puppet 6.25.1 → 7.0.0

data/spec/unit/util/selinux_spec.rb

@@ -3,29 +3,26 @@ require 'spec_helper'
 require 'pathname'
 require 'puppet/util/selinux'
 
+unless defined?(Selinux)
+  module Selinux
+    def self.is_selinux_enabled
+      false
+    end
+  end
+end
+
 describe Puppet::Util::SELinux do
   include Puppet::Util::SELinux
 
-  let(:selinux) { double('selinux', is_selinux_enabled: false) }
-
-  before :each do
-    stub_const('Selinux', selinux)
-  end
-
   describe "selinux_support?" do
-    it "should return true if this system has SELinux enabled" do
+    it "should return :true if this system has SELinux enabled" do
       expect(Selinux).to receive(:is_selinux_enabled).and_return(1)
-      expect(selinux_support?).to eq(true)
+      expect(selinux_support?).to be_truthy
     end
 
-    it "should return false if this system has SELinux disabled" do
+    it "should return :false if this system lacks SELinux" do
       expect(Selinux).to receive(:is_selinux_enabled).and_return(0)
-      expect(selinux_support?).to eq(false)
-    end
-
-    it "should return false if this system lacks SELinux" do
-      hide_const('Selinux')
-      expect(selinux_support?).to eq(false)
+      expect(selinux_support?).to be_falsey
     end
 
     it "should return nil if /proc/mounts does not exist" do
@@ -114,19 +111,15 @@ describe Puppet::Util::SELinux do
     end
 
     it "should return a context" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
-        expect(get_selinux_current_context("/foo")).to eq("user_u:role_r:type_t:s0")
-      end
+      expect(self).to receive(:selinux_support?).and_return(true)
+      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
+      expect(get_selinux_current_context("/foo")).to eq("user_u:role_r:type_t:s0")
     end
 
     it "should return nil if lgetfilecon fails" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return(-1)
-        expect(get_selinux_current_context("/foo")).to be_nil
-      end
+      expect(self).to receive(:selinux_support?).and_return(true)
+      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return(-1)
+      expect(get_selinux_current_context("/foo")).to be_nil
     end
   end
 
@@ -137,102 +130,47 @@ describe Puppet::Util::SELinux do
     end
 
     it "should return a context if a default context exists" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        fstat = double('File::Stat', :mode => 0)
-        expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
-        expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
-        expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return([0, "user_u:role_r:type_t:s0"])
-
-        expect(get_selinux_default_context("/foo")).to eq("user_u:role_r:type_t:s0")
-      end
-    end
-
-    it "handles permission denied errors by issuing a warning" do
-      without_partial_double_verification do
-        allow(self).to receive(:selinux_support?).and_return(true)
-        allow(self).to receive(:selinux_label_support?).and_return(true)
-        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
-        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::EACCES, "/root/chuj")
-
-        expect(get_selinux_default_context("/root/chuj")).to be_nil
-      end
-    end
-
-    it "backward compatibly handles no such file or directory errors by issuing a warning when resource_ensure not set" do
-      without_partial_double_verification do
-        allow(self).to receive(:selinux_support?).and_return(true)
-        allow(self).to receive(:selinux_label_support?).and_return(true)
-        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
-        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
-
-        expect(get_selinux_default_context("/root/chuj")).to be_nil
-      end
-    end
-
-    it "should determine mode based on resource ensure when set to file" do
-      without_partial_double_verification do
-        allow(self).to receive(:selinux_support?).and_return(true)
-        allow(self).to receive(:selinux_label_support?).and_return(true)
-        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 32768).and_return(-1)
-        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
-
-        expect(get_selinux_default_context("/root/chuj", :present)).to be_nil
-        expect(get_selinux_default_context("/root/chuj", :file)).to be_nil
-      end
-    end
-
-    it "should determine mode based on resource ensure when set to dir" do
-      without_partial_double_verification do
-        allow(self).to receive(:selinux_support?).and_return(true)
-        allow(self).to receive(:selinux_label_support?).and_return(true)
-        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 16384).and_return(-1)
-        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
+      expect(self).to receive(:selinux_support?).and_return(true)
+      fstat = double('File::Stat', :mode => 0)
+      expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
+      expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
+      expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return([0, "user_u:role_r:type_t:s0"])
 
-        expect(get_selinux_default_context("/root/chuj", :directory)).to be_nil
-      end
+      expect(get_selinux_default_context("/foo")).to eq("user_u:role_r:type_t:s0")
     end
 
-    it "should determine mode based on resource ensure when set to link" do
-      without_partial_double_verification do
-        allow(self).to receive(:selinux_support?).and_return(true)
-        allow(self).to receive(:selinux_label_support?).and_return(true)
-        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 40960).and_return(-1)
-        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
+    it "handles permission denied errors by issuing a warning" do
+      allow(self).to receive(:selinux_support?).and_return(true)
+      allow(self).to receive(:selinux_label_support?).and_return(true)
+      allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
+      allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::EACCES, "/root/chuj")
 
-        expect(get_selinux_default_context("/root/chuj", :link)).to be_nil
-      end
+      expect(get_selinux_default_context("/root/chuj")).to be_nil
     end
 
-    it "should determine mode based on resource ensure when set to unknown" do
-      without_partial_double_verification do
-        allow(self).to receive(:selinux_support?).and_return(true)
-        allow(self).to receive(:selinux_label_support?).and_return(true)
-        allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
-        allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
+    it "handles no such file or directory errors by issuing a warning" do
+      allow(self).to receive(:selinux_support?).and_return(true)
+      allow(self).to receive(:selinux_label_support?).and_return(true)
+      allow(Selinux).to receive(:matchpathcon).with("/root/chuj", 0).and_return(-1)
+      allow(self).to receive(:file_lstat).with("/root/chuj").and_raise(Errno::ENOENT, "/root/chuj")
 
-        expect(get_selinux_default_context("/root/chuj", "unknown")).to be_nil
-      end
+      expect(get_selinux_default_context("/root/chuj")).to be_nil
     end
 
     it "should return nil if matchpathcon returns failure" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        fstat = double('File::Stat', :mode => 0)
-        expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
-        expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
-        expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return(-1)
-
-        expect(get_selinux_default_context("/foo")).to be_nil
-      end
+      expect(self).to receive(:selinux_support?).and_return(true)
+      fstat = double('File::Stat', :mode => 0)
+      expect(Puppet::FileSystem).to receive(:lstat).with('/foo').and_return(fstat)
+      expect(self).to receive(:find_fs).with("/foo").and_return("ext3")
+      expect(Selinux).to receive(:matchpathcon).with("/foo", 0).and_return(-1)
+
+      expect(get_selinux_default_context("/foo")).to be_nil
     end
 
     it "should return nil if selinux_label_support returns false" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        expect(self).to receive(:find_fs).with("/foo").and_return("nfs")
-        expect(get_selinux_default_context("/foo")).to be_nil
-      end
+      expect(self).to receive(:selinux_support?).and_return(true)
+      expect(self).to receive(:find_fs).with("/foo").and_return("nfs")
+      expect(get_selinux_default_context("/foo")).to be_nil
     end
   end
 
@@ -323,47 +261,37 @@ describe Puppet::Util::SELinux do
     end
 
     it "should use lsetfilecon to set a context" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-        expect(set_selinux_context("/foo", "user_u:role_r:type_t:s0")).to be_truthy
-      end
+      expect(self).to receive(:selinux_support?).and_return(true)
+      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+      expect(set_selinux_context("/foo", "user_u:role_r:type_t:s0")).to be_truthy
     end
 
     it "should use lsetfilecon to set user_u user context" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "foo:role_r:type_t:s0"])
-        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-        expect(set_selinux_context("/foo", "user_u", :seluser)).to be_truthy
-      end
+      expect(self).to receive(:selinux_support?).and_return(true)
+      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "foo:role_r:type_t:s0"])
+      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+      expect(set_selinux_context("/foo", "user_u", :seluser)).to be_truthy
     end
 
     it "should use lsetfilecon to set role_r role context" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:foo:type_t:s0"])
-        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-        expect(set_selinux_context("/foo", "role_r", :selrole)).to be_truthy
-      end
+      expect(self).to receive(:selinux_support?).and_return(true)
+      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:foo:type_t:s0"])
+      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+      expect(set_selinux_context("/foo", "role_r", :selrole)).to be_truthy
     end
 
     it "should use lsetfilecon to set type_t type context" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:foo:s0"])
-        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
-        expect(set_selinux_context("/foo", "type_t", :seltype)).to be_truthy
-      end
+      expect(self).to receive(:selinux_support?).and_return(true)
+      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:foo:s0"])
+      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0").and_return(0)
+      expect(set_selinux_context("/foo", "type_t", :seltype)).to be_truthy
     end
 
     it "should use lsetfilecon to set s0:c3,c5 range context" do
-      without_partial_double_verification do
-        expect(self).to receive(:selinux_support?).and_return(true)
-        expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
-        expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0:c3,c5").and_return(0)
-        expect(set_selinux_context("/foo", "s0:c3,c5", :selrange)).to be_truthy
-      end
+      expect(self).to receive(:selinux_support?).and_return(true)
+      expect(Selinux).to receive(:lgetfilecon).with("/foo").and_return([0, "user_u:role_r:type_t:s0"])
+      expect(Selinux).to receive(:lsetfilecon).with("/foo", "user_u:role_r:type_t:s0:c3,c5").and_return(0)
+      expect(set_selinux_context("/foo", "s0:c3,c5", :selrange)).to be_truthy
     end
   end
 
@@ -374,44 +302,21 @@ describe Puppet::Util::SELinux do
     end
 
     it "should return nil if no default context exists" do
-      expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return(nil)
+      expect(self).to receive(:get_selinux_default_context).with("/foo").and_return(nil)
       expect(set_selinux_default_context("/foo")).to be_nil
     end
 
     it "should do nothing and return nil if the current context matches the default context" do
-      expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return("user_u:role_r:type_t")
+      expect(self).to receive(:get_selinux_default_context).with("/foo").and_return("user_u:role_r:type_t")
       expect(self).to receive(:get_selinux_current_context).with("/foo").and_return("user_u:role_r:type_t")
       expect(set_selinux_default_context("/foo")).to be_nil
     end
 
     it "should set and return the default context if current and default do not match" do
-      expect(self).to receive(:get_selinux_default_context).with("/foo", nil).and_return("user_u:role_r:type_t")
+      expect(self).to receive(:get_selinux_default_context).with("/foo").and_return("user_u:role_r:type_t")
       expect(self).to receive(:get_selinux_current_context).with("/foo").and_return("olduser_u:role_r:type_t")
       expect(self).to receive(:set_selinux_context).with("/foo", "user_u:role_r:type_t").and_return(true)
       expect(set_selinux_default_context("/foo")).to eq("user_u:role_r:type_t")
     end
   end
-
-  describe "get_create_mode" do
-    it "should return 0 if the resource is absent" do
-      expect(get_create_mode(:absent)).to eq(0)
-    end
-
-    it "should return mode with file type set to S_IFREG when resource is file" do
-      expect(get_create_mode(:present)).to eq(32768)
-      expect(get_create_mode(:file)).to eq(32768)
-    end
-
-    it "should return mode with file type set to S_IFDIR when resource is dir" do
-      expect(get_create_mode(:directory)).to eq(16384)
-    end
-
-    it "should return mode with file type set to S_IFLNK when resource is link" do
-      expect(get_create_mode(:link)).to eq(40960)
-    end
-
-    it "should return 0 for everything else" do
-      expect(get_create_mode("unknown")).to eq(0)
-    end
-  end
 end

data/spec/unit/util/storage_spec.rb

@@ -143,11 +143,9 @@ describe Puppet::Util::Storage do
       end
 
       it "should raise an error if the state file does not contain valid YAML and cannot be renamed" do
-        allow(File).to receive(:rename).and_call_original
-
         write_state_file('{ invalid')
 
-        expect(File).to receive(:rename).with(@state_file, "#{@state_file}.bad").and_raise(SystemCallError)
+        expect(File).to receive(:rename).and_raise(SystemCallError)
 
         expect { Puppet::Util::Storage.load }.to raise_error(Puppet::Error, /Could not rename/)
       end

data/spec/unit/util/suidmanager_spec.rb

@@ -14,14 +14,12 @@ describe Puppet::Util::SUIDManager do
     pwent = double('pwent', :name => 'fred', :uid => 42, :gid => 42)
     allow(Etc).to receive(:getpwuid).with(42).and_return(pwent)
 
-    unless Puppet::Util::Platform.windows?
-      [:euid, :egid, :uid, :gid, :groups].each do |id|
-        allow(Process).to receive("#{id}=") {|value| xids[id] = value}
-      end
+    [:euid, :egid, :uid, :gid, :groups].each do |id|
+      allow(Process).to receive("#{id}=") {|value| xids[id] = value}
     end
   end
 
-  describe "#initgroups", unless: Puppet::Util::Platform.windows? do
+  describe "#initgroups" do
     it "should use the primary group of the user as the 'basegid'" do
       expect(Process).to receive(:initgroups).with('fred', 42)
       described_class.initgroups(42)
@@ -29,7 +27,7 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#uid" do
-    it "should allow setting euid/egid", unless: Puppet::Util::Platform.windows? do
+    it "should allow setting euid/egid" do
       Puppet::Util::SUIDManager.egid = user[:gid]
       Puppet::Util::SUIDManager.euid = user[:uid]
 
@@ -39,7 +37,8 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#asuser" do
-    it "should not get or set euid/egid when not root", unless: Puppet::Util::Platform.windows? do
+    it "should not get or set euid/egid when not root" do
+      allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
       allow(Process).to receive(:uid).and_return(1)
 
       allow(Process).to receive(:egid).and_return(51)
@@ -50,12 +49,13 @@ describe Puppet::Util::SUIDManager do
       expect(xids).to be_empty
     end
 
-    context "when root and not Windows" do
+    context "when root and not windows" do
       before :each do
         allow(Process).to receive(:uid).and_return(0)
+        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
       end
 
-      it "should set euid/egid", unless: Puppet::Util::Platform.windows? do
+      it "should set euid/egid" do
         allow(Process).to receive(:egid).and_return(51, 51, user[:gid])
         allow(Process).to receive(:euid).and_return(50, 50, user[:uid])
 
@@ -79,23 +79,29 @@ describe Puppet::Util::SUIDManager do
       end
 
       it "should just yield if user and group are nil" do
-        expect { |b| Puppet::Util::SUIDManager.asuser(nil, nil, &b) }.to yield_control
+        yielded = false
+        Puppet::Util::SUIDManager.asuser(nil, nil) { yielded = true }
+        expect(yielded).to be_truthy
         expect(xids).to eq({})
       end
 
-      it "should just change group if only group is given", unless: Puppet::Util::Platform.windows? do
-        expect { |b| Puppet::Util::SUIDManager.asuser(nil, 42, &b) }.to yield_control
+      it "should just change group if only group is given" do
+        yielded = false
+        Puppet::Util::SUIDManager.asuser(nil, 42) { yielded = true }
+        expect(yielded).to be_truthy
         expect(xids).to eq({ :egid => 42 })
       end
 
-      it "should change gid to the primary group of uid by default", unless: Puppet::Util::Platform.windows? do
+      it "should change gid to the primary group of uid by default" do
         allow(Process).to receive(:initgroups)
 
-        expect { |b| Puppet::Util::SUIDManager.asuser(42, nil, &b) }.to yield_control
+        yielded = false
+        Puppet::Util::SUIDManager.asuser(42) { yielded = true }
+        expect(yielded).to be_truthy
         expect(xids).to eq({ :euid => 42, :egid => 42 })
       end
 
-      it "should change both uid and gid if given", unless: Puppet::Util::Platform.windows? do
+      it "should change both uid and gid if given" do
         # I don't like the sequence, but it is the only way to assert on the
         # internal behaviour in a reliable fashion, given we need multiple
         # sequenced calls to the same methods. --daniel 2012-02-05
@@ -104,23 +110,21 @@ describe Puppet::Util::SUIDManager do
         expect(Puppet::Util::SUIDManager).to receive(:change_group).with(Puppet::Util::SUIDManager.egid, false).ordered()
         expect(Puppet::Util::SUIDManager).to receive(:change_user).with(Puppet::Util::SUIDManager.euid, false).ordered()
 
-        expect { |b| Puppet::Util::SUIDManager.asuser(42, 43, &b) }.to yield_control
+        yielded = false
+        Puppet::Util::SUIDManager.asuser(42, 43) { yielded = true }
+        expect(yielded).to be_truthy
       end
     end
 
-    it "should just yield on Windows", if: Puppet::Util::Platform.windows? do
-      expect { |b| Puppet::Util::SUIDManager.asuser(1, 2, &b) }.to yield_control
+    it "should not get or set euid/egid on Windows", if: Puppet::Util::Platform.windows? do
+      Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) {}
+
+      expect(xids).to be_empty
     end
   end
 
   describe "#change_group" do
-    it "raises on Windows", if: Puppet::Util::Platform.windows? do
-      expect {
-        Puppet::Util::SUIDManager.change_group(42, true)
-      }.to raise_error(NotImplementedError, /change_privilege\(\) function is unimplemented/)
-    end
-
-    describe "when changing permanently", unless: Puppet::Util::Platform.windows? do
+    describe "when changing permanently" do
       it "should change_privilege" do
         expect(Process::GID).to receive(:change_privilege) do |gid|
           Process.gid = gid
@@ -146,7 +150,7 @@ describe Puppet::Util::SUIDManager do
       end
     end
 
-    describe "when changing temporarily", unless: Puppet::Util::Platform.windows? do
+    describe "when changing temporarily" do
       it "should change only egid" do
         Puppet::Util::SUIDManager.change_group(42, false)
 
@@ -157,13 +161,7 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#change_user" do
-    it "raises on Windows", if: Puppet::Util::Platform.windows? do
-      expect {
-        Puppet::Util::SUIDManager.change_user(42, true)
-      }.to raise_error(NotImplementedError, /initgroups\(\) function is unimplemented/)
-    end
-
-    describe "when changing permanently", unless: Puppet::Util::Platform.windows? do
+    describe "when changing permanently" do
       it "should change_privilege" do
         expect(Process::UID).to receive(:change_privilege) do |uid|
           Process.uid = uid
@@ -193,7 +191,7 @@ describe Puppet::Util::SUIDManager do
       end
     end
 
-    describe "when changing temporarily", unless: Puppet::Util::Platform.windows? do
+    describe "when changing temporarily" do
       it "should change only euid and groups" do
         allow(Puppet::Util::SUIDManager).to receive(:initgroups).and_return([])
         Puppet::Util::SUIDManager.change_user(42, false)
@@ -223,7 +221,12 @@ describe Puppet::Util::SUIDManager do
   end
 
   describe "#root?" do
-    describe "on POSIX systems", unless: Puppet::Util::Platform.windows? do
+    describe "on POSIX systems" do
+      before :each do
+        allow(Puppet.features).to receive(:posix?).and_return(true)
+        allow(Puppet::Util::Platform).to receive(:windows?).and_return(false)
+      end
+
       it "should be root if uid is 0" do
         allow(Process).to receive(:uid).and_return(0)
 
@@ -237,7 +240,7 @@ describe Puppet::Util::SUIDManager do
       end
     end
 
-    describe "on Windows", :if => Puppet::Util::Platform.windows? do
+    describe "on Microsoft Windows", :if => Puppet::Util::Platform.windows? do
       it "should be root if user is privileged" do
         allow(Puppet::Util::Windows::User).to receive(:admin?).and_return(true)
 
@@ -258,19 +261,13 @@ describe 'Puppet::Util::SUIDManager#groups=' do
     Puppet::Util::SUIDManager
   end
 
-  it "raises on Windows", if: Puppet::Util::Platform.windows? do
-    expect {
-      subject.groups = []
-    }.to raise_error(NotImplementedError, /groups=\(\) function is unimplemented/)
-  end
-
-  it "(#3419) should rescue Errno::EINVAL on OS X", unless: Puppet::Util::Platform.windows? do
+  it "(#3419) should rescue Errno::EINVAL on OS X" do
     expect(Process).to receive(:groups=).and_raise(Errno::EINVAL, 'blew up')
     expect(subject).to receive(:osx_maj_ver).and_return('10.7').twice
     subject.groups = ['list', 'of', 'groups']
   end
 
-  it "(#3419) should fail if an Errno::EINVAL is raised NOT on OS X", unless: Puppet::Util::Platform.windows? do
+  it "(#3419) should fail if an Errno::EINVAL is raised NOT on OS X" do
     expect(Process).to receive(:groups=).and_raise(Errno::EINVAL, 'blew up')
     expect(subject).to receive(:osx_maj_ver).and_return(false)
     expect { subject.groups = ['list', 'of', 'groups'] }.to raise_error(Errno::EINVAL)

data/spec/unit/util/windows/sid_spec.rb

@@ -131,74 +131,33 @@ describe "Puppet::Util::Windows::SID", :if => Puppet::Util::Platform.windows? do
       expect(subject.name_to_principal(unknown_name)).to be_nil
     end
 
-    it "should print a debug message if the account does not exist" do
-      expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
-      subject.name_to_principal(unknown_name)
-    end
-
     it "should return a Puppet::Util::Windows::SID::Principal instance for any valid sid" do
       expect(subject.name_to_principal(sid)).to be_an_instance_of(Puppet::Util::Windows::SID::Principal)
     end
 
-    it "should not print debug messages for valid sid" do
-      expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
-      expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
-      subject.name_to_principal(sid)
-    end
-
-    it "should print a debug message for invalid sid" do
-      expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
-      expect(Puppet).to receive(:debug).with(/No mapping between account names and security IDs was done/)
-      subject.name_to_principal('S-1-5-21-INVALID-SID')
-    end
-
     it "should accept unqualified account name" do
       # NOTE: lookup by name works in localized environments only for a few instances
       # this works in French Windows, even though the account is really Syst\u00E8me
       expect(subject.name_to_principal('SYSTEM').sid).to eq(sid)
     end
 
-    it "should not print debug messages for unqualified account name" do
-      expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
-      expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
-      subject.name_to_principal('SYSTEM')
-    end
-
     it "should be case-insensitive" do
       # NOTE: lookup by name works in localized environments only for a few instances
       # this works in French Windows, even though the account is really Syst\u00E8me
       expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal('system'))
     end
 
-    it "should not print debug messages for wrongly cased account name" do
-      expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
-      expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
-      subject.name_to_principal('system')
-    end
-
     it "should be leading and trailing whitespace-insensitive" do
       # NOTE: lookup by name works in localized environments only for a few instances
       # this works in French Windows, even though the account is really Syst\u00E8me
       expect(subject.name_to_principal('SYSTEM')).to eq(subject.name_to_principal(' SYSTEM '))
     end
 
-    it "should not print debug messages for account name with leading and trailing whitespace" do
-      expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
-      expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
-      subject.name_to_principal(' SYSTEM ')
-    end
-
     it "should accept domain qualified account names" do
       # NOTE: lookup by name works in localized environments only for a few instances
       # this works in French Windows, even though the account is really AUTORITE NT\\Syst\u00E8me
       expect(subject.name_to_principal('NT AUTHORITY\SYSTEM').sid).to eq(sid)
     end
-
-    it "should not print debug messages for domain qualified account names" do
-      expect(Puppet).not_to receive(:debug).with(/Could not retrieve raw SID bytes from/)
-      expect(Puppet).not_to receive(:debug).with(/No mapping between account names and security IDs was done/)
-      subject.name_to_principal('NT AUTHORITY\SYSTEM')
-    end
   end
 
   context "#ads_to_principal" do

data/spec/unit/util/windows/string_spec.rb

@@ -4,15 +4,13 @@ require 'spec_helper'
 require 'puppet/util/windows'
 
 describe "Puppet::Util::Windows::String", :if => Puppet::Util::Platform.windows? do
-  UTF16_NULL = [0, 0]
-
   def wide_string(str)
     Puppet::Util::Windows::String.wide_string(str)
   end
 
   def converts_to_wide_string(string_value)
     expected = string_value.encode(Encoding::UTF_16LE)
-    expected_bytes = expected.bytes.to_a + UTF16_NULL
+    expected_bytes = expected.bytes.to_a
 
     expect(wide_string(string_value).bytes.to_a).to eq(expected_bytes)
   end