Merge pull request #8526 from chef/btm/14-MSYS-996

Chef 14: Fix for Chef::Exceptions::Win32APIError: The operation completed successfully

7 files changed, 176 insertions, 96 deletions

diff --git a/.travis.yml b/.travis.yml
index 84e7159134..4e4bdccfc6 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -125,18 +125,9 @@ matrix:
     script: bundle exec tasks/bin/run_external_test $TEST_GEM master rake
     rvm: 2.5.5
   - env:
-      TEST_GEM: poise/halite
-    script: bundle exec tasks/bin/run_external_test $TEST_GEM master rake spec
-    rvm: 2.5.5
-  - env:
       TEST_GEM: chef/knife-windows
     script: bundle exec tasks/bin/run_external_test $TEST_GEM master rake unit_spec
     rvm: 2.5.5
-  # disable this pending a Chef 14 compat version of poise
-  # - env:
-  #     TEST_GEM: poise/poise
-  #   script: bundle exec tasks/bin/run_external_test $TEST_GEM master rake spec
-  #   rvm: 2.5.5
   ### START TEST KITCHEN ONLY ###
   - rvm: 2.5.5
     services: docker
@@ -154,7 +145,7 @@ matrix:
       - cat .kitchen/logs/kitchen.log
     env:
       - AMAZON=2
-      - KITCHEN_YAML=kitchen.travis.yml
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -171,7 +162,7 @@ matrix:
       - cat .kitchen/logs/kitchen.log
     env:
       - AMAZON=201X
-      - KITCHEN_YAML=kitchen.travis.yml
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -183,12 +174,12 @@ matrix:
       - sudo iptables -L DOCKER || ( echo "DOCKER iptables chain missing" ; sudo iptables -N DOCKER )
       - cd kitchen-tests
     script:
-      - bundle exec kitchen test end-to-end-ubuntu-1404
+      - bundle exec kitchen test end-to-end-ubuntu-1604
     after_failure:
       - cat .kitchen/logs/kitchen.log
     env:
-      - UBUNTU=14.04
-      - KITCHEN_YAML=kitchen.travis.yml
+      - UBUNTU=16.04
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -200,12 +191,12 @@ matrix:
       - sudo iptables -L DOCKER || ( echo "DOCKER iptables chain missing" ; sudo iptables -N DOCKER )
       - cd kitchen-tests
     script:
-      - bundle exec kitchen test end-to-end-ubuntu-1604
+      - bundle exec kitchen test end-to-end-ubuntu-1804
     after_failure:
       - cat .kitchen/logs/kitchen.log
     env:
-      - UBUNTU=16.04
-      - KITCHEN_YAML=kitchen.travis.yml
+      - UBUNTU=18.04
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -217,12 +208,12 @@ matrix:
       - sudo iptables -L DOCKER || ( echo "DOCKER iptables chain missing" ; sudo iptables -N DOCKER )
       - cd kitchen-tests
     script:
-      - bundle exec kitchen test end-to-end-ubuntu-1804
+      - bundle exec kitchen test end-to-end-debian-8
     after_failure:
       - cat .kitchen/logs/kitchen.log
     env:
-      - UBUNTU=18.04
-      - KITCHEN_YAML=kitchen.travis.yml
+      - DEBIAN=8
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -234,12 +225,12 @@ matrix:
       - sudo iptables -L DOCKER || ( echo "DOCKER iptables chain missing" ; sudo iptables -N DOCKER )
       - cd kitchen-tests
     script:
-      - bundle exec kitchen test end-to-end-debian-8
+      - bundle exec kitchen test end-to-end-debian-9
     after_failure:
       - cat .kitchen/logs/kitchen.log
     env:
-      - DEBIAN=8
-      - KITCHEN_YAML=kitchen.travis.yml
+      - DEBIAN=9
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -251,12 +242,12 @@ matrix:
       - sudo iptables -L DOCKER || ( echo "DOCKER iptables chain missing" ; sudo iptables -N DOCKER )
       - cd kitchen-tests
     script:
-      - bundle exec kitchen test end-to-end-debian-9
+      - bundle exec kitchen test end-to-end-debian-10
     after_failure:
       - cat .kitchen/logs/kitchen.log
     env:
-      - DEBIAN=9
-      - KITCHEN_YAML=kitchen.travis.yml
+      - DEBIAN=10
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -273,7 +264,7 @@ matrix:
       - cat .kitchen/logs/kitchen.log
     env:
       - CENTOS=6
-      - KITCHEN_YAML=kitchen.travis.yml
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -290,7 +281,7 @@ matrix:
       - cat .kitchen/logs/kitchen.log
     env:
       - CENTOS=7
-      - KITCHEN_YAML=kitchen.travis.yml
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -307,7 +298,7 @@ matrix:
       - cat .kitchen/logs/kitchen.log
     env:
       - FEDORA=latest
-      - KITCHEN_YAML=kitchen.travis.yml
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -324,7 +315,7 @@ matrix:
       - cat .kitchen/logs/kitchen.log
     env:
      - OPENSUSELEAP=42
-     - KITCHEN_YAML=kitchen.travis.yml
+     - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     sudo: required
     before_install:
@@ -362,7 +353,7 @@ matrix:
       - cat .kitchen/logs/kitchen.log
     env:
       - RSPEC_CENTOS=7
-      - KITCHEN_YAML=kitchen.travis.yml
+      - KITCHEN_YAML=kitchen.yml
   - rvm: 2.5.5
     services: docker
     sudo: required
@@ -379,7 +370,7 @@ matrix:
       - cat .kitchen/logs/kitchen.log
     env:
      - RSPEC_OPENSUSELEAP=42
-     - KITCHEN_YAML=kitchen.travis.yml
+     - KITCHEN_YAML=kitchen.yml
   allow_failures:
     - rvm: 2.5.5
       services: docker
@@ -397,11 +388,7 @@ matrix:
         - cat .kitchen/logs/kitchen.log
       env:
        - RSPEC_OPENSUSELEAP=42
-       - KITCHEN_YAML=kitchen.travis.yml
-    - env:
-        TEST_GEM: poise/halite
-      script: bundle exec tasks/bin/run_external_test $TEST_GEM master rake spec
-      rvm: 2.5.5
+       - KITCHEN_YAML=kitchen.yml
 
 notifications:
   on_change: true
diff --git a/kitchen-tests/Gemfile b/kitchen-tests/Gemfile
index c571298fc2..002dcd3935 100644
--- a/kitchen-tests/Gemfile
+++ b/kitchen-tests/Gemfile
@@ -4,8 +4,8 @@ gem "rake" # required to build some native extensions
 gem "chef", path: ".."
 gem "ohai", git: "https://github.com/chef/ohai.git", branch: "14-stable" # avoids failures when we bump chef major
 gem "berkshelf", git: "https://github.com/berkshelf/berkshelf.git", branch: "master"
-gem "kitchen-appbundle-updater"
-gem "kitchen-dokken", "< 2.0" # 2.x fails atm: https://travis-ci.org/chef/chef/jobs/199125787
+gem "kitchen-dokken", "~> 2.0"
+gem "kitchen-docker", git: "https://github.com/test-kitchen/kitchen-docker.git", branch: "master"
 gem "kitchen-inspec", git: "https://github.com/chef/kitchen-inspec.git", branch: "master"
 gem "kitchen-vagrant", git: "https://github.com/test-kitchen/kitchen-vagrant.git", branch: "master"
 gem "test-kitchen", git: "https://github.com/test-kitchen/test-kitchen.git", branch: "master"
diff --git a/kitchen-tests/README.md b/kitchen-tests/README.md
index 95234ca383..9bf20a8fab 100644
--- a/kitchen-tests/README.md
+++ b/kitchen-tests/README.md
@@ -4,7 +4,7 @@ Here we seek to provide end-to-end testing of Chef Client through cookbooks whic
 
 ## Getting started
 
-All the gems needed to run these tests can be installed with Bundler.
+These tests run in Docker containers so make sure to install Docker on your workstation. Once docker is installed all the gems needed to run these tests can be installed with Bundler.
 
 ```shell
 chef/kitchen-tests$ bundle install
@@ -19,21 +19,21 @@ chef/kitchen-tests$ bundle exec kitchen list
 You should see output similar to
 
 ```shell
-Instance                     Driver   Provisioner  Verifier  Transport  Last Action    Last Error
-end-to-end-amazonlinux       Vagrant  ChefGithub   Inspec    Ssh        <Not Created>  <None>
+Instance                  Driver  Provisioner  Verifier  Transport  Last Action    Last Error
+end-to-end-amazonlinux    Dokken  Dokken       Inspec    Dokken     <Not Created>  <None>
 ```
 
 ## Testing
 
-We use Test Kitchen to build instances, test client code, and destroy instances. If you are unfamiliar with Test Kitchen we recommend checking out the [tutorial](http://kitchen.ci/) along with the `kitchen-vagrant` [driver documentation](https://github.com/test-kitchen/kitchen-vagrant). Test Kitchen is configured to manipulate instances using [Vagrant](https://www.vagrantup.com/) when testing locally, and Docker via [kitchen-dokken](https://github.com/someara/kitchen-dokken/) when testing pull requests on [Travis CI](https://travis-ci.com/).
+We use Test Kitchen to build instances, test client code, and destroy instances. If you are unfamiliar with Test Kitchen we recommend checking out the [tutorial](http://kitchen.ci/) along with the `kitchen-dokken` [driver documentation](https://github.com/someara/kitchen-dokken). Test Kitchen is configured to manipulate instances using [Docker](https://www.docker.com/) when testing locally and when testing pull requests on [Travis CI](https://travis-ci.com/).
 
 ### Commands
 
 Kitchen instances are led through a series of states. The instance states, and the actions taken to transition into each state, are in order:
 
-- `destroy`: Delete all information for and terminate one or more instances. 
+- `destroy`: Delete all information for and terminate one or more instances.
 	- This is equivalent to running `vagrant destroy` to stop and delete a Vagrant machine.
-- `create`: Start one or more instances. 
+- `create`: Start one or more instances.
 	- This is equivalent to running `vagrant up --no-provision` to start a Vagrant instance.
 - `converge`: Use a provisioner to configure one or more instances.
   - By default, Test Kitchen is configured to use the `ChefSolo` provisioner which:
@@ -53,7 +53,7 @@ To see a list of available commands, type `bundle exec kitchen help`. To see mor
 
 ### Configuring your tests
 
-Test Kitchen is configured for local testing in the `kitchen.yml` file which resides in this directory. You will need to configure the provisioner before running the tests.
+Test Kitchen is configured in the `kitchen.yml` file which resides in this directory. You will need to configure the provisioner before running the tests.
 
 The provisioner can be configured to pull client source code from a GitHub repository using any valid Git reference. You are encouraged to modify any of these settings, but please return them to their original values before submitting a pull request for review (unless, of course, your changes are enhancements to the default provisioner settings).
 
@@ -66,8 +66,8 @@ The branch you choose must be accessible on GitHub. You cannot use a local commi
 
 ### Testing pull requests
 
-These end-to-end tests are also configured to run on Travis-CI with docker containers when you submit a pull request to `chef/chef`. Kitchen is configured to pull chef client source code from the branch it is testing. There is no need to modify `kitchen.travis.yml` unless you are contributing tests.
+These end-to-end tests are also configured to run on Travis-CI with docker containers when you submit a pull request to `chef/chef`. Kitchen is configured to pull chef client source code from the branch it is testing. There is no need to modify `kitchen.yml` unless you are contributing tests.
 
 ## Contributing
 
-We would love to fill out our end-to-end testing coverage! If you have cookbooks and tests that you would like to see become a part of client testing, we encourage you to submit a pull request with your additions. We request that you do not add platforms to `kitchen.travis.yml`. Please file a request to add a platform under [Issues](https://github.com/chef/chef/issues).
+We would love to fill out our end-to-end testing coverage! If you have cookbooks and tests that you would like to see become a part of client testing, we encourage you to submit a pull request with your additions. We request that you do not add platforms to `kitchen.yml`. Please file a request to add a platform under [Issues](https://github.com/chef/chef/issues).
diff --git a/kitchen-tests/kitchen.travis.yml b/kitchen-tests/kitchen.travis.yml
index db9323e4a6..64ff400887 100644
--- a/kitchen-tests/kitchen.travis.yml
+++ b/kitchen-tests/kitchen.travis.yml
@@ -9,22 +9,16 @@ transport:
   name: dokken
 
 provisioner:
-  name: chef_github
-  root_path: /opt/kitchen
-  require_chef_omnibus: latest
-  chef_omnibus_url: "https://omnitruck.chef.io/install.sh"
-  chef_omnibus_install_options: "-c current"
-  github_owner: "chef"
-  github_repo: "chef"
-  refname: <%= ENV['TRAVIS_COMMIT'] %>
-  ohai_refname: "master"
-  github_access_token: <%= ENV['KITCHEN_GITHUB_TOKEN'] %>
-  data_path: test/fixtures
-  chef_license: "accept-no-persist"
-# disable file provider diffs so we don't overflow travis' line limit
+  name: dokken
   client_rb:
     diff_disabled: true
 
+lifecycle:
+  pre_converge:
+    - remote: /opt/chef/embedded/bin/gem install appbundle-updater
+    - remote: /opt/chef/embedded/bin/appbundle-updater chef ohai <%= File.readlines('../Gemfile.lock', File.expand_path(File.dirname(__FILE__))).find { |l| l =~ /^\s+ohai \((\d+\.\d+\.\d+)\)/ }; 'v' + $1 %> --tarball --github chef/ohai
+    - remote: /opt/chef/embedded/bin/appbundle-updater chef chef <%= ENV['TRAVIS_COMMIT'] %> --tarball --github chef/chef
+
 verifier:
   name: inspec
   format: progress
@@ -80,13 +74,6 @@ platforms:
     intermediate_instructions:
       - RUN sed -i -e "s/Defaults.*requiretty.*/Defaults    !requiretty/g" /etc/sudoers
 
-- name: ubuntu-14.04
-  driver:
-    image: dokken/ubuntu-14.04
-    pid_one_command: /sbin/init
-    intermediate_instructions:
-      - RUN /usr/bin/apt-get update
-
 - name: ubuntu-16.04
   driver:
     image: dokken/ubuntu-16.04
diff --git a/kitchen-tests/kitchen.yml b/kitchen-tests/kitchen.yml
index 0c49201927..3893f082bd 100644
--- a/kitchen-tests/kitchen.yml
+++ b/kitchen-tests/kitchen.yml
@@ -1,41 +1,122 @@
 ---
 driver:
-  name: vagrant
-  customize:
-    cpus: 4
-    memory: 2048
+  name: dokken
+  privileged: true
+  chef_image: chef/chef
+  chef_version: current
 
-verifier:
-  name: inspec
-  format: progress
+transport:
+  name: dokken
 
 provisioner:
-  name: chef_github
-  chef_omnibus_url: "https://omnitruck.chef.io/install.sh"
-  chef_omnibus_install_options: "-c current -v 14"
-  github_owner: "chef"
-  github_repo: "chef"
-  ohai_refname: "master"
-  refname: <%= %x(git rev-parse HEAD) %>
-  chef_license: "accept-no-persist"
+  name: dokken
   client_rb:
     diff_disabled: true
 
+lifecycle:
+  pre_converge:
+    - remote: echo "Chef container's Chef / Ohai release:"
+    - remote: /opt/chef/embedded/bin/chef-client -v
+    - remote: /opt/chef/embedded/bin/ohai -v
+    - remote: /opt/chef/embedded/bin/gem uninstall -x chef-bin # appbundle-updater doesn't remove this when downgrading to 14
+    - remote: /opt/chef/embedded/bin/gem install appbundler appbundle-updater
+    - remote: /opt/chef/embedded/bin/appbundle-updater chef ohai <%= File.readlines('../Gemfile.lock', File.expand_path(File.dirname(__FILE__))).find { |l| l =~ /^\s+ohai \((\d+\.\d+\.\d+)\)/ }; 'v' + $1 %> --tarball --github chef/ohai
+    - remote: /opt/chef/embedded/bin/appbundle-updater chef chef <%= ENV['TRAVIS_COMMIT']  || %x(git rev-parse HEAD).chomp %> --tarball --github chef/chef
+    - remote: echo "Installed Chef / Ohai release:"
+    - remote: /opt/chef/embedded/bin/chef-client -v
+    - remote: /opt/chef/embedded/bin/ohai -v
+
+verifier:
+  name: inspec
+  format: progress
+
 platforms:
-  - name: amazonlinux
-    driver_config:
-      box: mvbcoding/awslinux
-  - name: centos-6
-  - name: centos-7
-  - name: debian-8
-  - name: debian-9
-  - name: opensuse-leap-42
-  - name: ubuntu-14.04
-  - name: ubuntu-16.04
-  - name: ubuntu-18.04
+- name: amazonlinux
+  driver:
+    image: dokken/amazonlinux
+    pid_one_command: /sbin/init
+    intermediate_instructions:
+      - RUN sed -i -e "s/Defaults.*requiretty.*/Defaults    !requiretty/g" /etc/sudoers
+
+- name: amazonlinux-2
+  driver:
+    image: dokken/amazonlinux-2
+    pid_one_command: /usr/lib/systemd/systemd
+    intermediate_instructions:
+      - RUN sed -i -e "s/Defaults.*requiretty.*/Defaults    !requiretty/g" /etc/sudoers
+
+- name: debian-8
+  driver:
+    image: dokken/debian-8
+    pid_one_command: /bin/systemd
+    intermediate_instructions:
+      - RUN /usr/bin/apt-get update
+
+- name: debian-9
+  driver:
+    image: dokken/debian-9
+    pid_one_command: /bin/systemd
+    intermediate_instructions:
+      - RUN /usr/bin/apt-get update
+
+- name: debian-10
+  driver:
+    image: dokken/debian-10
+    pid_one_command: /bin/systemd
+    intermediate_instructions:
+      - RUN /usr/bin/apt-get update
+
+- name: centos-6
+  driver:
+    image: dokken/centos-6
+    pid_one_command: /sbin/init
+    intermediate_instructions:
+      - RUN sed -i -e "s/Defaults.*requiretty.*/Defaults    !requiretty/g" /etc/sudoers
+
+- name: centos-7
+  driver:
+    image: dokken/centos-7
+    pid_one_command: /usr/lib/systemd/systemd
+    intermediate_instructions:
+      - RUN yum -y install e2fsprogs
+      - RUN sed -i -e "s/Defaults.*requiretty.*/Defaults    !requiretty/g" /etc/sudoers
+
+- name: fedora-latest
+  driver:
+    image: dokken/fedora-latest
+    pid_one_command: /usr/lib/systemd/systemd
+    intermediate_instructions:
+      - RUN sed -i -e "s/Defaults.*requiretty.*/Defaults    !requiretty/g" /etc/sudoers
+
+- name: ubuntu-16.04
+  driver:
+    image: dokken/ubuntu-16.04
+    pid_one_command: /bin/systemd
+    intermediate_instructions:
+      - RUN /usr/bin/apt-get update
+
+- name: ubuntu-18.04
+  driver:
+    image: dokken/ubuntu-18.04
+    pid_one_command: /bin/systemd
+    intermediate_instructions:
+      - RUN /usr/bin/apt-get update
+
+- name: opensuse-leap
+  driver:
+    image: dokken/opensuse-leap
+    pid_one_command: /bin/systemd
+    intermediate_instructions:
+      - RUN /usr/bin/zypper --non-interactive update
+      - RUN /usr/bin/zypper --non-interactive install cron
 
 suites:
   - name: end-to-end
     run_list:
       - recipe[end_to_end::default]
-      - recipe[end_to_end::tests]
+  - name: rspec
+    run_list:
+      - recipe[rspec]
+    lifecycle:
+      post_converge:
+        - remote: /usr/local/bin/run-chef-rspec
diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb
index 879aba7f2b..a633721839 100644
--- a/lib/chef/win32/security.rb
+++ b/lib/chef/win32/security.rb
@@ -404,7 +404,7 @@ class Chef
         system_name = system_name.to_wstring if system_name
         if LookupAccountNameW(system_name, name.to_wstring, nil, sid_size, nil, referenced_domain_name_size, nil)
           raise "Expected ERROR_INSUFFICIENT_BUFFER from LookupAccountName, and got no error!"
-        elsif FFI::LastError.error != ERROR_INSUFFICIENT_BUFFER
+        elsif !([NO_ERROR, ERROR_INSUFFICIENT_BUFFER].include?(FFI::LastError.error))
           Chef::ReservedNames::Win32::Error.raise!
         end
 
diff --git a/spec/unit/win32/security_spec.rb b/spec/unit/win32/security_spec.rb
index b5e441f2a0..3c612aef10 100644
--- a/spec/unit/win32/security_spec.rb
+++ b/spec/unit/win32/security_spec.rb
@@ -106,4 +106,29 @@ describe "Chef::Win32::Security", :windows_only do
       expect { Chef::ReservedNames::Win32::Security.get_token_information_elevation_type(token) }.to raise_error(Chef::Exceptions::Win32APIError)
     end
   end
+
+  describe "self.lookup_account_name" do
+    let(:security_class) { Chef::ReservedNames::Win32::Security }
+
+    context "when FFI::LastError.error result is ERROR_INSUFFICIENT_BUFFER" do
+      it "does not raise the exception" do
+        expect(FFI::LastError).to receive(:error).and_return(122)
+        expect { security_class.lookup_account_name "system" }.to_not raise_error
+      end
+    end
+
+    context "when operation completed successfully and FFI::LastError.error result is NO_ERROR" do
+      it "does not raise the exception" do
+        expect(FFI::LastError).to receive(:error).and_return(0)
+        expect { security_class.lookup_account_name "system" }.to_not raise_error
+      end
+    end
+
+    context "when FFI::LastError.error result is not ERROR_INSUFFICIENT_BUFFER and not NO_ERROR" do
+      it "raises Chef::ReservedNames::Win32::Error.raise! exception" do
+        expect(FFI::LastError).to receive(:error).and_return(123).at_least(:once)
+        expect { security_class.lookup_account_name "system" }.to raise_error
+      end
+    end
+  end
 end