Fixed bugs, review comments and specs

Signed-off-by: nimisha <nimisha.sharad@msystechnologies.com>

5 files changed, 41 insertions, 14 deletions

diff --git a/lib/chef/mixin/user_identity.rb b/lib/chef/mixin/user_identity.rb
index 8cb8f72ed6..bc8626ac65 100644
--- a/lib/chef/mixin/user_identity.rb
+++ b/lib/chef/mixin/user_identity.rb
@@ -53,18 +53,27 @@ class Chef
           raise ArgumentError, "The domain `#{specified_domain}` was specified, but no user name was given"
         end
 
+        # if domain is provided in both username and domain
+        if specified_user && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain
+          raise ArgumentError, "The domain is provided twice. Username: `#{specified_user}`, Domain: `#{specified_domain}`. Please specify domain only once."
+        end
+
         if ! specified_user.nil? && specified_domain.nil?
+          # Splitting username of format: Domain\Username
           domain_and_user = user.split('\\')
 
-          if domain_and_user.length == 1
-            domain_and_user = user.split("@")
-          end
-
           if domain_and_user.length == 2
             domain = domain_and_user[0]
             user = domain_and_user[1]
-          elsif domain_and_user.length != 1
-            raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name"
+          elsif domain_and_user.length == 1
+            # Splitting username of format: Username@Domain
+            domain_and_user = user.split("@")
+            if domain_and_user.length == 2
+              domain = domain_and_user[1]
+              user = domain_and_user[0]
+            elsif domain_and_user.length != 1
+              raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name"
+            end
           end
         end
 
diff --git a/lib/chef/provider/execute.rb b/lib/chef/provider/execute.rb
index c2498ab90b..5494405a02 100644
--- a/lib/chef/provider/execute.rb
+++ b/lib/chef/provider/execute.rb
@@ -43,6 +43,10 @@ class Chef
 
       def define_resource_requirements
         # @todo: this should change to raise in some appropriate major version bump.
+        requirements.assert(:all_actions) do |a|
+          a.assertion { validate_identity(new_resource.user, new_resource.password, new_resource.domain) }
+        end
+
         if creates && creates_relative? && !cwd
           Chef::Log.warn "Providing a relative path for the creates attribute without the cwd is deprecated and will be changed to fail in the future (CHEF-3819)"
         end
@@ -55,7 +59,11 @@ class Chef
       end
 
       def action_run
-        validate_identity(new_resource.user, new_resource.password, new_resource.domain)
+        # parse username if it's in the following format: domain/username or username@domain
+        identity = qualify_user(new_resource.user, new_resource.domain)
+        new_resource.user identity[:user]
+        new_resource.domain identity[:domain]
+
         if creates && sentinel_file.exist?
           Chef::Log.debug("#{new_resource} sentinel file #{sentinel_file} exists - nothing to do")
           return false
diff --git a/spec/support/shared/functional/execute_resource.rb b/spec/support/shared/functional/execute_resource.rb
index 6561f95ec1..3f9dd8af5c 100644
--- a/spec/support/shared/functional/execute_resource.rb
+++ b/spec/support/shared/functional/execute_resource.rb
@@ -76,12 +76,12 @@ shared_examples_for "an execute resource that supports alternate user identity"
     let(:windows_current_user_qualified) { "#{ENV['USERDOMAIN'] || ENV['COMPUTERNAME']}\\#{windows_current_user}" }
     let(:resource_identity_command) { "powershell.exe -noprofile -command \"import-module microsoft.powershell.utility;([Security.Principal.WindowsPrincipal]([Security.Principal.WindowsIdentity]::GetCurrent())).identity.name | out-file -encoding ASCII '#{script_output_path}'\"" }
 
-    let(:execute_resource) {
+    let(:execute_resource) do
       resource.user(windows_alternate_user)
       resource.password(windows_alternate_user_password)
       resource.send(resource_command_property, resource_identity_command)
       resource
-    }
+    end
 
     it "executes the process as an alternate user" do
       expect(windows_current_user.length).to be > 0
diff --git a/spec/support/shared/functional/windows_script.rb b/spec/support/shared/functional/windows_script.rb
index 4bd6bdf230..8a9a19d4ad 100644
--- a/spec/support/shared/functional/windows_script.rb
+++ b/spec/support/shared/functional/windows_script.rb
@@ -160,11 +160,6 @@ shared_context Chef::Resource::WindowsScript do
         end
       end
 
-      context "when a different non-admin user attempts read to access the script" do
-        let(:file_access_command) { read_access_denied_command }
-        it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
-      end
-
       context "when a different non-admin user attempts write (modify) to access the script" do
         let(:file_access_command) { modify_access_denied_command }
         it_behaves_like "a script whose file system location cannot be accessed by other non-admin users"
diff --git a/spec/unit/mixin/user_identity_spec.rb b/spec/unit/mixin/user_identity_spec.rb
index 799260b25a..790e0a6ab9 100644
--- a/spec/unit/mixin/user_identity_spec.rb
+++ b/spec/unit/mixin/user_identity_spec.rb
@@ -94,6 +94,21 @@ shared_examples_for "a consumer of the ::Chef::Mixin::UserIdentity mixin" do
           it_behaves_like "it received valid credentials"
         end
       end
+
+      context "when the domain is provided in both username and domain" do
+        let(:domain) { "some_domain" }
+        let(:password) { "we.funk!" }
+
+        context "when username is in the form domain\\user" do
+          let(:username) { "mothership\\starchild" }
+          it_behaves_like "it received invalid credentials"
+        end
+
+        context "when username is in the form user@domain" do
+          let(:username) { "starchild@mothership" }
+          it_behaves_like "it received invalid credentials"
+        end
+      end
     end
 
     context "when the username is not specified" do