chef 18.4.2 → 18.5.0

data/lib/chef/target_io/train/http.rb

@@ -0,0 +1,117 @@
+# require_relative "../mixin/which"
+
+module TargetIO
+  module TrainCompat
+    class HTTP
+      attr_reader :last_response
+
+      def initialize(url, options = {})
+        @url = url.is_a?(URI) ? url.to_s : url
+        @options = options
+        @last_response = ""
+      end
+
+      # Send an HTTP HEAD request to the path
+      #
+      # === Parameters
+      # path:: path part of the request URL
+      def head(path, headers = {})
+        request(:HEAD, path, headers)
+      end
+
+      # Send an HTTP GET request to the path
+      #
+      # === Parameters
+      # path:: The path to GET
+      def get(path, headers = {})
+        request(:GET, path, headers)
+      end
+
+      # Send an HTTP PUT request to the path
+      #
+      # === Parameters
+      # path:: path part of the request URL
+      def put(path, json, headers = {})
+        request(:PUT, path, headers, json)
+      end
+
+      # Send an HTTP POST request to the path
+      #
+      # === Parameters
+      # path:: path part of the request URL
+      def post(path, json, headers = {})
+        request(:POST, path, headers, json)
+      end
+
+      # Send an HTTP DELETE request to the path
+      #
+      # === Parameters
+      # path:: path part of the request URL
+      def delete(path, headers = {})
+        request(:DELETE, path, headers)
+      end
+
+      # Used inside Chef::Provider::RemoteFile::HTTPS
+      def streaming_request(path, headers = {}, tempfile = nil)
+        content = get(path, headers)
+        @last_response = content
+
+        tempfile.write(content)
+        tempfile.close
+
+        tempfile
+      end
+
+      def request(method, path, headers = {}, data = false)
+        cmd = nil
+        path = path.is_a?(URI) ? path.to_s : path
+        headers.merge!(@options[:headers] || {})
+
+        SUPPORTED_COMMANDS.each do |command_name|
+          executable = which(command_name).chop
+          next if !executable || executable.empty?
+
+          # There are different ways to call (constructor, argument, combination of both)
+          full_url = if path.start_with?("http")
+                       path
+                     elsif path.empty? || @url.end_with?(path)
+                       @url
+                     else
+                       File.join(@url, path)
+                     end
+
+          cmd = send(command_name.to_sym, executable, method.to_s.upcase, full_url, headers, data)
+          break
+        end
+
+        raise "Target needs one of #{SUPPORTED_COMMANDS.join("/")} for HTTP requests to work" unless cmd
+
+        connection = Chef.run_context&.transport_connection
+        connection.run_command(cmd).stdout
+      end
+
+      SUPPORTED_COMMANDS = %w{curl wget}.freeze
+
+      # Sending data is not yet supported
+      def curl(cmd, method, url, headers, _data)
+        cmd += headers.map { |name, value| " --header '#{name}: #{value}'" }.join
+        cmd += " --request #{method} "
+        cmd += url
+      end
+
+      # Sending data is not yet supported
+      def wget(cmd, method, url, headers, _data)
+        cmd += headers.map { |name, value| " --header '#{name}: #{value}'" }.join
+        cmd += " --method #{method}"
+        cmd += " --output-document=- "
+        cmd += url
+      end
+
+      # extend Chef::Mixin::Which
+      def which(cmd)
+        connection = Chef.run_context&.transport_connection
+        connection.run_command("which #{cmd}").stdout
+      end
+    end
+  end
+end

data/lib/chef/target_io/train/io.rb

@@ -0,0 +1,13 @@
+require_relative "file"
+
+module TargetIO
+  module TrainCompat
+    class IO
+      class << self
+        def read(path)
+          TargetIO::File.read(path)
+        end
+      end
+    end
+  end
+end

data/lib/chef/target_io/train/shadow.rb

@@ -0,0 +1,52 @@
+module TargetIO
+  module TrainCompat
+    module Shadow
+      # @see https://www.rubydoc.info/gems/ruby-shadow/2.5.0
+      class Passwd
+        class << self
+          def getspnam(name)
+            content = ::TargetIO::File.read("/etc/shadow")
+            entries = __parse_shadow(content)
+            data    = entries.detect { |entry| entry["name"] == name }
+            return ::TargetIO::Shadow::Entry.new unless data
+
+            ::TargetIO::Shadow::Entry.new(
+              data["sp_namp"],
+              data["sp_pwdp"],
+              data["sp_lstchg"],
+              data["sp_min"],
+              data["sp_max"],
+              data["sp_warn"],
+              data["sp_inact"],
+              data["sp_expire"],
+              data["sp_loginclass"]
+            )
+          end
+
+          def __parse_shadow(content)
+            content.to_s.split("\n").map do |line|
+              next if line[0] == "#"
+
+              __parse_shadow_line(line)
+            end.compact
+          end
+
+          def __parse_shadow_line(line)
+            x = line.split(":")
+            {
+              # rubocop:disable Layout/AlignHash
+              "sp_namp"   => x.at(0),
+              "sp_pwdp"   => x.at(1),
+              "sp_lstchg" => x.at(2),
+              "sp_min"    => x.at(3),
+              "sp_max"    => x.at(4),
+              "sp_warn"   => x.at(5),
+              "sp_inact"  => x.at(6),
+              "sp_expire" => x.at(7),
+            }
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/target_io/train_compat.rb

@@ -0,0 +1,7 @@
+require_relative "train/dir"
+require_relative "train/etc"
+require_relative "train/file"
+require_relative "train/fileutils"
+require_relative "train/http"
+require_relative "train/io"
+require_relative "train/shadow"

data/lib/chef/target_io.rb

@@ -0,0 +1,9 @@
+require_relative "target_io/dir"
+require_relative "target_io/etc"
+require_relative "target_io/file"
+require_relative "target_io/fileutils"
+require_relative "target_io/http"
+require_relative "target_io/io"
+require_relative "target_io/shadow"
+
+require_relative "target_io/train_compat"

data/lib/chef/util/backup.rb

@@ -30,7 +30,7 @@ class Chef
       end
 
       def backup!
-        if @new_resource.backup != false && @new_resource.backup > 0 && ::File.exist?(path)
+        if @new_resource.backup != false && @new_resource.backup > 0 && ::TargetIO::File.exist?(path)
           do_backup
           # Clean up after the number of backups
           slice_number = @new_resource.backup

data/lib/chef/util/diff.rb

@@ -60,7 +60,7 @@ class Chef
 
       def use_tempfile_if_missing(file)
         tempfile = nil
-        unless File.exist?(file)
+        unless TargetIO::File.exist?(file)
           Chef::Log.trace("File #{file} does not exist to diff against, using empty tempfile")
           tempfile = Tempfile.new("chef-diff")
           file = tempfile.path
@@ -131,6 +131,19 @@ class Chef
         diff_filesize_threshold = Chef::Config[:diff_filesize_threshold]
         diff_output_threshold = Chef::Config[:diff_output_threshold]
 
+        # Download files for diffs in Target Mode, then work locally
+        if ChefConfig::Config.target_mode?
+          connection = Chef.run_context&.transport_connection
+
+          old_copy = Tempfile.new(old_file)
+          connection.download(old_file, old_copy.path) if connection.file(old_file).exist?
+          old_file = old_copy.path
+
+          new_copy = Tempfile.new(new_file)
+          connection.download(new_file, new_copy.path) if connection.file(new_file).exist?
+          new_file = new_copy.path
+        end
+
         if ::File.size(old_file) > diff_filesize_threshold || ::File.size(new_file) > diff_filesize_threshold
           return "(file sizes exceed #{diff_filesize_threshold} bytes, diff output suppressed)"
         end

data/lib/chef/util/file_edit.rb

@@ -29,9 +29,9 @@ class Chef
       public
 
       def initialize(filepath)
-        raise ArgumentError, "File '#{filepath}' does not exist" unless File.exist?(filepath)
+        raise ArgumentError, "File '#{filepath}' does not exist" unless TargetIO::File.exist?(filepath)
 
-        @editor = Editor.new(File.open(filepath, &:readlines))
+        @editor = Editor.new(TargetIO::File.open(filepath, &:readlines))
         @original_pathname = filepath
         @file_edited = false
       end
@@ -85,8 +85,8 @@ class Chef
       def write_file
         if @changes
           backup_pathname = original_pathname + ".old"
-          FileUtils.cp(original_pathname, backup_pathname, preserve: true)
-          File.open(original_pathname, "w") do |newfile|
+          TargetIO::FileUtils.cp(original_pathname, backup_pathname, preserve: true)
+          TargetIO::File.open(original_pathname, "w") do |newfile|
             editor.lines.each do |line|
               newfile.puts(line)
             end

data/lib/chef/version.rb

@@ -23,7 +23,7 @@ require_relative "version_string"
 
 class Chef
   CHEF_ROOT = File.expand_path("..", __dir__)
-  VERSION = Chef::VersionString.new("18.4.2")
+  VERSION = Chef::VersionString.new("18.5.0")
 end
 
 #

data/lib/chef.rb

@@ -32,3 +32,5 @@ require_relative "chef/handler"
 require_relative "chef/handler/json_file"
 require_relative "chef/event_dispatch/dsl"
 require_relative "chef/chef_class"
+
+require_relative "chef/target_io"

data/spec/functional/resource/remote_file_spec.rb

@@ -245,7 +245,7 @@ describe Chef::Resource::RemoteFile do
           end
         end
 
-        context "when the the file is only accessible as a specific alternate identity" do
+        context "when the file is only accessible as a specific alternate identity" do
           let(:windows_nonadmin_user) { "chefremfile2" }
           let(:windows_nonadmin_user_password) { "j82ajfxK3;2Xe2" }
           include_context "a non-admin Windows user"

data/spec/integration/client/fips_spec.rb

@@ -9,12 +9,21 @@ describe "chef-client fips" do
   after { OpenSSL.fips_mode = false }
 
   # For non-FIPS OSes/builds of Ruby, enabling FIPS should error
-  example "Error enabling fips_mode if FIPS not linked", fips_mode: false do
+  example "Error enabling fips_mode if FIPS not linked", :fips_mode_negative_test do
     expect { enable_fips }.to raise_error(OpenSSL::OpenSSLError)
   end
 
+  example "Do not error on MD5 if not fips_mode", :fips_mode_negative_test do
+    expect { OpenSSL::Digest.new("MD5", "test string for digesting") }.not_to raise_error
+  end
+
   # For FIPS OSes/builds of Ruby, enabling FIPS should not error
-  example "Do not error enabling fips_mode if FIPS linked", fips_mode: true do
+  example "Do not error enabling fips_mode if FIPS linked", :fips_mode_test do
     expect { enable_fips }.not_to raise_error
   end
+
+  example "Error on MD5 if fips_mode", :fips_mode_test do
+    enable_fips
+    expect { OpenSSL::Digest.new("MD5", "test string for digesting") }.to raise_error(OpenSSL::Digest::DigestError)
+  end
 end

data/spec/integration/client/open_ssl_spec.rb

@@ -0,0 +1,20 @@
+require "spec_helper"
+
+describe "openssl checks" do
+  let(:openssl_version_default) do
+    if windows?
+      "1.0.2zi"
+    elsif macos?
+      "1.1.1m"
+    else
+      "3.0.9"
+    end
+  end
+
+  %w{version library_version}.each do |method|
+    # macOS just picks up its own for some reason, maybe it circumvents a build step
+    example "check #{method}", not_supported_on_macos: true do
+      expect(OpenSSL.const_get("OPENSSL_#{method.upcase}")).to match(openssl_version_default), "OpenSSL doesn't match omnibus_overrides.rb"
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -138,7 +138,8 @@ RSpec.configure do |config|
 
   config.filter_run_excluding skip_buildkite: true if ENV["BUILDKITE"]
 
-  config.filter_run_excluding fips_mode: !fips_mode_build?
+  config.filter_run_excluding fips_mode_test: true unless fips_mode_build?
+  config.filter_run_excluding fips_mode_negative_test: true # disable all fips_mode negative tests
   # Skip fips on windows
   # config.filter_run_excluding :fips_mode if windows?
 
@@ -180,6 +181,7 @@ RSpec.configure do |config|
   config.filter_run_excluding aes_256_gcm_only: true unless aes_256_gcm?
   config.filter_run_excluding broken: true
   config.filter_run_excluding not_wpar: true unless wpar?
+  config.filter_run_excluding not_supported_on_s390x: true unless s390x?
   config.filter_run_excluding not_supported_under_fips: true if fips?
   config.filter_run_excluding rhel: true unless rhel?
   config.filter_run_excluding rhel6: true unless rhel6?

data/spec/support/platform_helpers.rb

@@ -67,10 +67,10 @@ end
 
 def win32_os_version
   @win32_os_version ||= begin
-    wmi = WmiLite::Wmi.new
-    host = wmi.first_of("Win32_OperatingSystem")
-    host["version"]
-  end
+                          wmi = WmiLite::Wmi.new
+                          host = wmi.first_of("Win32_OperatingSystem")
+                          host["version"]
+                        end
 end
 
 def windows_powershell_dsc?
@@ -80,7 +80,7 @@ def windows_powershell_dsc?
   begin
     wmi = WmiLite::Wmi.new("root/microsoft/windows/desiredstateconfiguration")
     lcm = wmi.query("SELECT * FROM meta_class WHERE __this ISA 'MSFT_DSCLocalConfigurationManager'")
-    supports_dsc = !! lcm
+    supports_dsc = !!lcm
   rescue WmiLite::WmiException
   end
   supports_dsc
@@ -95,7 +95,7 @@ end
 
 # detects if the hardware is 64-bit (evaluates to true in "WOW64" mode in a 32-bit app on a 64-bit system)
 def windows64?
-  windows? && ( ENV["PROCESSOR_ARCHITECTURE"] == "AMD64" || ENV["PROCESSOR_ARCHITEW6432"] == "AMD64" )
+  windows? && (ENV["PROCESSOR_ARCHITECTURE"] == "AMD64" || ENV["PROCESSOR_ARCHITEW6432"] == "AMD64")
 end
 
 # detects if the hardware is 32-bit
@@ -175,6 +175,10 @@ def wpar?
   !((ohai[:virtualization] || {})[:wpar_no].nil?)
 end
 
+def s390x?
+  RUBY_PLATFORM.include?("s390x")
+end
+
 def supports_cloexec?
   Fcntl.const_defined?(:F_SETFD) && Fcntl.const_defined?(:FD_CLOEXEC)
 end
@@ -224,7 +228,15 @@ def aes_256_gcm?
 end
 
 def fips_mode_build?
-  OpenSSL::OPENSSL_FIPS
+  if ENV.include?("BUILDKITE_LABEL") # try keying directly off Buildkite environments
+    # regex version of chef/chef-foundation:.expeditor/release.omnibus.yml:fips-platforms
+    [/el-.*-x86_64/, /el-.*-ppc64/, /el-.*aarch/, /ubuntu-/, /windows-/, /amazon-2/].any? do |os_arch|
+      ENV["BUILDKITE_LABEL"].match?(os_arch)
+    end
+  else
+    # if you're testing your local build
+    OpenSSL::OPENSSL_FIPS
+  end
 end
 
 def fips?
@@ -233,6 +245,7 @@ end
 
 class HttpHelper
   extend Ohai::Mixin::HttpHelper
+
   def self.logger
     Chef::Log
   end

data/spec/unit/client_spec.rb

@@ -384,22 +384,6 @@ describe Chef::Client do
     end
   end
 
-  describe "eol release warning" do
-    it "warns when running an EOL release" do
-      stub_const("Chef::VERSION", 15)
-      allow(Time).to receive(:now).and_return(Time.new(2021, 5, 1, 5))
-      expect(logger).to receive(:warn).with(/This release of.*became end of life \(EOL\) on May 1st 2021/)
-      client.warn_if_eol
-    end
-
-    it "does not warn when running an non-EOL release" do
-      stub_const("Chef::VERSION", 15)
-      allow(Time).to receive(:now).and_return(Time.new(2021, 4, 31))
-      expect(logger).to_not receive(:warn).with(/became end of life/)
-      client.warn_if_eol
-    end
-  end
-
   describe "authentication protocol selection" do
     context "when FIPS is disabled" do
       before do

data/spec/unit/file_cache_spec.rb

@@ -94,7 +94,71 @@ describe Chef::FileCache do
     it "searches for cached files by globbing" do
       expect(Chef::FileCache.find("snappy/**/*")).to eq(%w{snappy/patter})
     end
+  end
+
+  describe "#find handles regex-unsafe unix paths" do
+    before(:each) do
+      # Dir.mktmpdir doesn't allow regex unsafe characters (the nerve!), so we'll have to fake file lookups
+      @file_cache_path = "/tmp/[foo* ^bar]"
+      escaped_file_cache_path = '/tmp/\[foo\* ^bar\]'
+      Chef::Config[:file_cache_path] = @file_cache_path
+      allow(Chef::Util::PathHelper).to receive(:escape_glob_dir).and_return(escaped_file_cache_path)
+      allow(Dir).to receive(:[]).with(File.join(escaped_file_cache_path, "snappy/**/*")).and_return([
+        File.join(@file_cache_path, "snappy"),
+        File.join(@file_cache_path, "snappy", "patter"),
+      ])
+      allow(Dir).to receive(:[]).with(escaped_file_cache_path).and_return([
+        @file_cache_path,
+      ])
+      [
+        File.join(@file_cache_path, "snappy", "patter"),
+        File.join(@file_cache_path, "whiz", "bang"),
+      ].each do |f|
+        allow(File).to receive(:file?).with(f).and_return(true)
+      end
+      [
+        File.join(@file_cache_path, "snappy"),
+        File.join(@file_cache_path, "whiz"),
+      ].each do |f|
+        allow(File).to receive(:file?).with(f).and_return(false)
+      end
+    end
+
+    it "searches for cached files by globbing" do
+      expect(Chef::FileCache.find("snappy/**/*")).to eq(%w{snappy/patter})
+    end
+  end
 
+  describe "#find handles Windows paths" do
+    before(:each) do
+      allow(ChefUtils).to receive(:windows?).and_return(true)
+      @file_cache_path = 'C:\tmp\fakecache'
+      escaped_file_cache_path = "C:\\tmp\\fakecache"
+      Chef::Config[:file_cache_path] = @file_cache_path
+      allow(Chef::Util::PathHelper).to receive(:escape_glob_dir).and_return(escaped_file_cache_path)
+      allow(Dir).to receive(:[]).with(File.join(escaped_file_cache_path, "snappy/**/*")).and_return([
+        File.join(@file_cache_path, "snappy"),
+        File.join(@file_cache_path, "snappy", "patter"),
+      ])
+      allow(Dir).to receive(:[]).with(escaped_file_cache_path).and_return([
+        @file_cache_path,
+      ])
+      [
+        File.join(@file_cache_path, "snappy", "patter"),
+        File.join(@file_cache_path, "whiz", "bang"),
+      ].each do |f|
+        allow(File).to receive(:file?).with(f).and_return(true)
+      end
+      [
+        File.join(@file_cache_path, "snappy"),
+        File.join(@file_cache_path, "whiz"),
+      ].each do |f|
+        allow(File).to receive(:file?).with(f).and_return(false)
+      end
+    end
+    it "searches for cached files by globbing" do
+      expect(Chef::FileCache.find("snappy/**/*")).to eq(%w{snappy/patter})
+    end
   end
 
   describe "when checking for the existence of a file" do

data/spec/unit/mixin/openssl_helper_spec.rb

@@ -92,7 +92,12 @@ describe Chef::Mixin::OpenSSLHelper do
 
     context "When the dhparam.pem file does exist, and does contain a vaild dhparam key" do
       it "returns true" do
-        @dhparam_file.puts(::OpenSSL::PKey::DH.new(256).to_pem) # this is 256 to speed up specs
+        # bumped this from 256 to 1024 because OpenSSL 3.x will enforce
+        # size
+        #      OpenSSL::PKey::PKeyError:
+        #       EVP_PKEY_paramgen: modulus too small
+        # need to double check that the mixin itself doesn't allow smaller
+        @dhparam_file.puts(::OpenSSL::PKey::DH.new(1024).to_pem)
         @dhparam_file.close
         expect(instance.dhparam_pem_valid?(@dhparam_file.path)).to be_truthy
       end

data/spec/unit/provider/apt_repository_spec.rb

@@ -230,7 +230,7 @@ C5986B4F1257FFA86632CBA746181433FBB75451
     it "gets a key" do
       simples = double("HTTP")
       allow(simples).to receive(:get).and_return("\"#{key}\"")
-      expect(Chef::HTTP::Simple).to receive(:new).with(url).and_return(simples)
+      expect(Chef::HTTP::Simple).to receive(:new).with(url, {}).and_return(simples)
       expect(provider).to receive(:install_key_from_keyserver).with(key, "keyserver.ubuntu.com")
       provider.install_ppa_key("chef", "main")
     end

data/spec/unit/provider/package/chocolatey_spec.rb

@@ -36,9 +36,9 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
   # installed packages (ConEmu is upgradable)
   let(:local_list_stdout) do
     <<~EOF
-      Chocolatey v0.9.9.11
-      chocolatey|0.9.9.11
-      ConEmu|15.10.25.0
+      Chocolatey v0.9.9.10
+      chocolatey|0.9.9.12
+      ConEmu|15.10.25.2
     EOF
   end
 
@@ -47,10 +47,10 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
     allow(provider).to receive(:choco_exe).and_return(choco_exe)
     local_list_obj = double(stdout: local_list_stdout)
     allow(provider).to receive(:shell_out_compacted!).with(choco_exe, "list", "-l", "-r", { returns: [0, 2], timeout: timeout }).and_return(local_list_obj)
-    allow(provider).to receive(:powershell_exec!).with("#{choco_exe} --version").and_return(double(result: "2.1.0"))
+    allow(provider).to receive(:powershell_exec!).with("Get-ItemProperty #{choco_exe} | select-object -expandproperty versioninfo | select-object -expandproperty productversion").and_return(double(result: "2.1.0"))
     # Mock the local file system choco queries
     allow(provider).to receive(:get_local_pkg_dirs).and_return(%w{chocolatey ConEmu})
-    allow(provider).to receive(:fetch_package_versions_local).and_return({ "chocolatey" => "0.9.9.11", "conemu" => "15.10.25.0" })
+    allow(provider).to receive(:fetch_package_versions).and_return({ "chocolatey" => "0.9.9.11", "conemu" => "15.10.25.0" })
   end
 
   after(:each) do
@@ -70,10 +70,13 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
       munin-node|1.6.1.20130823
     EOF
     remote_list_obj = double(stdout: remote_list_stdout)
-    if args
-      allow(provider).to receive(:shell_out_compacted!).with(choco_exe, provider.query_command, "-r", *(package_names.sort + args), { returns: [0, 2], timeout: timeout }).and_return(remote_list_obj)
-    else
-      allow(provider).to receive(:shell_out_compacted!).with(choco_exe, provider.query_command, "-r", *(package_names.sort), { returns: [0, 2], timeout: timeout }).and_return(remote_list_obj)
+
+    package_names.each do |pkg|
+      if args
+        allow(provider).to receive(:shell_out_compacted!).with(choco_exe, provider.query_command, "-r", *([pkg] + args), { returns: [0, 2], timeout: timeout }).and_return(remote_list_obj)
+      else
+        allow(provider).to receive(:shell_out_compacted!).with(choco_exe, provider.query_command, "-r", pkg, { returns: [0, 2], timeout: timeout }).and_return(remote_list_obj)
+      end
     end
   end
 
@@ -89,12 +92,12 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
 
   describe "choco searches change with the version" do
     it "Choco V1 uses List" do
-      allow(provider).to receive(:powershell_exec!).with("#{choco_exe} --version").and_return(double(result: "1.4.0"))
+      allow(provider).to receive(:powershell_exec!).with("Get-ItemProperty #{choco_exe} | select-object -expandproperty versioninfo | select-object -expandproperty productversion").and_return(double(result: "1.4.0"))
       expect(provider.query_command).to eql("list")
     end
 
     it "Choco V2 uses Search" do
-      allow(provider).to receive(:powershell_exec!).with("#{choco_exe} --version").and_return(double(result: "2.1.0"))
+      allow(provider).to receive(:powershell_exec!).with("Get-ItemProperty #{choco_exe} | select-object -expandproperty versioninfo | select-object -expandproperty productversion").and_return(double(result: "2.1.0"))
       expect(provider.query_command).to eql("search")
     end
   end
@@ -168,6 +171,7 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
 
     it "should load and downcase names in the installed_packages hash (with disk provider)" do
       new_resource.use_choco_list(false)
+      provider.invalidate_cache
       provider.load_current_resource
       expect(provider.send(:installed_packages)).to eql(
         { "chocolatey" => "0.9.9.11", "conemu" => "15.10.25.0" }
@@ -176,9 +180,10 @@ describe Chef::Provider::Package::Chocolatey, :windows_only do
 
     it "should load and downcase names in the installed_packages hash (with choco list provider)" do
       new_resource.use_choco_list(true)
+      provider.invalidate_cache
       provider.load_current_resource
       expect(provider.send(:installed_packages)).to eql(
-        { "chocolatey" => "0.9.9.11", "conemu" => "15.10.25.0" }
+        { "chocolatey" => "0.9.9.12", "conemu" => "15.10.25.2" }
       )
     end
 

data/spec/unit/provider/package/windows_spec.rb

@@ -106,27 +106,27 @@ describe Chef::Provider::Package::Windows, :windows_only do
         provider.package_provider
       end
 
-      it "sets the package provider to MSI if the the installer type is :msi" do
+      it "sets the package provider to MSI if the installer type is :msi" do
         allow(provider).to receive(:installer_type).and_return(:msi)
         expect(provider.package_provider).to be_a(Chef::Provider::Package::Windows::MSI)
       end
 
-      it "sets the package provider to Exe if the the installer type is :inno" do
+      it "sets the package provider to Exe if the installer type is :inno" do
         allow(provider).to receive(:installer_type).and_return(:inno)
         expect(provider.package_provider).to be_a(Chef::Provider::Package::Windows::Exe)
       end
 
-      it "sets the package provider to Exe if the the installer type is :nsis" do
+      it "sets the package provider to Exe if the installer type is :nsis" do
         allow(provider).to receive(:installer_type).and_return(:nsis)
         expect(provider.package_provider).to be_a(Chef::Provider::Package::Windows::Exe)
       end
 
-      it "sets the package provider to Exe if the the installer type is :wise" do
+      it "sets the package provider to Exe if the installer type is :wise" do
         allow(provider).to receive(:installer_type).and_return(:wise)
         expect(provider.package_provider).to be_a(Chef::Provider::Package::Windows::Exe)
       end
 
-      it "sets the package provider to Exe if the the installer type is :installshield" do
+      it "sets the package provider to Exe if the installer type is :installshield" do
         allow(provider).to receive(:installer_type).and_return(:installshield)
         expect(provider.package_provider).to be_a(Chef::Provider::Package::Windows::Exe)
       end