test-kitchen 1.7.3 → 1.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d0e37a0923ae4e4813b068aef196a6edc377c1a8
-  data.tar.gz: 76b01133768705977dc35a50790be3269e1715f3
+  metadata.gz: 2ad48e5953da8eb9d58bd3a8e2933450d669caa8
+  data.tar.gz: 9d661157b18854c43bb1ce3094cb95888b9e0f95
 SHA512:
-  metadata.gz: f93c6bbc69350a1350313a87a2980972e3ab96c99a7d20035490040da2ceab98606359137cae50c6edc5bbe02b36668801534e2ce464f30d16d375518d01a365
-  data.tar.gz: 7d8628a749047cfc683b90998e23b2a9ac67019acc0f18be5073e3fb20e5a378f3e7df2a35a2937625bce620e8d64505b6a0f74a918b29225c15eca6e85f190a
+  metadata.gz: 61f25a72986488f05691bbbcb1189e08bac9a6953c52bbc93980c0f7caa283ac80a197da1a296e273217d99f43115f1cecfc136ccc43804eefc985a97e170894
+  data.tar.gz: 344538d21ba1ce73e9c892bb895ad59f31a078eb661552ef8661d6c878f5d4f187eee6eb5f13756eb81fd894f2ee632a1a360fa87a9452fb8f06f3a4bb5ba3dd

data/.kitchen.ci.yml

@@ -13,6 +13,9 @@ provisioner:
 platforms:
   - name: ubuntu-14.04
   - name: windows-2012R2
+    transport:
+      name: winrm
+      elevated: true
 
 verifier:
   name: inspec

data/CHANGELOG.md

@@ -1,5 +1,13 @@
 # Change Log
 
+## [1.8.0](https://github.com/test-kitchen/test-kitchen/tree/1.8.0) (2016-05-05)
+[Full Changelog](https://github.com/test-kitchen/test-kitchen/compare/v1.7.3...1.8.0)
+
+**Implemented enhancements:**
+
+- Add native policyfile resolution support [\#1014](https://github.com/test-kitchen/test-kitchen/pull/1014) ([danielsdeleo](https://github.com/danielsdeleo))
+- Provide the option to run all winrm commands through a scheduled task [\#1012](https://github.com/test-kitchen/test-kitchen/pull/1012) ([mwrock](https://github.com/mwrock))
+
 ## [1.7.3](https://github.com/test-kitchen/test-kitchen/tree/1.7.3) (2016-04-13)
 [Full Changelog](https://github.com/test-kitchen/test-kitchen/compare/v1.7.2...1.7.3)
 

data/lib/kitchen/data_munger.rb

@@ -624,10 +624,11 @@ module Kitchen
     # Destructively moves key Chef configuration key/value pairs from being
     # directly under a suite or platform into a `:provisioner` sub-hash.
     #
-    # There are two key Chef configuration key/value pairs:
+    # There are three key Chef configuration key/value pairs:
     #
     # 1. `:attributes`
     # 2. `:run_list`
+    # 3. `:named_run_list`
     #
     # This method converts the following:
     #
@@ -678,11 +679,13 @@ module Kitchen
       data.fetch(:suites, []).each do |suite|
         move_chef_data_to_provisioner_at!(suite, :attributes)
         move_chef_data_to_provisioner_at!(suite, :run_list)
+        move_chef_data_to_provisioner_at!(suite, :named_run_list)
       end
 
       data.fetch(:platforms, []).each do |platform|
         move_chef_data_to_provisioner_at!(platform, :attributes)
         move_chef_data_to_provisioner_at!(platform, :run_list)
+        move_chef_data_to_provisioner_at!(platform, :named_run_list)
       end
     end
 

data/lib/kitchen/provisioner/chef/common_sandbox.rb

@@ -16,6 +16,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+require "json"
+
 module Kitchen
 
   module Provisioner
@@ -86,6 +88,14 @@ module Kitchen
             select { |fn| File.file?(fn) && ! %w[. ..].include?(fn) }
         end
 
+        # @return [String] an absolute path to a Policyfile, relative to the
+        #   kitchen root
+        # @api private
+        def policyfile
+          basename = config[:policyfile_path] || "Policyfile.rb"
+          File.join(config[:kitchen_root], basename)
+        end
+
         # @return [String] an absolute path to a Berksfile, relative to the
         #   kitchen root
         # @api private
@@ -246,8 +256,11 @@ module Kitchen
         # Prepares Chef cookbooks for inclusion in the sandbox path.
         #
         # @api private
+        # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity
         def prepare_cookbooks
-          if File.exist?(berksfile)
+          if File.exist?(policyfile)
+            resolve_with_policyfile
+          elsif File.exist?(berksfile)
             resolve_with_berkshelf
           elsif File.exist?(cheffile)
             resolve_with_librarian
@@ -268,7 +281,11 @@ module Kitchen
         #
         # @api private
         def prepare_json
-          dna = config[:attributes].merge(:run_list => config[:run_list])
+          dna = if File.exist?(policyfile)
+            update_dna_for_policyfile
+          else
+            config[:attributes].merge(:run_list => config[:run_list])
+          end
 
           info("Preparing dna.json")
           debug("Creating dna.json from #{dna.inspect}")
@@ -278,6 +295,32 @@ module Kitchen
           end
         end
 
+        def update_dna_for_policyfile
+          if !config[:run_list].nil? && !config[:run_list].empty?
+            warn("You must set your run_list in your policyfile instead of "\
+                 "kitchen config. The run_list your config will be ignored.")
+            warn("Ignored run_list: #{config[:run_list].inspect}")
+          end
+          policylock = policyfile.gsub(/\.rb\Z/, ".lock.json")
+          unless File.exist?(policylock)
+            Kitchen.mutex.synchronize do
+              Chef::Policyfile.new(policyfile, sandbox_path, logger).compile
+            end
+          end
+          policy_name = JSON.parse(IO.read(policylock))["name"]
+          policy_group = "local"
+          config[:attributes].merge(:policy_name => policy_name, :policy_group => policy_group)
+        end
+
+        # Performs a Policyfile cookbook resolution inside a common mutex.
+        #
+        # @api private
+        def resolve_with_policyfile
+          Kitchen.mutex.synchronize do
+            Chef::Policyfile.new(policyfile, sandbox_path, logger).resolve
+          end
+        end
+
         # Performs a Berkshelf cookbook resolution inside a common mutex.
         #
         # @api private
@@ -316,6 +359,7 @@ module Kitchen
         def tmpsitebooks_dir
           File.join(sandbox_path, "cookbooks")
         end
+
       end
     end
   end

data/lib/kitchen/provisioner/chef/policyfile.rb

@@ -0,0 +1,107 @@
+# -*- encoding: utf-8 -*-
+#
+# Author:: Fletcher Nichol (<fnichol@nichol.ca>)
+#
+# Copyright (C) 2013, Fletcher Nichol
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require "kitchen/errors"
+require "kitchen/logging"
+require "kitchen/shell_out"
+
+module Kitchen
+
+  module Provisioner
+
+    module Chef
+
+      # Chef cookbook resolver that uses Policyfiles to calculate dependencies.
+      #
+      # @author Fletcher Nichol <fnichol@nichol.ca>
+      class Policyfile
+
+        include Logging
+        include ShellOut
+
+        # Creates a new cookbook resolver.
+        #
+        # @param berksfile [String] path to a Berksfile
+        # @param path [String] path in which to vendor the resulting
+        #   cookbooks
+        # @param logger [Kitchen::Logger] a logger to use for output, defaults
+        #   to `Kitchen.logger`
+        def initialize(policyfile, path, logger = Kitchen.logger)
+          @policyfile = policyfile
+          @path       = path
+          @logger     = logger
+        end
+
+        # Loads the library code required to use the resolver.
+        #
+        # @param logger [Kitchen::Logger] a logger to use for output, defaults
+        #   to `Kitchen.logger`
+        def self.load!(logger = Kitchen.logger)
+          detect_chef_command!(logger)
+        end
+
+        # Performs the cookbook resolution and vendors the resulting cookbooks
+        # in the desired path.
+        def resolve
+          info("Exporting cookbook dependencies from Policyfile #{path}...")
+          run_command("chef export #{policyfile} #{path} --force")
+        end
+
+        # Runs `chef install` to determine the correct cookbook set and
+        # generate the policyfile lock.
+        def compile
+          info("Policy lock file doesn't exist, running `chef install` for "\
+               "Policyfile #{policyfile}...")
+          run_command("chef install #{policyfile}")
+        end
+
+        private
+
+        # @return [String] path to a Berksfile
+        # @api private
+        attr_reader :policyfile
+
+        # @return [String] path in which to vendor the resulting cookbooks
+        # @api private
+        attr_reader :path
+
+        # @return [Kitchen::Logger] a logger to use for output
+        # @api private
+        attr_reader :logger
+
+        # Ensure the `chef` command is in the path.
+        #
+        # @param logger [Kitchen::Logger] the logger to use
+        # @raise [UserError] if the `chef` command is not in the PATH
+        # @api private
+        def self.detect_chef_command!(logger)
+          unless ENV["PATH"].split(File::PATH_SEPARATOR).any? { |p|
+            File.exist?(File.join(p, "chef"))
+          }
+            logger.fatal("The `chef` executable cannot be found in your " \
+                         "PATH. Ensure you have installed ChefDK from " \
+                         "https://downloads.chef.io and that your PATH " \
+                         "setting includes the path to the `chef` comand.")
+            raise UserError,
+              "Could not find the chef executable in your PATH."
+          end
+        end
+      end
+    end
+  end
+end

data/lib/kitchen/provisioner/chef_base.rb

@@ -21,6 +21,7 @@ require "pathname"
 require "json"
 require "cgi"
 
+require "kitchen/provisioner/chef/policyfile"
 require "kitchen/provisioner/chef/berkshelf"
 require "kitchen/provisioner/chef/common_sandbox"
 require "kitchen/provisioner/chef/librarian"
@@ -53,6 +54,9 @@ module Kitchen
       default_config :log_file, nil
       default_config :log_level, "auto"
       default_config :profile_ruby, false
+      # Will try to autodetect by searching for `Policyfile.rb` if not set.
+      # If set, will error if the file doesn't exist.
+      default_config :policyfile_path, nil
       default_config :cookbook_files_glob, %w[
         README.* metadata.{json,rb}
         attributes/**/* definitions/**/* files/**/* libraries/**/*
@@ -114,6 +118,7 @@ module Kitchen
       # (see Base#create_sandbox)
       def create_sandbox
         super
+        sanity_check_sandbox_options!
         Chef::CommonSandbox.new(config, sandbox_path, instance).populate
       end
 
@@ -158,6 +163,14 @@ module Kitchen
         end
       end
 
+      # @return [String] an absolute path to a Policyfile, relative to the
+      #   kitchen root
+      # @api private
+      def policyfile
+        policyfile_basename = config[:policyfile_path] || "Policyfile.rb"
+        File.join(config[:kitchen_root], policyfile_basename)
+      end
+
       # @return [String] an absolute path to a Berksfile, relative to the
       #   kitchen root
       # @api private
@@ -264,7 +277,10 @@ module Kitchen
       # (see Base#load_needed_dependencies!)
       def load_needed_dependencies!
         super
-        if File.exist?(berksfile)
+        if File.exist?(policyfile)
+          debug("Policyfile found at #{policyfile}, using Policyfile to resolve dependencies")
+          Chef::Policyfile.load!(logger)
+        elsif File.exist?(berksfile)
           debug("Berksfile found at #{berksfile}, loading Berkshelf")
           Chef::Berkshelf.load!(logger)
         elsif File.exist?(cheffile)
@@ -325,6 +341,27 @@ module Kitchen
         config[:chef_omnibus_root] = installer.root
         installer.install_command
       end
+
+      def supports_policyfile?
+        false
+      end
+
+      # @return [void]
+      # @raise [UserError]
+      # @api private
+      def sanity_check_sandbox_options!
+        if config[:policyfile_path] && !File.exist?(policyfile)
+          raise UserError, "policyfile_path set in config "\
+            "(#{config[:policyfile_path]} could not be found. " \
+            "Expected to find it at full path #{policyfile} " \
+        end
+        if File.exist?(policyfile) && !supports_policyfile?
+          raise UserError, "policyfile detected, but provisioner " \
+            "#{self.class.name} doesn't support policyfiles. " \
+            "Either use a different provisioner, or delete/rename " \
+            "#{policyfile}"
+        end
+      end
     end
   end
 end

data/lib/kitchen/provisioner/chef_zero.rb

@@ -32,6 +32,7 @@ module Kitchen
       plugin_version Kitchen::VERSION
 
       default_config :client_rb, {}
+      default_config :named_run_list, {}
       default_config :json_attributes, true
       default_config :chef_zero_host, nil
       default_config :chef_zero_port, 8889
@@ -207,6 +208,7 @@ module Kitchen
       # @api private
       def prepare_client_rb
         data = default_config_rb.merge(config[:client_rb])
+        data = data.merge(:named_run_list => config[:named_run_list]) if config[:named_run_list]
 
         info("Preparing client.rb")
         debug("Creating client.rb from #{data.inspect}")
@@ -240,6 +242,14 @@ module Kitchen
 
         "#{chef_client_zero_env}\n#{sudo(ruby)} #{shim}"
       end
+
+      # This provisioner supports policyfiles, so override the default (which
+      # is false)
+      # @return [true] always returns true
+      # @api private
+      def supports_policyfile?
+        true
+      end
     end
   end
 end

data/lib/kitchen/transport/winrm.rb

@@ -42,6 +42,7 @@ module Kitchen
 
       default_config :username, "administrator"
       default_config :password, nil
+      default_config :elevated, false
       default_config :rdp_port, 3389
       default_config :connection_retries, 5
       default_config :connection_retry_sleep, 1
@@ -185,6 +186,10 @@ module Kitchen
         # @api private
         attr_reader :winrm_transport
 
+        # @return [Boolean] whether to use winrm-elevated for running commands
+        # @api private
+        attr_reader :elevated
+
         # Writes an RDP document to the local file system.
         #
         # @param opts [Hash] file options
@@ -217,13 +222,30 @@ module Kitchen
         #   script and the standard error stream
         # @api private
         def execute_with_exit_code(command)
-          response = session.run_powershell_script(command) do |stdout, _|
-            logger << stdout if stdout
+          if elevated
+            unless options[:elevated_username] == options[:user]
+              command = "$env:temp='#{unelevated_temp_dir}';#{command}"
+            end
+            response = elevated_runner.powershell_elevated(
+              command,
+              options[:elevated_username],
+              options[:elevated_password]
+            ) do |stdout, _|
+              logger << stdout if stdout
+            end
+          else
+            response = session.run_powershell_script(command) do |stdout, _|
+              logger << stdout if stdout
+            end
           end
 
           [response[:exitcode], response.stderr]
         end
 
+        def unelevated_temp_dir
+          @unelevated_temp_dir ||= session.run_powershell_script("$env:temp").stdout.chomp
+        end
+
         # @return [Winrm::FileTransporter] a file transporter
         # @api private
         def file_transporter
@@ -241,6 +263,7 @@ module Kitchen
           @connection_retries = @options.delete(:connection_retries)
           @connection_retry_sleep = @options.delete(:connection_retry_sleep)
           @max_wait_until_ready   = @options.delete(:max_wait_until_ready)
+          @elevated           = @options.delete(:elevated)
         end
 
         # Logs formatted standard error output at the warning level.
@@ -309,16 +332,33 @@ module Kitchen
         # @return [Winrm::CommandExecutor] the command executor session
         # @api private
         def session(retry_options = {})
-          @session ||= begin
+          @session ||= service(retry_options).create_executor
+        end
+
+        # Creates the elevated runner for running elevated commands
+        #
+        # @return [Winrm::Elevated::Runner] the elevated runner
+        # @api private
+        def elevated_runner
+          @elevated_runner ||= WinRM::Elevated::Runner.new(session)
+        end
+
+        # Creates a winrm web service instance
+        #
+        # @param retry_options [Hash] retry options for the initial connection
+        # @return [Winrm::WinRMWebService] the winrm web service
+        # @api private
+        def service(retry_options = {})
+          @service ||= begin
             opts = {
               :retry_limit => connection_retries.to_i,
               :retry_delay   => connection_retry_sleep.to_i
             }.merge(retry_options)
 
             service_args = [endpoint, winrm_transport, options.merge(opts)]
-            @service = ::WinRM::WinRMWebService.new(*service_args)
-            @service.logger = logger
-            @service.create_executor
+            svc = ::WinRM::WinRMWebService.new(*service_args)
+            svc.logger = logger
+            svc
           end
         end
 
@@ -360,6 +400,7 @@ module Kitchen
 
       WINRM_SPEC_VERSION = ["~> 1.6"].freeze
       WINRM_FS_SPEC_VERSION = ["~> 0.4.1"].freeze
+      WINRM_ELEVATED_SPEC_VERSION = ["~> 0.4.0"].freeze
 
       # Builds the hash of options needed by the Connection object on
       # construction.
@@ -368,6 +409,9 @@ module Kitchen
       # @return [Hash] hash of connection options
       # @api private
       def connection_options(data)
+        elevated_password = data[:password]
+        elevated_password = data[:elevated_password] if data.key?(:elevated_password)
+
         opts = {
           :instance_name => instance.name,
           :kitchen_root => data[:kitchen_root],
@@ -379,7 +423,10 @@ module Kitchen
           :connection_retries => data[:connection_retries],
           :connection_retry_sleep => data[:connection_retry_sleep],
           :max_wait_until_ready => data[:max_wait_until_ready],
-          :winrm_transport => data[:winrm_transport]
+          :winrm_transport => data[:winrm_transport],
+          :elevated => data[:elevated],
+          :elevated_username => data[:elevated_username] || data[:username],
+          :elevated_password => elevated_password
         }
         opts.merge!(additional_transport_args(opts[:winrm_transport]))
         opts
@@ -424,6 +471,7 @@ module Kitchen
         super
         load_with_rescue!("winrm", WINRM_SPEC_VERSION.dup)
         load_with_rescue!("winrm-fs", WINRM_FS_SPEC_VERSION.dup)
+        load_with_rescue!("winrm-elevated", WINRM_ELEVATED_SPEC_VERSION.dup) if config[:elevated]
       end
 
       def load_with_rescue!(gem_name, spec_version)

data/lib/kitchen/version.rb

@@ -17,5 +17,5 @@
 # limitations under the License.
 
 module Kitchen
-  VERSION = "1.7.3"
+  VERSION = "1.8.0"
 end

data/spec/kitchen/data_munger_spec.rb

@@ -480,6 +480,23 @@ module Kitchen # rubocop:disable Metrics/ModuleLength
           )
         end
 
+        it "moves named_run_list into provisioner" do
+          DataMunger.new(
+            {
+              :provisioner => "chefy",
+              :suites => [
+                {
+                  :name => "sweet",
+                  :named_run_list => "other_run_list"
+                }
+              ]
+            },
+            {}
+          ).provisioner_data_for("sweet", "plat").must_equal(
+            :name => "chefy",
+            :named_run_list => "other_run_list"
+          )
+        end
         it "maintains run_list in provisioner" do
           DataMunger.new(
             {
@@ -536,6 +553,23 @@ module Kitchen # rubocop:disable Metrics/ModuleLength
           )
         end
 
+        it "merge provisioner into named_run_list if provisioner exists" do
+          DataMunger.new(
+            {
+              :suites => [
+                {
+                  :name => "sweet",
+                  :named_run_list => "other_run_list",
+                  :provisioner => "chefy"
+                }
+              ]
+            },
+            {}
+          ).provisioner_data_for("sweet", "plat").must_equal(
+            :name => "chefy",
+            :named_run_list => "other_run_list"
+          )
+        end
         it "drops nil run_list" do
           DataMunger.new(
             {
@@ -609,6 +643,23 @@ module Kitchen # rubocop:disable Metrics/ModuleLength
           )
         end
 
+        it "moves named_run_list into provisioner" do
+          DataMunger.new(
+            {
+              :provisioner => "chefy",
+              :platforms => [
+                {
+                  :name => "plat",
+                  :named_run_list => "other_run_list"
+                }
+              ]
+            },
+            {}
+          ).provisioner_data_for("sweet", "plat").must_equal(
+            :name => "chefy",
+            :named_run_list => "other_run_list"
+          )
+        end
         it "maintains run_list in provisioner" do
           DataMunger.new(
             {
@@ -665,6 +716,23 @@ module Kitchen # rubocop:disable Metrics/ModuleLength
           )
         end
 
+        it "merge provisioner into named_run_list if provisioner exists" do
+          DataMunger.new(
+            {
+              :platforms => [
+                {
+                  :name => "plat",
+                  :named_run_list => "other_run_list",
+                  :provisioner => "chefy"
+                }
+              ]
+            },
+            {}
+          ).provisioner_data_for("sweet", "plat").must_equal(
+            :name => "chefy",
+            :named_run_list => "other_run_list"
+          )
+        end
         it "drops nil run_list" do
           DataMunger.new(
             {

data/spec/kitchen/provisioner/chef_base_spec.rb

@@ -893,6 +893,170 @@ describe Kitchen::Provisioner::ChefBase do
         end
       end
 
+      describe "with a Policyfile under kitchen_root" do
+
+        let(:resolver) { stub(:resolve => true) }
+
+        describe "with the default name `Policyfile.rb`" do
+          before do
+            File.open("#{kitchen_root}/Policyfile.rb", "wb") do |file|
+              file.write(<<-POLICYFILE)
+name 'wat'
+run_list 'wat'
+cookbook 'wat'
+POLICYFILE
+            end
+            File.open("#{kitchen_root}/Policyfile.lock.json", "wb") do |file|
+              file.write(<<-POLICYFILE)
+{
+  "name": "wat"
+}
+POLICYFILE
+            end
+            Kitchen::Provisioner::Chef::Policyfile.stubs(:new).returns(resolver)
+          end
+
+          describe "when the chef executable is not in the PATH" do
+            it "raises a UserError" do
+              Kitchen::Provisioner::Chef::Policyfile.stubs(:detect_chef_command!).with do
+                raise Kitchen::UserError, "Load failed"
+              end
+              proc { provisioner }.must_raise Kitchen::UserError
+            end
+          end
+
+          describe "when using a provisoner that doesn't support policyfiles" do
+            # This is be the default, provisioners must opt-in.
+            it "raises a UserError" do
+              proc { provisioner.create_sandbox }.must_raise Kitchen::UserError
+            end
+          end
+
+          describe "when the chef executable is in the PATH" do
+
+            before do
+              Kitchen::Provisioner::Chef::Policyfile.stubs(:load!)
+              provisioner.stubs(:supports_policyfile?).returns(true)
+            end
+
+            it "logs on debug that it autodetected the policyfile" do
+              provisioner
+
+              logged_output.string.must_match debug_line(
+                "Policyfile found at #{kitchen_root}/Policyfile.rb, "\
+                "using Policyfile to resolve dependencies")
+            end
+
+            it "uses uses the policyfile to resolve dependencies" do
+              resolver.expects(:resolve)
+
+              provisioner.create_sandbox
+            end
+
+            it "uses Kitchen.mutex for resolving" do
+              Kitchen.mutex.expects(:synchronize)
+
+              provisioner.create_sandbox
+            end
+
+            it "injects policyfile configuration into the dna.json" do
+              provisioner.create_sandbox
+
+              dna_json_file = File.join(provisioner.sandbox_path, "dna.json")
+              dna_json_data = JSON.parse(IO.read(dna_json_file))
+
+              expected = {
+                "policy_name" => "wat",
+                "policy_group" => "local"
+              }
+
+              dna_json_data.must_equal(expected)
+            end
+          end
+        end
+        describe "with a custom policyfile_path" do
+
+          let(:config) do
+            {
+              :policyfile_path => "foo-policy.rb",
+              :test_base_path => "/basist",
+              :kitchen_root => "/rooty"
+            }
+          end
+
+          before do
+            Kitchen::Provisioner::Chef::Policyfile.stubs(:load!)
+            Kitchen::Provisioner::Chef::Policyfile.stubs(:new).returns(resolver)
+            provisioner.stubs(:supports_policyfile?).returns(true)
+          end
+
+          describe "when the policyfile exists" do
+
+            let(:policyfile_path) { "#{kitchen_root}/foo-policy.rb" }
+            let(:policyfile_lock_path) { "#{kitchen_root}/foo-policy.lock.json" }
+
+            before do
+              File.open(policyfile_path, "wb") do |file|
+                file.write(<<-POLICYFILE)
+name 'wat'
+run_list 'wat'
+cookbook 'wat'
+POLICYFILE
+              end
+              File.open(policyfile_lock_path, "wb") do |file|
+                file.write(<<-POLICYFILE)
+{
+  "name": "wat"
+}
+POLICYFILE
+              end
+            end
+
+            it "uses uses the policyfile to resolve dependencies" do
+              Kitchen::Provisioner::Chef::Policyfile.stubs(:load!)
+              resolver.expects(:resolve)
+
+              provisioner.create_sandbox
+            end
+
+            it "passes the correct path to the policyfile resolver" do
+              Kitchen::Provisioner::Chef::Policyfile.
+                expects(:new).
+                with(policyfile_path, instance_of(String), anything).
+                returns(resolver)
+
+              Kitchen::Provisioner::Chef::Policyfile.stubs(:load!)
+              resolver.expects(:resolve)
+
+              provisioner.create_sandbox
+            end
+          end
+          describe "when the policyfile doesn't exist" do
+
+            it "raises a UserError" do
+              proc { provisioner.create_sandbox }.must_raise Kitchen::UserError
+            end
+
+          end
+          describe "when the policyfile lock doesn't exist" do
+            before do
+              File.open("#{kitchen_root}/Policyfile.rb", "wb") do |file|
+                file.write(<<-POLICYFILE)
+  name 'wat'
+  run_list 'wat'
+  cookbook 'wat'
+  POLICYFILE
+              end
+
+              it "runs `chef install` to generate the lock" do
+                resolver.expects(:compile)
+                provisioner.create_sandbox
+              end
+            end
+          end
+        end
+      end
+
       describe "with a Berksfile under kitchen_root" do
 
         let(:resolver) { stub(:resolve => true) }

data/spec/kitchen/transport/winrm_spec.rb

@@ -21,6 +21,7 @@ require_relative "../../spec_helper"
 require "kitchen/transport/winrm"
 require "winrm"
 require "winrm-fs"
+require "winrm-elevated"
 
 module Kitchen
 
@@ -108,6 +109,10 @@ describe Kitchen::Transport::Winrm do
     it "sets :winrm_transport to :negotiate" do
       transport[:winrm_transport].must_equal :negotiate
     end
+
+    it "sets :elevated to false" do
+      transport[:elevated].must_equal false
+    end
   end
 
   describe "#connection" do
@@ -326,6 +331,59 @@ describe Kitchen::Transport::Winrm do
         make_connection
       end
 
+      it "sets elevated_username from user by default" do
+        config[:username] = "user"
+
+        klass.expects(:new).with do |hash|
+          hash[:elevated_username] == "user"
+        end
+
+        make_connection
+      end
+
+      it "sets elevated_username from overriden elevated_username" do
+        config[:username] = "user"
+        config[:elevated_username] = "elevated_user"
+
+        klass.expects(:new).with do |hash|
+          hash[:elevated_username] == "elevated_user"
+        end
+
+        make_connection
+      end
+
+      it "sets elevated_password from user by default" do
+        config[:password] = "pass"
+
+        klass.expects(:new).with do |hash|
+          hash[:elevated_password] == "pass"
+        end
+
+        make_connection
+      end
+
+      it "sets elevated_password from overriden elevated_password" do
+        config[:password] = "pass"
+        config[:elevated_password] = "elevated_pass"
+
+        klass.expects(:new).with do |hash|
+          hash[:elevated_password] == "elevated_pass"
+        end
+
+        make_connection
+      end
+
+      it "sets elevated_password to nil if overriden elevated_password is nil" do
+        config[:password] = "pass"
+        config[:elevated_password] = nil
+
+        klass.expects(:new).with do |hash|
+          hash[:elevated_password].nil?
+        end
+
+        make_connection
+      end
+
       describe "when negotiate is set in config" do
         before do
           config[:winrm_transport] = "negotiate"
@@ -406,6 +464,31 @@ describe Kitchen::Transport::Winrm do
   end
 
   describe "#load_needed_dependencies" do
+    describe "winrm-elevated" do
+      let(:transport) { Kitchen::Transport::Winrm.new(config) }
+
+      before do
+        transport.stubs(:require).with("winrm")
+        transport.stubs(:require).with("winrm-fs")
+      end
+
+      describe "elevated is false" do
+        it "does not require winrm-elevated" do
+          transport.expects(:require).with("winrm-elevated").never
+          transport.finalize_config!(instance)
+        end
+      end
+
+      describe "elevated is true" do
+        before { config[:elevated] = true }
+
+        it "does requires winrm-elevated" do
+          transport.expects(:require).with("winrm-elevated")
+          transport.finalize_config!(instance)
+        end
+      end
+    end
+
     describe "winrm-fs" do
       before do
         # force loading of winrm-fs to get the version constant
@@ -656,6 +739,76 @@ describe Kitchen::Transport::Winrm::Connection do
       end
     end
 
+    describe "elevated command" do
+      let(:response) do
+        o = WinRM::Output.new
+        o[:exitcode] = 0
+        o[:data].concat([
+          { :stdout => "ok\r\n" },
+          { :stderr => "congrats\r\n" }
+        ])
+        o
+      end
+      let(:env_temp_response) do
+        o = WinRM::Output.new
+        o[:exitcode] = 0
+        o[:data].concat([
+          { :stdout => "temp_dir" }
+        ])
+        o
+      end
+      let(:elevated_runner) do
+        r = mock("elevated_runner")
+        r.responds_like_instance_of(WinRM::Elevated::Runner)
+        r
+      end
+
+      before do
+        options[:elevated] = true
+        WinRM::Elevated::Runner.stubs(:new).with(executor).returns(elevated_runner)
+      end
+
+      describe "elevated user is not login user" do
+        before do
+          options[:elevated_username] = "username"
+          options[:elevated_password] = "password"
+          executor.expects(:run_powershell_script).
+            with("$env:temp").returns(env_temp_response)
+          elevated_runner.expects(:powershell_elevated).
+            with(
+              "$env:temp='temp_dir';doit",
+              options[:elevated_username],
+              options[:elevated_password]
+            ).yields("ok\n", nil).returns(response)
+        end
+
+        it "logger captures stdout" do
+          connection.execute("doit")
+
+          logged_output.string.must_match(/^ok$/)
+        end
+      end
+
+      describe "elevator user is login user" do
+        before do
+          options[:elevated_username] = options[:user]
+          options[:elevated_password] = options[:pass]
+          elevated_runner.expects(:powershell_elevated).
+            with(
+              "doit",
+              options[:elevated_username],
+              options[:elevated_password]
+            ).yields("ok\n", nil).returns(response)
+        end
+
+        it "logger captures stdout" do
+          connection.execute("doit")
+
+          logged_output.string.must_match(/^ok$/)
+        end
+      end
+    end
+
     describe "long command" do
       let(:command) { %{Write-Host "#{"a" * 4000}"} }
 

data/test-kitchen.gemspec

@@ -34,6 +34,7 @@ Gem::Specification.new do |gem|
   gem.add_development_dependency "pry-byebug"
   gem.add_development_dependency "pry-stack_explorer"
   gem.add_development_dependency "winrm", "~> 1.6"
+  gem.add_development_dependency "winrm-elevated", "~> 0.4.0"
   gem.add_development_dependency "winrm-fs", "~> 0.4.1"
 
   gem.add_development_dependency "bundler",   "~> 1.3"

data/testing_windows.md

@@ -9,6 +9,7 @@ Ensure that the cookbook's root directory includes a `Gemfile` that includes you
 gem 'test-kitchen', git: 'https://github.com/mwrock/test-kitchen', branch: 'winrm-fs'
 gem 'winrm', '~> 1.6'
 gem 'winrm-fs', '~> 0.4.1'
+gem 'winrm-elevated', '~> 0.4.0'
 ```
 The above would target the `winrm-fs` branch in mwrock's test-kitchen repo.
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: test-kitchen
 version: !ruby/object:Gem::Version
-  version: 1.7.3
+  version: 1.8.0
 platform: ruby
 authors:
 - Fletcher Nichol
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-13 00:00:00.000000000 Z
+date: 2016-05-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mixlib-shellout
@@ -168,6 +168,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1.6'
+- !ruby/object:Gem::Dependency
+  name: winrm-elevated
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   name: winrm-fs
   requirement: !ruby/object:Gem::Requirement
@@ -465,6 +479,7 @@ files:
 - lib/kitchen/provisioner/chef/berkshelf.rb
 - lib/kitchen/provisioner/chef/common_sandbox.rb
 - lib/kitchen/provisioner/chef/librarian.rb
+- lib/kitchen/provisioner/chef/policyfile.rb
 - lib/kitchen/provisioner/chef_apply.rb
 - lib/kitchen/provisioner/chef_base.rb
 - lib/kitchen/provisioner/chef_solo.rb
@@ -587,7 +602,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.6.3
 signing_key: 
 specification_version: 4
 summary: Test Kitchen is an integration tool for developing and testing infrastructure