diff options
author | Bryan McLellan <btm@loftninjas.org> | 2017-02-08 21:40:12 -0500 |
---|---|---|
committer | Bryan McLellan <btm@loftninjas.org> | 2017-02-08 22:52:59 -0500 |
commit | 9f9838432077d12a38d096b6a4c789bc56ab5ae0 (patch) | |
tree | d608544c2018b2d909abd2b1c125101b91ec1081 | |
parent | 05b5f4ae2b27bfd759c960ad1378a61e9895b606 (diff) | |
download | chef-btm/fix-windows-functional-tests.tar.gz |
Fix functional tests for alternate user supportbtm/fix-windows-functional-tests
On Windows you need the SeAssignPrimaryTokenPrivilege right to use
CreateProcessAsUser when running under a service, even if you're an
Administrator. This makes these functional tests not run under Jenkins if
the jenkins user does not have this right.
Signed-off-by: Bryan McLellan <btm@loftninjas.org>
-rw-r--r-- | spec/spec_helper.rb | 1 | ||||
-rw-r--r-- | spec/support/platform_helpers.rb | 6 | ||||
-rw-r--r-- | spec/support/shared/functional/execute_resource.rb | 4 | ||||
-rw-r--r-- | spec/support/shared/functional/windows_script.rb | 2 |
4 files changed, 10 insertions, 3 deletions
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 9fd8e935c7..2456d3d890 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -152,6 +152,7 @@ RSpec.configure do |config| config.filter_run_excluding :windows_powershell_no_dsc_only => true unless ! windows_powershell_dsc? config.filter_run_excluding :windows_domain_joined_only => true unless windows_domain_joined? config.filter_run_excluding :windows_not_domain_joined_only => true if windows_domain_joined? + config.filter_run_excluding :windows_service_requires_assign_token => true if !STDOUT.isatty && !windows_user_right?("SeAssignPrimaryTokenPrivilege") config.filter_run_excluding :solaris_only => true unless solaris? config.filter_run_excluding :system_windows_service_gem_only => true unless system_windows_service_gem? config.filter_run_excluding :unix_only => true unless unix? diff --git a/spec/support/platform_helpers.rb b/spec/support/platform_helpers.rb index 14f883da74..3dfabf91a7 100644 --- a/spec/support/platform_helpers.rb +++ b/spec/support/platform_helpers.rb @@ -92,6 +92,12 @@ def windows_nano_server? Chef::Platform.windows_nano_server? end +def windows_user_right?(right) + return false unless windows? + require 'chef/win32/security' + Chef::ReservedNames::Win32::Security.get_account_right(ENV["USERNAME"]).include?(right) +end + def mac_osx_106? if File.exists? "/usr/bin/sw_vers" result = ShellHelpers.shell_out("/usr/bin/sw_vers") diff --git a/spec/support/shared/functional/execute_resource.rb b/spec/support/shared/functional/execute_resource.rb index 3f9dd8af5c..4f7cea1cd1 100644 --- a/spec/support/shared/functional/execute_resource.rb +++ b/spec/support/shared/functional/execute_resource.rb @@ -68,7 +68,7 @@ shared_context "a command that can be executed as an alternate user" do end shared_examples_for "an execute resource that supports alternate user identity" do - context "when running on Windows", :windows_only do + context "when running on Windows", :windows_only, :windows_service_requires_assign_token do include_context "a command that can be executed as an alternate user" @@ -102,7 +102,7 @@ shared_examples_for "an execute resource that supports alternate user identity" end shared_examples_for "a resource with a guard specifying an alternate user identity" do - context "when running on Windows", :windows_only do + context "when running on Windows", :windows_only, :windows_service_requires_assign_token do include_context "alternate user identity" let(:resource_command_property) { :command } diff --git a/spec/support/shared/functional/windows_script.rb b/spec/support/shared/functional/windows_script.rb index 8a9a19d4ad..c141fed158 100644 --- a/spec/support/shared/functional/windows_script.rb +++ b/spec/support/shared/functional/windows_script.rb @@ -182,7 +182,7 @@ shared_context Chef::Resource::WindowsScript do it_behaves_like "a script that cannot be accessed by other users if they are not administrators" end - context "the script is executed with an alternate non-admin identity" do + context "the script is executed with an alternate non-admin identity", :windows_service_requires_assign_token do include_context "alternate user identity" before do |