+      validation_path = "/tmp/validation.pem"
+      shell_out!("#{chef_client} -c \"#{path_to("config/client.rb")}\" -K #{@path} ", cwd: chef_dir)
+    end
+
+    it "should find validation.pem successfully in default directory" do
+      shell_out!("#{chef_client} -c \"#{path_to("config/client.rb")}\" ", cwd: chef_dir)
+    end
+  end
+
   when_the_repository "has a cookbook with a no-op recipe" do
     before { file "cookbooks/x/recipes/default.rb", "" }
 

data/spec/unit/application/base_spec.rb

@@ -0,0 +1,40 @@
+require "spec_helper"
+
+describe Chef::Application::Base, "setup_application" do
+  let(:validation_path) { "" }
+
+  context "when validation key is supplied" do
+    before do
+      @app = Chef::Application::Base.new
+      tempfile = Tempfile.new(validation_path)
+      tempfile.write "string"
+      tempfile.close
+      @path = tempfile.path
+      Chef::Config.validation_key = @path
+    end
+
+    context "when key is in current directory" do
+      it "should find with full path of validation_key" do
+        validation_path = "validation.pem"
+        expect(Chef::Config.validation_key).to eql(@path)
+      end
+    end
+
+    context "when path is given" do
+      validation_path = "/tmp/validation.pem"
+      it "should find validation_key" do
+        expect(Chef::Config.validation_key).to eql(@path)
+      end
+    end
+  end
+
+  context "when validation key is not supplied" do
+    it "should return default path for validation_key" do
+      if windows?
+        expect(Chef::Config.validation_key).to eql("C:\\chef\\validation.pem")
+      else
+        expect(Chef::Config.validation_key).to eql("/etc/chef/validation.pem")
+      end
+    end
+  end
+end

data/spec/unit/compliance/runner_spec.rb

@@ -1,4 +1,5 @@
 require "spec_helper"
+require "tmpdir"
 
 describe Chef::Compliance::Runner do
   let(:logger) { double(:logger).as_null_object }
@@ -216,6 +217,7 @@ describe Chef::Compliance::Runner do
       node.normal["audit"]["reporter"] = [ "chef-automate" ]
       reporter_double = double("reporter", validate_config!: nil)
       expect(runner).to receive(:reporter).with("chef-automate").and_return(reporter_double)
+      expect(runner).to receive(:reporter).with("cli").and_return(reporter_double)
       runner.load_and_validate!
     end
 
@@ -278,8 +280,67 @@ describe Chef::Compliance::Runner do
       inputs = runner.inspec_opts[:inputs]
 
       expect(inputs["tacos"]).to eq("lunch")
-      expect(inputs["chef_node"]["audit"]["reporter"]).to eq("cli")
+      expect(inputs["chef_node"]["audit"]["reporter"]).to eq(nil)
       expect(inputs["chef_node"]["chef_environment"]).to eq("_default")
     end
   end
+
+  describe "interval running" do
+    let(:tempdir) { Dir.mktmpdir("chef-compliance-tests") }
+
+    before do
+      allow(runner).to receive(:report_timing_file).and_return("#{tempdir}/report_timing.json")
+    end
+
+    it "is disabled by default" do
+      expect(runner.node["audit"]["interval"]["enabled"]).to be false
+    end
+
+    it "defaults to 24 hours / 1440 minutes" do
+      expect(runner.node["audit"]["interval"]["time"]).to be 1440
+    end
+
+    it "runs when the timing file does not exist" do
+      expect(runner).to receive(:report)
+      runner.report_with_interval
+    end
+
+    it "runs when the timing file does not exist and intervals are enabled" do
+      node.normal["audit"]["interval"]["enabled"] = true
+      expect(runner).to receive(:report)
+      runner.report_with_interval
+    end
+
+    it "runs when the timing file exists and has a recent timestamp" do
+      FileUtils.touch runner.report_timing_file
+      expect(runner).to receive(:report)
+      runner.report_with_interval
+    end
+
+    it "does not runs when the timing file exists and has a recent timestamp and intervals are enabled" do
+      node.normal["audit"]["interval"]["enabled"] = true
+      FileUtils.touch runner.report_timing_file
+      expect(runner).not_to receive(:report)
+      runner.report_with_interval
+    end
+
+    it "does not runs when the timing file exists and has a recent timestamp and intervals are enabled" do
+      node.normal["audit"]["interval"]["enabled"] = true
+      FileUtils.touch runner.report_timing_file
+      ten_minutes_ago = Time.now - 600
+      File.utime ten_minutes_ago, ten_minutes_ago, runner.report_timing_file
+      expect(runner).not_to receive(:report)
+      runner.report_with_interval
+    end
+
+    it "runs when the timing file exists and has a recent timestamp and intervals are enabled and the time is short" do
+      node.normal["audit"]["interval"]["enabled"] = true
+      node.normal["audit"]["interval"]["time"] = 9
+      FileUtils.touch runner.report_timing_file
+      ten_minutes_ago = Time.now - 600
+      File.utime ten_minutes_ago, ten_minutes_ago, runner.report_timing_file
+      expect(runner).to receive(:report)
+      runner.report_with_interval
+    end
+  end
 end

data/spec/unit/file_access_control_spec.rb

@@ -35,7 +35,7 @@ describe Chef::FileAccessControl do
         @events = Chef::EventDispatch::Dispatcher.new
         @run_context = Chef::RunContext.new(@node, {}, @events)
         @current_resource = Chef::Resource::File.new("/tmp/different_file.txt")
-        @provider_requirements = Chef::Provider::ResourceRequirements.new(@resource, @run_context)
+        @provider_requirements = Chef::Provider::ResourceRequirements.new(@resource, @run_context, :create)
         @provider = double("File provider", requirements: @provider_requirements, manage_symlink_access?: false)
 
         @fac = Chef::FileAccessControl.new(@current_resource, @resource, @provider)

data/spec/unit/mixin/why_run_spec.rb

@@ -0,0 +1,53 @@
+#
+# Copyright:: Copyright (c) Chef Software Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Mixin::WhyRun::ResourceRequirements do
+  class TestResource < Chef::Resource
+    action_class do
+      def define_resource_requirements
+        requirements.assert(:boom) do |a|
+          a.assertion { raise "boom1" }
+          a.failure_message("#{raise "boom2"}")
+          a.whyrun("#{raise "boom3"}")
+        end
+      end
+    end
+
+    action :boom do
+      # nothing
+    end
+
+    action :noboom do
+      # nothing
+    end
+  end
+
+  let(:node) { Chef::Node.new }
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:run_context) { Chef::RunContext.new(node, {}, events) }
+  let(:resource) { TestResource.new("name", run_context) }
+
+  it "raises an exception for an action where the assertions raise exceptions" do
+    expect { resource.run_action(:boom) }.to raise_error(StandardError, /boom2/)
+  end
+
+  it "does not raise an exception for an action which has no assertions" do
+    resource.run_action(:noboom)
+  end
+end

data/spec/unit/provider/group/groupadd_spec.rb

@@ -169,6 +169,7 @@ describe Chef::Provider::Group::Groupadd do
 
     before do
       allow(File).to receive(:exist?).and_return(false)
+      provider.action = :modify
       provider.define_resource_requirements
     end
 

data/spec/unit/provider/group/usermod_spec.rb

@@ -58,18 +58,18 @@ describe Chef::Provider::Group::Usermod do
       end
 
       it "should raise an error when setting the entire group directly" do
+        @provider.action = :modify
         @provider.define_resource_requirements
         @provider.load_current_resource
         @provider.instance_variable_set("@group_exists", true)
-        @provider.action = :modify
         expect { @provider.run_action(@provider.process_resource_requirements) }.to raise_error(Chef::Exceptions::Group, "setting group members directly is not supported by #{@provider}, must set append true in group")
       end
 
       it "should raise an error when excluded_members are set" do
+        @provider.action = :modify
         @provider.define_resource_requirements
         @provider.load_current_resource
         @provider.instance_variable_set("@group_exists", true)
-        @provider.action = :modify
         @new_resource.append(true)
         @new_resource.excluded_members(["someone"])
         expect { @provider.run_action(@provider.process_resource_requirements) }.to raise_error(Chef::Exceptions::Group, "excluded_members is not supported by #{@provider}")

data/spec/unit/provider/ifconfig_spec.rb

@@ -61,6 +61,7 @@ describe Chef::Provider::Ifconfig do
         expect(@provider.instance_variable_get("@status").exitstatus).not_to eq(0)
       end
       it "should thrown an exception when ifconfig fails" do
+        @provider.action = :add
         @provider.define_resource_requirements
         expect { @provider.process_resource_requirements }.to raise_error Chef::Exceptions::Ifconfig
       end
@@ -81,6 +82,7 @@ describe Chef::Provider::Ifconfig do
         expect(@provider.instance_variable_get("@status").exitstatus).not_to eq(0)
       end
       it "should thrown an exception when ifconfig fails" do
+        @provider.action = :add
         @provider.define_resource_requirements
         expect { @provider.process_resource_requirements }.to raise_error Chef::Exceptions::Ifconfig
       end