puppet 6.19.1-x64-mingw32 → 6.23.0-x64-mingw32

data/spec/unit/util/rubygems_spec.rb

@@ -33,8 +33,8 @@ describe Puppet::Util::RubyGems::Source do
   describe '::Gems18Source' do
     before(:each) { allow(described_class).to receive(:source).and_return(Puppet::Util::RubyGems::Gems18Source) }
 
-    it "#directories returns the lib subdirs of Gem::Specification.latest_specs" do
-      expect(Gem::Specification).to receive(:latest_specs).with(true).and_return([fake_gem])
+    it "#directories returns the lib subdirs of Gem::Specification.stubs" do
+      expect(Gem::Specification).to receive(:stubs).and_return([fake_gem])
 
       expect(described_class.new.directories).to eq([gem_lib])
     end

data/spec/unit/util/selinux_spec.rb

@@ -3,26 +3,29 @@ require 'spec_helper'
 require 'pathname'
 require 'puppet/util/selinux'
 
-unless defined?(Selinux)
-  module Selinux
-    def self.is_selinux_enabled
-      false
-    end
-  end
-end
-
 describe Puppet::Util::SELinux do
   include Puppet::Util::SELinux
 
+  let(:selinux) { double('selinux', is_selinux_enabled: false) }
+
+  before :each do
+    stub_const('Selinux', selinux)
+  end
+
   describe "selinux_support?" do
-    it "should return :true if this system has SELinux enabled" do
+    it "should return true if this system has SELinux enabled" do
       expect(Selinux).to receive(:is_selinux_enabled).and_return(1)
-      expect(selinux_support?).to be_truthy
+      expect(selinux_support?).to eq(true)
     end
 
-    it "should return :false if this system lacks SELinux" do
+    it "should return false if this system has SELinux disabled" do
       expect(Selinux).to receive(:is_selinux_enabled).and_return(0)
-      expect(selinux_support?).to be_falsey
+      expect(selinux_support?).to eq(false)
+    end
+
+    it "should return false if this system lacks SELinux" do
+      hide_const('Selinux')
+      expect(selinux_support?).to eq(false)
     end
 
     it "should return nil if /proc/mounts does not exist" do
@@ -111,15 +114,19 @@ describe Puppet::Util::SELinux do
     end
 
     it "should return a context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
-      expect(get_selinux_current_context("/foo")).to eq("user_u:role_r:type_t:s0")
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
+        expect(get_selinux_current_context("/foo")).to eq("user_u:role_r:type_t:s0")
+      end
     end
 
     it "should return nil if lgetfilecon fails" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return(-1)
-      expect(get_selinux_current_context("/foo")).to be_nil
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return(-1)
+        expect(get_selinux_current_context("/foo")).to be_nil
+      end
     end
   end
 
@@ -130,47 +137,102 @@ describe Puppet::Util::SELinux do
     end
 
     it "should return a context if a default context exists" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      fstat = double('File::Stat', :mode => 0)
-      expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
-      expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
-      expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return([0, "user_u:role_r:type_t:s0"])
-
-      expect(get_selinux_default_context("/foo")).to eq("user_u:role_r:type_t:s0")
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        fstat = double('File::Stat', :mode => 0)
+        expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
+        expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
+        expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return([0, "user_u:role_r:type_t:s0"])
+
+        expect(get_selinux_default_context("/foo")).to eq("user_u:role_r:type_t:s0")
+      end
     end
 
     it "handles permission denied errors by issuing a warning" do
-      allow(self).to receive(:selinux_support?).and_return(true)
-      allow(self).to receive(:selinux_label_support?).and_return(true)
-      allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
-      allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::EACCES, "/root/chuj")
+      without_partial_double_verification do
+        allow(self).to receive(:selinux_support?).and_return(true)
+        allow(self).to receive(:selinux_label_support?).and_return(true)
+        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
+        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::EACCES, "/root/chuj")
 
-      expect(get_selinux_default_context("/root/chuj")).to be_nil
+        expect(get_selinux_default_context("/root/chuj")).to be_nil
+      end
     end
 
-    it "handles no such file or directory errors by issuing a warning" do
-      allow(self).to receive(:selinux_support?).and_return(true)
-      allow(self).to receive(:selinux_label_support?).and_return(true)
-      allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
-      allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
+    it "backward compatibly handles no such file or directory errors by issuing a warning when resource_ensure not set" do
+      without_partial_double_verification do
+        allow(self).to receive(:selinux_support?).and_return(true)
+        allow(self).to receive(:selinux_label_support?).and_return(true)
+        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
+        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
 
-      expect(get_selinux_default_context("/root/chuj")).to be_nil
+        expect(get_selinux_default_context("/root/chuj")).to be_nil
+      end
     end
 
-    it "should return nil if matchpathcon returns failure" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      fstat = double('File::Stat', :mode => 0)
-      expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
-      expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
-      expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return(-1)
+    it "should determine mode based on resource ensure when set to file" do
+      without_partial_double_verification do
+        allow(self).to receive(:selinux_support?).and_return(true)
+        allow(self).to receive(:selinux_label_support?).and_return(true)
+        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 32768).and_return(-1)
+        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
 
-      expect(get_selinux_default_context("/foo")).to be_nil
+        expect(get_selinux_default_context("/root/chuj", :present)).to be_nil
+        expect(get_selinux_default_context("/root/chuj", :file)).to be_nil
+      end
+    end
+
+    it "should determine mode based on resource ensure when set to dir" do
+      without_partial_double_verification do
+        allow(self).to receive(:selinux_support?).and_return(true)
+        allow(self).to receive(:selinux_label_support?).and_return(true)
+        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 16384).and_return(-1)
+        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
+
+        expect(get_selinux_default_context("/root/chuj", :directory)).to be_nil
+      end
+    end
+
+    it "should determine mode based on resource ensure when set to link" do
+      without_partial_double_verification do
+        allow(self).to receive(:selinux_support?).and_return(true)
+        allow(self).to receive(:selinux_label_support?).and_return(true)
+        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 40960).and_return(-1)
+        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
+
+        expect(get_selinux_default_context("/root/chuj", :link)).to be_nil
+      end
+    end
+
+    it "should determine mode based on resource ensure when set to unknown" do
+      without_partial_double_verification do
+        allow(self).to receive(:selinux_support?).and_return(true)
+        allow(self).to receive(:selinux_label_support?).and_return(true)
+        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
+        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
+
+        expect(get_selinux_default_context("/root/chuj", "unknown")).to be_nil
+      end
+    end
+
+    it "should return nil if matchpathcon returns failure" do
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        fstat = double('File::Stat', :mode => 0)
+        expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
+        expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
+        expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return(-1)
+
+        expect(get_selinux_default_context("/foo")).to be_nil
+      end
     end
 
     it "should return nil if selinux_label_support returns false" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(self).to receive(:find_fs).with("/foo").and_return("nfs")
-      expect(get_selinux_default_context("/foo")).to be_nil
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(self).to receive(:find_fs).with("/foo").and_return("nfs")
+        expect(get_selinux_default_context("/foo")).to be_nil
+      end
     end
   end
 
@@ -261,37 +323,47 @@ describe Puppet::Util::SELinux do
     end
 
     it "should use lsetfilecon to set a context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-      expect(set_selinux_context("/foo", "user_u:role_r:type_t:s0")).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+        expect(set_selinux_context("/foo", "user_u:role_r:type_t:s0")).to be_truthy
+      end
     end
 
     it "should use lsetfilecon to set user_u user context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "foo:role_r:type_t:s0"])
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-      expect(set_selinux_context("/foo", "user_u", :seluser)).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "foo:role_r:type_t:s0"])
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+        expect(set_selinux_context("/foo", "user_u", :seluser)).to be_truthy
+      end
     end
 
     it "should use lsetfilecon to set role_r role context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:foo:type_t:s0"])
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-      expect(set_selinux_context("/foo", "role_r", :selrole)).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:foo:type_t:s0"])
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+        expect(set_selinux_context("/foo", "role_r", :selrole)).to be_truthy
+      end
     end
 
     it "should use lsetfilecon to set type_t type context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:foo:s0"])
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-      expect(set_selinux_context("/foo", "type_t", :seltype)).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:foo:s0"])
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+        expect(set_selinux_context("/foo", "type_t", :seltype)).to be_truthy
+      end
     end
 
     it "should use lsetfilecon to set s0:c3,c5 range context" do
-      expect(self).to receive(:selinux_support?).and_return(true)
-      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
-      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0:c3,c5").and_return(0)
-      expect(set_selinux_context("/foo", "s0:c3,c5", :selrange)).to be_truthy
+      without_partial_double_verification do
+        expect(self).to receive(:selinux_support?).and_return(true)
+        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
+        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0:c3,c5").and_return(0)
+        expect(set_selinux_context("/foo", "s0:c3,c5", :selrange)).to be_truthy
+      end
     end
   end
 
@@ -302,21 +374,44 @@ describe Puppet::Util::SELinux do
     end
 
     it "should return nil if no default context exists" do
-      expect(self).to receive(:get_selinux_default_context).with("/foo").and_return(nil)
+      expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return(nil)
       expect(set_selinux_default_context("/foo")).to be_nil
     end
 
     it "should do nothing and return nil if the current context matches the default context" do
-      expect(self).to receive(:get_selinux_default_context).with("/foo").and_return("user_u:role_r:type_t")
+      expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return("user_u:role_r:type_t")
       expect(self).to receive(:get_selinux_current_context).with("/foo").and_return("user_u:role_r:type_t")
       expect(set_selinux_default_context("/foo")).to be_nil
     end
 
     it "should set and return the default context if current and default do not match" do
-      expect(self).to receive(:get_selinux_default_context).with("/foo").and_return("user_u:role_r:type_t")
+      expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return("user_u:role_r:type_t")
       expect(self).to receive(:get_selinux_current_context).with("/foo").and_return("olduser_u:role_r:type_t")
       expect(self).to receive(:set_selinux_context).with("/foo", "user_u:role_r:type_t").and_return(true)
       expect(set_selinux_default_context("/foo")).to eq("user_u:role_r:type_t")
     end
   end
+
+  describe "get_create_mode" do
+    it "should return 0 if the resource is absent" do
+      expect(get_create_mode(:absent)).to eq(0)
+    end
+
+    it "should return mode with file type set to S_IFREG when resource is file" do
+      expect(get_create_mode(:present)).to eq(32768)
+      expect(get_create_mode(:file)).to eq(32768)
+    end
+
+    it "should return mode with file type set to S_IFDIR when resource is dir" do
+      expect(get_create_mode(:directory)).to eq(16384)
+    end
+
+    it "should return mode with file type set to S_IFLNK when resource is link" do
+      expect(get_create_mode(:link)).to eq(40960)
+    end
+
+    it "should return 0 for everything else" do
+      expect(get_create_mode("unknown")).to eq(0)
+    end
+  end
 end

data/spec/unit/util/storage_spec.rb

@@ -143,9 +143,11 @@ describe Puppet::Util::Storage do
       end
 
       it "should raise an error if the state file does not contain valid YAML and cannot be renamed" do
+        allow(File).to receive(:rename).and_call_original
+
         write_state_file('{ invalid')
 
-        expect(File).to receive(:rename).and_raise(SystemCallError)
+        expect(File).to receive(:rename).with(@state_file, "#{@state_file}.bad").and_raise(SystemCallError)
 
         expect { Puppet::Util::Storage.load }.to raise_error(Puppet::Error, /Could not rename/)
       end

data/spec/unit/util/suidmanager_spec.rb

@@ -14,12 +14,14 @@ describe Puppet::Util::SUIDManager do
     pwent = double('pwent', :name => 'fred', :uid => 42, :gid => 42)
     allow(Etc).to receive(:getpwuid).with(42).and_return(pwent)
 
-    [:euid, :egid, :uid, :gid, :groups].each do |id|
-      allow(Process).to receive("#{id}=") {|value| xids[id] = value}
+    unless Puppet::Util::Platform.windows?
+      [:euid, :egid, :uid, :gid, :groups].each do |id|
+        allow(Process).to receive("#{id}=") {|value| xids[id] = value}
+      end
     end
   end
 
-  describe "#initgroups" do
+  describe "#initgroups", unless: Puppet::Util::Platform.windows? do
     it "should use the primary group of the user as the 'basegid'" do
       expect(Process).to receive(:initgroups).with('fred', 42)
       described_class.initgroups(42)
@@ -27,7 +29,7 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#uid" do
-    it "should allow setting euid/egid" do
+    it "should allow setting euid/egid", unless: Puppet::Util::Platform.windows? do
       Puppet::Util::SUIDManager.egid = user[:gid]
       Puppet::Util::SUIDManager.euid = user[:uid]
 
@@ -37,8 +39,7 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#asuser" do
-    it "should not get or set euid/egid when not root" do
-      allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
+    it "should not get or set euid/egid when not root", unless: Puppet::Util::Platform.windows? do
       allow(Process).to receive(:uid).and_return(1)
 
       allow(Process).to receive(:egid).and_return(51)
@@ -49,13 +50,12 @@ describe Puppet::Util::SUIDManager do
       expect(xids).to be_empty
     end
 
-    context "when root and not windows" do
+    context "when root and not Windows" do
       before :each do
         allow(Process).to receive(:uid).and_return(0)
-        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
       end
 
-      it "should set euid/egid" do
+      it "should set euid/egid", unless: Puppet::Util::Platform.windows? do
         allow(Process).to receive(:egid).and_return(51, 51, user[:gid])
         allow(Process).to receive(:euid).and_return(50, 50, user[:uid])
 
@@ -79,29 +79,23 @@ describe Puppet::Util::SUIDManager do
       end
 
       it "should just yield if user and group are nil" do
-        yielded = false
-        Puppet::Util::SUIDManager.asuser(nil, nil) { yielded = true }
-        expect(yielded).to be_truthy
+        expect { |b| Puppet::Util::SUIDManager.asuser(nil, nil, &b) }.to yield_control
         expect(xids).to eq({})
       end
 
-      it "should just change group if only group is given" do
-        yielded = false
-        Puppet::Util::SUIDManager.asuser(nil, 42) { yielded = true }
-        expect(yielded).to be_truthy
+      it "should just change group if only group is given", unless: Puppet::Util::Platform.windows? do
+        expect { |b| Puppet::Util::SUIDManager.asuser(nil, 42, &b) }.to yield_control
         expect(xids).to eq({ :egid => 42 })
       end
 
-      it "should change gid to the primary group of uid by default" do
+      it "should change gid to the primary group of uid by default", unless: Puppet::Util::Platform.windows? do
         allow(Process).to receive(:initgroups)
 
-        yielded = false
-        Puppet::Util::SUIDManager.asuser(42) { yielded = true }
-        expect(yielded).to be_truthy
+        expect { |b| Puppet::Util::SUIDManager.asuser(42, nil, &b) }.to yield_control
         expect(xids).to eq({ :euid => 42, :egid => 42 })
       end
 
-      it "should change both uid and gid if given" do
+      it "should change both uid and gid if given", unless: Puppet::Util::Platform.windows? do
         # I don't like the sequence, but it is the only way to assert on the
         # internal behaviour in a reliable fashion, given we need multiple
         # sequenced calls to the same methods. --daniel 2012-02-05
@@ -110,21 +104,23 @@ describe Puppet::Util::SUIDManager do
         expect(Puppet::Util::SUIDManager).to receive(:change_group).with(Puppet::Util::SUIDManager.egid, false).ordered()
         expect(Puppet::Util::SUIDManager).to receive(:change_user).with(Puppet::Util::SUIDManager.euid, false).ordered()
 
-        yielded = false
-        Puppet::Util::SUIDManager.asuser(42, 43) { yielded = true }
-        expect(yielded).to be_truthy
+        expect { |b| Puppet::Util::SUIDManager.asuser(42, 43, &b) }.to yield_control
       end
     end
 
-    it "should not get or set euid/egid on Windows", if: Puppet::Util::Platform.windows? do
-      Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) {}
-
-      expect(xids).to be_empty
+    it "should just yield on Windows", if: Puppet::Util::Platform.windows? do
+      expect { |b| Puppet::Util::SUIDManager.asuser(1, 2, &b) }.to yield_control
     end
   end
 
   describe "#change_group" do
-    describe "when changing permanently" do
+    it "raises on Windows", if: Puppet::Util::Platform.windows? do
+      expect {
+        Puppet::Util::SUIDManager.change_group(42, true)
+      }.to raise_error(NotImplementedError, /change_privilege\(\) function is unimplemented/)
+    end
+
+    describe "when changing permanently", unless: Puppet::Util::Platform.windows? do
       it "should change_privilege" do
         expect(Process::GID).to receive(:change_privilege) do |gid|
           Process.gid = gid
@@ -150,7 +146,7 @@ describe Puppet::Util::SUIDManager do
       end
     end
 
-    describe "when changing temporarily" do
+    describe "when changing temporarily", unless: Puppet::Util::Platform.windows? do
       it "should change only egid" do
         Puppet::Util::SUIDManager.change_group(42, false)
 
@@ -161,7 +157,13 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#change_user" do
-    describe "when changing permanently" do
+    it "raises on Windows", if: Puppet::Util::Platform.windows? do
+      expect {
+        Puppet::Util::SUIDManager.change_user(42, true)
+      }.to raise_error(NotImplementedError, /initgroups\(\) function is unimplemented/)
+    end
+
+    describe "when changing permanently", unless: Puppet::Util::Platform.windows? do
       it "should change_privilege" do
         expect(Process::UID).to receive(:change_privilege) do |uid|
           Process.uid = uid
@@ -191,7 +193,7 @@ describe Puppet::Util::SUIDManager do
       end
     end
 
-    describe "when changing temporarily" do
+    describe "when changing temporarily", unless: Puppet::Util::Platform.windows? do
       it "should change only euid and groups" do
         allow(Puppet::Util::SUIDManager).to receive(:initgroups).and_return([])
         Puppet::Util::SUIDManager.change_user(42, false)
@@ -221,12 +223,7 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#root?" do
-    describe "on POSIX systems" do
-      before :each do
-        allow(Puppet.features).to receive(:posix?).and_return(true)
-        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
-      end
-
+    describe "on POSIX systems", unless: Puppet::Util::Platform.windows? do
       it "should be root if uid is 0" do
         allow(Process).to receive(:uid).and_return(0)
 
@@ -240,7 +237,7 @@ describe Puppet::Util::SUIDManager do
       end
     end
 
-    describe "on Microsoft Windows", :if => Puppet::Util::Platform.windows? do
+    describe "on Windows", :if => Puppet::Util::Platform.windows? do
       it "should be root if user is privileged" do
         allow(Puppet::Util::Windows::User).to receive(:admin?).and_return(true)
 
@@ -261,13 +258,19 @@ describe 'Puppet::Util::SUIDManager#groups=' do
     Puppet::Util::SUIDManager
   end
 
-  it "(#3419) should rescue Errno::EINVAL on OS X" do
+  it "raises on Windows", if: Puppet::Util::Platform.windows? do
+    expect {
+      subject.groups = []
+    }.to raise_error(NotImplementedError, /groups=\(\) function is unimplemented/)
+  end
+
+  it "(#3419) should rescue Errno::EINVAL on OS X", unless: Puppet::Util::Platform.windows? do
     expect(Process).to receive(:groups=).and_raise(Errno::EINVAL, 'blew up')
     expect(subject).to receive(:osx_maj_ver).and_return('10.7').twice
     subject.groups = ['list', 'of', 'groups']
   end
 
-  it "(#3419) should fail if an Errno::EINVAL is raised NOT on OS X" do
+  it "(#3419) should fail if an Errno::EINVAL is raised NOT on OS X", unless: Puppet::Util::Platform.windows? do
     expect(Process).to receive(:groups=).and_raise(Errno::EINVAL, 'blew up')
     expect(subject).to receive(:osx_maj_ver).and_return(false)
     expect { subject.groups = ['list', 'of', 'groups'] }.to raise_error(Errno::EINVAL)