puppet 6.19.0 → 7.3.0

data/spec/unit/util/rubygems_spec.rb

@@ -33,8 +33,8 @@ describe Puppet::Util::RubyGems::Source do
   describe '::Gems18Source' do
     before(:each) { allow(described_class).to receive(:source).and_return(Puppet::Util::RubyGems::Gems18Source) }
 
-    it "#directories returns the lib subdirs of Gem::Specification.latest_specs" do
-      expect(Gem::Specification).to receive(:latest_specs).with(true).and_return([fake_gem])
+    it "#directories returns the lib subdirs of Gem::Specification.stubs" do
+      expect(Gem::Specification).to receive(:stubs).and_return([fake_gem])
 
       expect(described_class.new.directories).to eq([gem_lib])
     end

data/spec/unit/util/run_mode_spec.rb

@@ -1,12 +1,6 @@
 require 'spec_helper'
 
 describe Puppet::Util::RunMode do
-  # Discriminator for tests that attempts to unset HOME since that, for reasons currently unknown,
-  # doesn't work in Ruby >= 2.4.0
-  def self.gte_ruby_2_4
-    @gte_ruby_2_4 ||= SemanticPuppet::Version.parse(RUBY_VERSION) >= SemanticPuppet::Version.parse('2.4.0')
-  end
-
   before do
     @run_mode = Puppet::Util::RunMode.new('fake')
   end
@@ -34,14 +28,6 @@ describe Puppet::Util::RunMode do
           as_non_root { expect(@run_mode.conf_dir).to eq(File.expand_path('~/.puppetlabs/etc/puppet')) }
         end
       end
-
-      it "fails when asking for the conf_dir as non-root and there is no $HOME", :unless => gte_ruby_2_4 || Puppet::Util::Platform.windows? do
-        as_non_root do
-          without_home do
-            expect { @run_mode.conf_dir }.to raise_error ArgumentError, /couldn't find HOME/
-          end
-        end
-      end
     end
 
     describe "#code_dir" do
@@ -62,14 +48,6 @@ describe Puppet::Util::RunMode do
           as_non_root { expect(@run_mode.code_dir).to eq(File.expand_path('~/.puppetlabs/etc/code')) }
         end
       end
-
-      it "fails when asking for the code_dir as non-root and there is no $HOME", :unless => gte_ruby_2_4 || Puppet::Util::Platform.windows? do
-        as_non_root do
-          without_home do
-            expect { @run_mode.code_dir }.to raise_error ArgumentError, /couldn't find HOME/
-          end
-        end
-      end
     end
 
     describe "#var_dir" do
@@ -80,13 +58,15 @@ describe Puppet::Util::RunMode do
       it "has vardir ~/.puppetlabs/opt/puppet/cache when run as non-root" do
         as_non_root { expect(@run_mode.var_dir).to eq(File.expand_path('~/.puppetlabs/opt/puppet/cache')) }
       end
+    end
+
+    describe "#public_dir" do
+      it "has publicdir /opt/puppetlabs/puppet/public when run as root" do
+        as_root { expect(@run_mode.public_dir).to eq(File.expand_path('/opt/puppetlabs/puppet/public')) }
+      end
 
-      it "fails when asking for the var_dir as non-root and there is no $HOME", :unless => gte_ruby_2_4 || Puppet::Util::Platform.windows? do
-        as_non_root do
-          without_home do
-            expect { @run_mode.var_dir }.to raise_error ArgumentError, /couldn't find HOME/
-          end
-        end
+      it "has publicdir ~/.puppetlabs/opt/puppet/public when run as non-root" do
+        as_non_root { expect(@run_mode.public_dir).to eq(File.expand_path('~/.puppetlabs/opt/puppet/public')) }
       end
     end
 
@@ -101,14 +81,6 @@ describe Puppet::Util::RunMode do
         it "has default logdir ~/.puppetlabs/var/log" do
           as_non_root { expect(@run_mode.log_dir).to eq(File.expand_path('~/.puppetlabs/var/log')) }
         end
-
-        it "fails when asking for the log_dir and there is no $HOME", :unless => gte_ruby_2_4 || Puppet::Util::Platform.windows? do
-          as_non_root do
-            without_home do
-              expect { @run_mode.log_dir }.to raise_error ArgumentError, /couldn't find HOME/
-            end
-          end
-        end
       end
     end
 
@@ -123,103 +95,59 @@ describe Puppet::Util::RunMode do
         it "has default rundir ~/.puppetlabs/var/run" do
           as_non_root { expect(@run_mode.run_dir).to eq(File.expand_path('~/.puppetlabs/var/run')) }
         end
-
-        it "fails when asking for the run_dir and there is no $HOME", :unless => gte_ruby_2_4 || Puppet::Util::Platform.windows? do
-          as_non_root do
-            without_home do
-              expect { @run_mode.run_dir }.to raise_error ArgumentError, /couldn't find HOME/
-            end
-          end
-        end
       end
     end
   end
 
   describe Puppet::Util::WindowsRunMode, :if => Puppet::Util::Platform.windows? do
     before do
-      if not Dir.const_defined? :COMMON_APPDATA
-        Dir.const_set :COMMON_APPDATA, "/CommonFakeBase"
-        @remove_const = true
-      end
       @run_mode = Puppet::Util::WindowsRunMode.new('fake')
     end
 
-    after do
-      if @remove_const
-        Dir.send :remove_const, :COMMON_APPDATA
-      end
-    end
-
     describe "#conf_dir" do
       it "has confdir ending in Puppetlabs/puppet/etc when run as root" do
-        as_root { expect(@run_mode.conf_dir).to eq(File.expand_path(File.join(Dir::COMMON_APPDATA, "PuppetLabs", "puppet", "etc"))) }
+        as_root { expect(@run_mode.conf_dir).to eq(File.expand_path(File.join(ENV['ALLUSERSPROFILE'], "PuppetLabs", "puppet", "etc"))) }
       end
 
       it "has confdir in ~/.puppetlabs/etc/puppet when run as non-root" do
         as_non_root { expect(@run_mode.conf_dir).to eq(File.expand_path("~/.puppetlabs/etc/puppet")) }
       end
-
-      it "fails when asking for the conf_dir as non-root and there is no %HOME%, %HOMEDRIVE%, and %USERPROFILE%", :unless => gte_ruby_2_4 do
-        as_non_root do
-          without_env('HOME') do
-            without_env('HOMEDRIVE') do
-              without_env('USERPROFILE') do
-                expect { @run_mode.conf_dir }.to raise_error ArgumentError, /couldn't find HOME/
-              end
-            end
-          end
-        end
-      end
     end
 
     describe "#code_dir" do
       it "has codedir ending in PuppetLabs/code when run as root" do
-        as_root { expect(@run_mode.code_dir).to eq(File.expand_path(File.join(Dir::COMMON_APPDATA, "PuppetLabs", "code"))) }
+        as_root { expect(@run_mode.code_dir).to eq(File.expand_path(File.join(ENV['ALLUSERSPROFILE'], "PuppetLabs", "code"))) }
       end
 
       it "has codedir in ~/.puppetlabs/etc/code when run as non-root" do
         as_non_root { expect(@run_mode.code_dir).to eq(File.expand_path("~/.puppetlabs/etc/code")) }
       end
-
-      it "fails when asking for the code_dir as non-root and there is no %HOME%, %HOMEDRIVE%, and %USERPROFILE%", :unless => gte_ruby_2_4 do
-        as_non_root do
-          without_env('HOME') do
-            without_env('HOMEDRIVE') do
-              without_env('USERPROFILE') do
-                expect { @run_mode.code_dir }.to raise_error ArgumentError, /couldn't find HOME/
-              end
-            end
-          end
-        end
-      end
     end
 
     describe "#var_dir" do
       it "has vardir ending in PuppetLabs/puppet/cache when run as root" do
-        as_root { expect(@run_mode.var_dir).to eq(File.expand_path(File.join(Dir::COMMON_APPDATA, "PuppetLabs", "puppet", "cache"))) }
+        as_root { expect(@run_mode.var_dir).to eq(File.expand_path(File.join(ENV['ALLUSERSPROFILE'], "PuppetLabs", "puppet", "cache"))) }
       end
 
       it "has vardir in ~/.puppetlabs/opt/puppet/cache when run as non-root" do
         as_non_root { expect(@run_mode.var_dir).to eq(File.expand_path("~/.puppetlabs/opt/puppet/cache")) }
       end
+    end
+
+    describe "#public_dir" do
+      it "has publicdir ending in PuppetLabs/puppet/public when run as root" do
+        as_root { expect(@run_mode.public_dir).to eq(File.expand_path(File.join(ENV['ALLUSERSPROFILE'], "PuppetLabs", "puppet", "public"))) }
+      end
 
-      it "fails when asking for the conf_dir as non-root and there is no %HOME%, %HOMEDRIVE%, and %USERPROFILE%", :unless => gte_ruby_2_4 do
-        as_non_root do
-          without_env('HOME') do
-            without_env('HOMEDRIVE') do
-              without_env('USERPROFILE') do
-                expect { @run_mode.var_dir }.to raise_error ArgumentError, /couldn't find HOME/
-              end
-            end
-          end
-        end
+      it "has publicdir in ~/.puppetlabs/opt/puppet/public when run as non-root" do
+        as_non_root { expect(@run_mode.public_dir).to eq(File.expand_path("~/.puppetlabs/opt/puppet/public")) }
       end
     end
 
     describe "#log_dir" do
       describe "when run as root" do
         it "has logdir ending in PuppetLabs/puppet/var/log" do
-          as_root { expect(@run_mode.log_dir).to eq(File.expand_path(File.join(Dir::COMMON_APPDATA, "PuppetLabs", "puppet", "var", "log"))) }
+          as_root { expect(@run_mode.log_dir).to eq(File.expand_path(File.join(ENV['ALLUSERSPROFILE'], "PuppetLabs", "puppet", "var", "log"))) }
         end
       end
 
@@ -227,25 +155,13 @@ describe Puppet::Util::RunMode do
         it "has default logdir ~/.puppetlabs/var/log" do
           as_non_root { expect(@run_mode.log_dir).to eq(File.expand_path('~/.puppetlabs/var/log')) }
         end
-
-        it "fails when asking for the log_dir and there is no $HOME", :unless => gte_ruby_2_4 do
-          as_non_root do
-            without_env('HOME') do
-              without_env('HOMEDRIVE') do
-                without_env('USERPROFILE') do
-                  expect { @run_mode.log_dir }.to raise_error ArgumentError, /couldn't find HOME/
-                end
-              end
-            end
-          end
-        end
       end
     end
 
     describe "#run_dir" do
       describe "when run as root" do
         it "has rundir ending in PuppetLabs/puppet/var/run" do
-          as_root { expect(@run_mode.run_dir).to eq(File.expand_path(File.join(Dir::COMMON_APPDATA, "PuppetLabs", "puppet", "var", "run"))) }
+          as_root { expect(@run_mode.run_dir).to eq(File.expand_path(File.join(ENV['ALLUSERSPROFILE'], "PuppetLabs", "puppet", "var", "run"))) }
         end
       end
 
@@ -253,18 +169,6 @@ describe Puppet::Util::RunMode do
         it "has default rundir ~/.puppetlabs/var/run" do
           as_non_root { expect(@run_mode.run_dir).to eq(File.expand_path('~/.puppetlabs/var/run')) }
         end
-
-        it "fails when asking for the run_dir and there is no $HOME", :unless => gte_ruby_2_4 do
-          as_non_root do
-            without_env('HOME') do
-              without_env('HOMEDRIVE') do
-                without_env('USERPROFILE') do
-                  expect { @run_mode.run_dir }.to raise_error ArgumentError, /couldn't find HOME/
-                end
-              end
-            end
-          end
-        end
       end
     end
 
@@ -310,8 +214,4 @@ describe Puppet::Util::RunMode do
   ensure
     Puppet::Util.set_env(name, saved)
   end
-
-  def without_home(&block)
-    without_env('HOME', &block)
-  end
 end

data/spec/unit/util/selinux_spec.rb

@@ -111,15 +111,19 @@ describe Puppet::Util::SELinux do
     end
 
     it "should return a context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
-      expect(get_selinux_current_context("/foo")).to eq("user_u:role_r:type_t:s0")
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
+        expect(get_selinux_current_context("/foo")).to eq("user_u:role_r:type_t:s0")
+      end
     end
 
     it "should return nil if lgetfilecon fails" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return(-1)
-      expect(get_selinux_current_context("/foo")).to be_nil
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return(-1)
+        expect(get_selinux_current_context("/foo")).to be_nil
+      end
     end
   end
 
@@ -130,47 +134,57 @@ describe Puppet::Util::SELinux do
     end
 
     it "should return a context if a default context exists" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      fstat = double('File::Stat', :mode => 0)
-      expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
-      expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
-      expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return([0, "user_u:role_r:type_t:s0"])
-
-      expect(get_selinux_default_context("/foo")).to eq("user_u:role_r:type_t:s0")
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        fstat = double('File::Stat', :mode => 0)
+        expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
+        expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
+        expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return([0, "user_u:role_r:type_t:s0"])
+
+        expect(get_selinux_default_context("/foo")).to eq("user_u:role_r:type_t:s0")
+      end
     end
 
     it "handles permission denied errors by issuing a warning" do
-      allow(self).to receive(:selinux_support?).and_return(true)
-      allow(self).to receive(:selinux_label_support?).and_return(true)
-      allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
-      allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::EACCES, "/root/chuj")
+      without_partial_double_verification do
+        allow(self).to receive(:selinux_support?).and_return(true)
+        allow(self).to receive(:selinux_label_support?).and_return(true)
+        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
+        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::EACCES, "/root/chuj")
 
-      expect(get_selinux_default_context("/root/chuj")).to be_nil
+        expect(get_selinux_default_context("/root/chuj")).to be_nil
+      end
     end
 
     it "handles no such file or directory errors by issuing a warning" do
-      allow(self).to receive(:selinux_support?).and_return(true)
-      allow(self).to receive(:selinux_label_support?).and_return(true)
-      allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
-      allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
+      without_partial_double_verification do
+        allow(self).to receive(:selinux_support?).and_return(true)
+        allow(self).to receive(:selinux_label_support?).and_return(true)
+        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
+        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
 
-      expect(get_selinux_default_context("/root/chuj")).to be_nil
+        expect(get_selinux_default_context("/root/chuj")).to be_nil
+      end
     end
 
     it "should return nil if matchpathcon returns failure" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      fstat = double('File::Stat', :mode => 0)
-      expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
-      expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
-      expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return(-1)
-
-      expect(get_selinux_default_context("/foo")).to be_nil
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        fstat = double('File::Stat', :mode => 0)
+        expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
+        expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
+        expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return(-1)
+
+        expect(get_selinux_default_context("/foo")).to be_nil
+      end
     end
 
     it "should return nil if selinux_label_support returns false" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(self).to receive(:find_fs).with("/foo").and_return("nfs")
-      expect(get_selinux_default_context("/foo")).to be_nil
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(self).to receive(:find_fs).with("/foo").and_return("nfs")
+        expect(get_selinux_default_context("/foo")).to be_nil
+      end
     end
   end
 
@@ -261,37 +275,47 @@ describe Puppet::Util::SELinux do
     end
 
     it "should use lsetfilecon to set a context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-      expect(set_selinux_context("/foo", "user_u:role_r:type_t:s0")).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+        expect(set_selinux_context("/foo", "user_u:role_r:type_t:s0")).to be_truthy
+      end
     end
 
     it "should use lsetfilecon to set user_u user context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "foo:role_r:type_t:s0"])
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-      expect(set_selinux_context("/foo", "user_u", :seluser)).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "foo:role_r:type_t:s0"])
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+        expect(set_selinux_context("/foo", "user_u", :seluser)).to be_truthy
+      end
     end
 
     it "should use lsetfilecon to set role_r role context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:foo:type_t:s0"])
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-      expect(set_selinux_context("/foo", "role_r", :selrole)).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:foo:type_t:s0"])
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+        expect(set_selinux_context("/foo", "role_r", :selrole)).to be_truthy
+      end
     end
 
     it "should use lsetfilecon to set type_t type context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:foo:s0"])
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-      expect(set_selinux_context("/foo", "type_t", :seltype)).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:foo:s0"])
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+        expect(set_selinux_context("/foo", "type_t", :seltype)).to be_truthy
+      end
     end
 
     it "should use lsetfilecon to set s0:c3,c5 range context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0:c3,c5").and_return(0)
-      expect(set_selinux_context("/foo", "s0:c3,c5", :selrange)).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0:c3,c5").and_return(0)
+        expect(set_selinux_context("/foo", "s0:c3,c5", :selrange)).to be_truthy
+      end
     end
   end
 

data/spec/unit/util/storage_spec.rb

@@ -143,9 +143,11 @@ describe Puppet::Util::Storage do
       end
 
       it "should raise an error if the state file does not contain valid YAML and cannot be renamed" do
+        allow(File).to receive(:rename).and_call_original
+
         write_state_file('{ invalid')
 
-        expect(File).to receive(:rename).and_raise(SystemCallError)
+        expect(File).to receive(:rename).with(@state_file, "#{@state_file}.bad").and_raise(SystemCallError)
 
         expect { Puppet::Util::Storage.load }.to raise_error(Puppet::Error, /Could not rename/)
       end

data/spec/unit/util/suidmanager_spec.rb

@@ -14,12 +14,14 @@ describe Puppet::Util::SUIDManager do
     pwent = double('pwent', :name => 'fred', :uid => 42, :gid => 42)
     allow(Etc).to receive(:getpwuid).with(42).and_return(pwent)
 
-    [:euid, :egid, :uid, :gid, :groups].each do |id|
-      allow(Process).to receive("#{id}=") {|value| xids[id] = value}
+    unless Puppet::Util::Platform.windows?
+      [:euid, :egid, :uid, :gid, :groups].each do |id|
+        allow(Process).to receive("#{id}=") {|value| xids[id] = value}
+      end
     end
   end
 
-  describe "#initgroups" do
+  describe "#initgroups", unless: Puppet::Util::Platform.windows? do
     it "should use the primary group of the user as the 'basegid'" do
       expect(Process).to receive(:initgroups).with('fred', 42)
       described_class.initgroups(42)
@@ -27,7 +29,7 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#uid" do
-    it "should allow setting euid/egid" do
+    it "should allow setting euid/egid", unless: Puppet::Util::Platform.windows? do
       Puppet::Util::SUIDManager.egid = user[:gid]
       Puppet::Util::SUIDManager.euid = user[:uid]
 
@@ -37,8 +39,7 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#asuser" do
-    it "should not get or set euid/egid when not root" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
+    it "should not get or set euid/egid when not root", unless: Puppet::Util::Platform.windows? do
       allow(Process).to receive(:uid).and_return(1)
 
       allow(Process).to receive(:egid).and_return(51)
@@ -49,13 +50,12 @@ describe Puppet::Util::SUIDManager do
       expect(xids).to be_empty
     end
 
-    context "when root and not windows" do
+    context "when root and not Windows" do
       before :each do
         allow(Process).to receive(:uid).and_return(0)
-        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
       end
 
-      it "should set euid/egid" do
+      it "should set euid/egid", unless: Puppet::Util::Platform.windows? do
         allow(Process).to receive(:egid).and_return(51, 51, user[:gid])
         allow(Process).to receive(:euid).and_return(50, 50, user[:uid])
 
@@ -79,29 +79,23 @@ describe Puppet::Util::SUIDManager do
       end
 
       it "should just yield if user and group are nil" do
-        yielded = false
-        Puppet::Util::SUIDManager.asuser(nil, nil) { yielded = true }
-        expect(yielded).to be_truthy
+        expect { |b| Puppet::Util::SUIDManager.asuser(nil, nil, &b) }.to yield_control
         expect(xids).to eq({})
       end
 
-      it "should just change group if only group is given" do
-        yielded = false
-        Puppet::Util::SUIDManager.asuser(nil, 42) { yielded = true }
-        expect(yielded).to be_truthy
+      it "should just change group if only group is given", unless: Puppet::Util::Platform.windows? do
+        expect { |b| Puppet::Util::SUIDManager.asuser(nil, 42, &b) }.to yield_control
         expect(xids).to eq({ :egid => 42 })
       end
 
-      it "should change gid to the primary group of uid by default" do
+      it "should change gid to the primary group of uid by default", unless: Puppet::Util::Platform.windows? do
         allow(Process).to receive(:initgroups)
 
-        yielded = false
-        Puppet::Util::SUIDManager.asuser(42) { yielded = true }
-        expect(yielded).to be_truthy
+        expect { |b| Puppet::Util::SUIDManager.asuser(42, nil, &b) }.to yield_control
         expect(xids).to eq({ :euid => 42, :egid => 42 })
       end
 
-      it "should change both uid and gid if given" do
+      it "should change both uid and gid if given", unless: Puppet::Util::Platform.windows? do
         # I don't like the sequence, but it is the only way to assert on the
         # internal behaviour in a reliable fashion, given we need multiple
         # sequenced calls to the same methods. --daniel 2012-02-05
@@ -110,21 +104,23 @@ describe Puppet::Util::SUIDManager do
         expect(Puppet::Util::SUIDManager).to receive(:change_group).with(Puppet::Util::SUIDManager.egid, false).ordered()
         expect(Puppet::Util::SUIDManager).to receive(:change_user).with(Puppet::Util::SUIDManager.euid, false).ordered()
 
-        yielded = false
-        Puppet::Util::SUIDManager.asuser(42, 43) { yielded = true }
-        expect(yielded).to be_truthy
+        expect { |b| Puppet::Util::SUIDManager.asuser(42, 43, &b) }.to yield_control
       end
     end
 
-    it "should not get or set euid/egid on Windows", if: Puppet::Util::Platform.windows? do
-      Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) {}
-
-      expect(xids).to be_empty
+    it "should just yield on Windows", if: Puppet::Util::Platform.windows? do
+      expect { |b| Puppet::Util::SUIDManager.asuser(1, 2, &b) }.to yield_control
     end
   end
 
   describe "#change_group" do
-    describe "when changing permanently" do
+    it "raises on Windows", if: Puppet::Util::Platform.windows? do
+      expect {
+        Puppet::Util::SUIDManager.change_group(42, true)
+      }.to raise_error(NotImplementedError, /change_privilege\(\) function is unimplemented/)
+    end
+
+    describe "when changing permanently", unless: Puppet::Util::Platform.windows? do
       it "should change_privilege" do
         expect(Process::GID).to receive(:change_privilege) do |gid|
           Process.gid = gid
@@ -150,7 +146,7 @@ describe Puppet::Util::SUIDManager do
       end
     end
 
-    describe "when changing temporarily" do
+    describe "when changing temporarily", unless: Puppet::Util::Platform.windows? do
       it "should change only egid" do
         Puppet::Util::SUIDManager.change_group(42, false)
 
@@ -161,7 +157,13 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#change_user" do
-    describe "when changing permanently" do
+    it "raises on Windows", if: Puppet::Util::Platform.windows? do
+      expect {
+        Puppet::Util::SUIDManager.change_user(42, true)
+      }.to raise_error(NotImplementedError, /initgroups\(\) function is unimplemented/)
+    end
+
+    describe "when changing permanently", unless: Puppet::Util::Platform.windows? do
       it "should change_privilege" do
         expect(Process::UID).to receive(:change_privilege) do |uid|
           Process.uid = uid
@@ -191,7 +193,7 @@ describe Puppet::Util::SUIDManager do
       end
     end
 
-    describe "when changing temporarily" do
+    describe "when changing temporarily", unless: Puppet::Util::Platform.windows? do
       it "should change only euid and groups" do
         allow(Puppet::Util::SUIDManager).to receive(:initgroups).and_return([])
         Puppet::Util::SUIDManager.change_user(42, false)
@@ -221,12 +223,7 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#root?" do
-    describe "on POSIX systems" do
-      before :each do
-        allow(Puppet.features).to receive(:posix?).and_return(true)
-        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
-      end
-
+    describe "on POSIX systems", unless: Puppet::Util::Platform.windows? do
       it "should be root if uid is 0" do
         allow(Process).to receive(:uid).and_return(0)
 
@@ -240,7 +237,7 @@ describe Puppet::Util::SUIDManager do
       end
     end
 
-    describe "on Microsoft Windows", :if => Puppet::Util::Platform.windows? do
+    describe "on Windows", :if => Puppet::Util::Platform.windows? do
       it "should be root if user is privileged" do
         allow(Puppet::Util::Windows::User).to receive(:admin?).and_return(true)
 
@@ -261,13 +258,19 @@ describe 'Puppet::Util::SUIDManager#groups=' do
     Puppet::Util::SUIDManager
   end
 
-  it "(#3419) should rescue Errno::EINVAL on OS X" do
+  it "raises on Windows", if: Puppet::Util::Platform.windows? do
+    expect {
+      subject.groups = []
+    }.to raise_error(NotImplementedError, /groups=\(\) function is unimplemented/)
+  end
+
+  it "(#3419) should rescue Errno::EINVAL on OS X", unless: Puppet::Util::Platform.windows? do
     expect(Process).to receive(:groups=).and_raise(Errno::EINVAL, 'blew up')
     expect(subject).to receive(:osx_maj_ver).and_return('10.7').twice
     subject.groups = ['list', 'of', 'groups']
   end
 
-  it "(#3419) should fail if an Errno::EINVAL is raised NOT on OS X" do
+  it "(#3419) should fail if an Errno::EINVAL is raised NOT on OS X", unless: Puppet::Util::Platform.windows? do
     expect(Process).to receive(:groups=).and_raise(Errno::EINVAL, 'blew up')
     expect(subject).to receive(:osx_maj_ver).and_return(false)
     expect { subject.groups = ['list', 'of', 'groups'] }.to raise_error(Errno::EINVAL)