diff options
| author | Bryan McLellan <btm@loftninjas.org> | 2017-02-08 21:40:12 -0500 |
|---|---|---|
| committer | Bryan McLellan <btm@loftninjas.org> | 2017-02-09 07:49:03 -0500 |
| commit | 12ccb8c3f0e39fa6f7360dbf15ce463b22f60f30 (patch) | |
| tree | 994b5362ba835530f60e2fba52e03b983c39469a /spec/support | |
| parent | 31c9757faa411c22d8d9ac1995aeba702c983095 (diff) | |
| download | chef-12ccb8c3f0e39fa6f7360dbf15ce463b22f60f30.tar.gz | |
Fix functional tests for alternate user support
On Windows you need the SeAssignPrimaryTokenPrivilege right to use
CreateProcessAsUser when running under a service, even if you're an
Administrator. This makes these functional tests not run under Jenkins if
the jenkins user does not have this right.
Signed-off-by: Bryan McLellan <btm@loftninjas.org>
Diffstat (limited to 'spec/support')
| -rw-r--r-- | spec/support/platform_helpers.rb | 6 | ||||
| -rw-r--r-- | spec/support/shared/functional/execute_resource.rb | 4 | ||||
| -rw-r--r-- | spec/support/shared/functional/windows_script.rb | 4 |
3 files changed, 10 insertions, 4 deletions
diff --git a/spec/support/platform_helpers.rb b/spec/support/platform_helpers.rb index 14f883da74..3dfabf91a7 100644 --- a/spec/support/platform_helpers.rb +++ b/spec/support/platform_helpers.rb @@ -92,6 +92,12 @@ def windows_nano_server? Chef::Platform.windows_nano_server? end +def windows_user_right?(right) + return false unless windows? + require 'chef/win32/security' + Chef::ReservedNames::Win32::Security.get_account_right(ENV["USERNAME"]).include?(right) +end + def mac_osx_106? if File.exists? "/usr/bin/sw_vers" result = ShellHelpers.shell_out("/usr/bin/sw_vers") diff --git a/spec/support/shared/functional/execute_resource.rb b/spec/support/shared/functional/execute_resource.rb index 3f9dd8af5c..4f7cea1cd1 100644 --- a/spec/support/shared/functional/execute_resource.rb +++ b/spec/support/shared/functional/execute_resource.rb @@ -68,7 +68,7 @@ shared_context "a command that can be executed as an alternate user" do end shared_examples_for "an execute resource that supports alternate user identity" do - context "when running on Windows", :windows_only do + context "when running on Windows", :windows_only, :windows_service_requires_assign_token do include_context "a command that can be executed as an alternate user" @@ -102,7 +102,7 @@ shared_examples_for "an execute resource that supports alternate user identity" end shared_examples_for "a resource with a guard specifying an alternate user identity" do - context "when running on Windows", :windows_only do + context "when running on Windows", :windows_only, :windows_service_requires_assign_token do include_context "alternate user identity" let(:resource_command_property) { :command } diff --git a/spec/support/shared/functional/windows_script.rb b/spec/support/shared/functional/windows_script.rb index 8a9a19d4ad..e5ac0741bd 100644 --- a/spec/support/shared/functional/windows_script.rb +++ b/spec/support/shared/functional/windows_script.rb @@ -178,11 +178,11 @@ shared_context Chef::Resource::WindowsScript do resource.run_action(:run) end - context "the script is executed with the identity of the current user" do + context "the script is executed with the identity of the current user", :windows_service_requires_assign_token do it_behaves_like "a script that cannot be accessed by other users if they are not administrators" end - context "the script is executed with an alternate non-admin identity" do + context "the script is executed with an alternate non-admin identity", :windows_service_requires_assign_token do include_context "alternate user identity" before do |