Fix unit test failures in script spec, functional in user_context spec due to stubbing / platform issues

2 files changed, 51 insertions, 8 deletions

diff --git a/spec/functional/mixin/user_context_spec.rb b/spec/functional/mixin/user_context_spec.rb
index 53f766271c..7055360656 100644
--- a/spec/functional/mixin/user_context_spec.rb
+++ b/spec/functional/mixin/user_context_spec.rb
@@ -17,8 +17,8 @@
 
 require 'spec_helper'
 
-require 'chef/win32/api'
-require 'chef/win32/api/error'
+require 'chef/win32/api' if Chef::Platform.windows?
+require 'chef/win32/api/error' if Chef::Platform.windows?
 require 'chef/mixin/user_context'
 
 describe Chef::Mixin::UserContext, windows_only: true do
diff --git a/spec/unit/provider/script_spec.rb b/spec/unit/provider/script_spec.rb
index 7cc5abbd15..12eee2f7f3 100644
--- a/spec/unit/provider/script_spec.rb
+++ b/spec/unit/provider/script_spec.rb
@@ -56,12 +56,55 @@ describe Chef::Provider::Script, "action_run" do
     end
   end
 
-  context "#set_owner_and_group" do
-    it "sets the owner and group for the script file" do
-      new_resource.user 'toor'
-      new_resource.group 'wheel'
-      expect(FileUtils).to receive(:chown).with('toor', 'wheel', tempfile.path)
-      provider.set_owner_and_group
+  context "when configuring the script file's security" do
+    context 'when not running on Windows' do
+      before do
+        allow(::Chef::Platform).to receive(:windows?).and_return(false)
+      end
+      context "#set_owner_and_group" do
+        it "sets the owner and group for the script file" do
+          new_resource.user 'toor'
+          new_resource.group 'wheel'
+          expect(FileUtils).to receive(:chown).with('toor', 'wheel', tempfile.path)
+          provider.set_owner_and_group
+        end
+      end
+    end
+
+    context 'when running on Windows' do
+      before do
+        allow(::Chef::Platform).to receive(:windows?).and_return(true)
+        expect(new_resource.user).to eq(nil)
+        stub_const('Chef::ReservedNames::Win32::API::Security::GENERIC_READ', 1)
+        stub_const('Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE', 4)
+        stub_const('Chef::ReservedNames::Win32::Security', Class.new)
+        stub_const('Chef::ReservedNames::Win32::Security::SecurableObject', Class.new)
+        stub_const('Chef::ReservedNames::Win32::Security::SID', Class.new)
+        stub_const('Chef::ReservedNames::Win32::Security::ACE', Class.new)
+        stub_const('Chef::ReservedNames::Win32::Security::ACL', Class.new)
+      end
+
+      context "when an alternate user is not specified" do
+        it "does not attempt to set the script file's security descriptor" do
+          expect(provider).to receive(:grant_alternate_user_read_access)
+          expect(Chef::ReservedNames::Win32::Security::SecurableObject).not_to receive(:new)
+          provider.set_owner_and_group
+        end
+      end
+
+      context "when an alternate user is specified" do
+        let(:security_descriptor) { instance_double('Chef::ReservedNames::Win32::Security::SecurityDescriptor', :dacl => []) }
+        let(:securable_object) { instance_double('Chef::ReservedNames::Win32::Security::SecurableObject', :security_descriptor => security_descriptor, :dacl= => nil) }
+        it "sets the script file's security descriptor" do
+          new_resource.user('toor')
+          expect(Chef::ReservedNames::Win32::Security::SecurableObject).to receive(:new).and_return(securable_object)
+          expect(Chef::ReservedNames::Win32::Security::SID).to receive(:from_account).and_return(nil)
+          expect(Chef::ReservedNames::Win32::Security::ACE).to receive(:access_allowed).and_return(nil)
+          expect(Chef::ReservedNames::Win32::Security::ACL).to receive(:create).and_return(nil)
+          expect(securable_object).to receive(:dacl=)
+          provider.set_owner_and_group
+        end
+      end
     end
   end