summaryrefslogtreecommitdiff
path: root/spec/unit/provider/service
diff options
context:
space:
mode:
authorMatt Wrock <matt@mattwrock.com>2015-12-29 10:31:41 -0800
committerMatt Wrock <matt@mattwrock.com>2015-12-29 10:31:41 -0800
commit7f69ad99a2446e9c70112aa531f68a971a52758f (patch)
tree918bc63c8ffb8f1354b25378155c478b6fdad2ac /spec/unit/provider/service
parentb027f4b9cebda8314118a0839f93d812e1b6fcfa (diff)
downloadchef-7f69ad99a2446e9c70112aa531f68a971a52758f.tar.gz
fixes #3521 correcting format of user name passed to policy apis and does not clobber existing service rights of other users
Diffstat (limited to 'spec/unit/provider/service')
-rw-r--r--spec/unit/provider/service/windows_spec.rb45
1 files changed, 18 insertions, 27 deletions
diff --git a/spec/unit/provider/service/windows_spec.rb b/spec/unit/provider/service/windows_spec.rb
index 4c9f5b3377..34140fdd7b 100644
--- a/spec/unit/provider/service/windows_spec.rb
+++ b/spec/unit/provider/service/windows_spec.rb
@@ -30,6 +30,7 @@ describe Chef::Provider::Service::Windows, "load_current_resource" do
prvdr.current_resource = Chef::Resource::WindowsService.new("current-chef")
prvdr
end
+ let(:service_right) { Chef::Provider::Service::Windows::SERVICE_RIGHT }
before(:all) do
Win32::Service = Class.new
@@ -46,6 +47,7 @@ describe Chef::Provider::Service::Windows, "load_current_resource" do
double("ConfigStruct", :start_type => "auto start"))
allow(Win32::Service).to receive(:exists?).and_return(true)
allow(Win32::Service).to receive(:configure).and_return(Win32::Service)
+ allow(Chef::ReservedNames::Win32::Security).to receive(:get_account_right).and_return([])
end
after(:each) do
@@ -164,6 +166,13 @@ describe Chef::Provider::Service::Windows, "load_current_resource" do
expect(provider).to receive(:grant_service_logon).and_return(true)
provider.start_service
end
+
+ it "does not grant user SeServiceLogonRight if it already has it" do
+ expect(Win32::Service).to receive(:start)
+ expect(Chef::ReservedNames::Win32::Security).to receive(:get_account_right).with("wallace").and_return([service_right])
+ expect(Chef::ReservedNames::Win32::Security).not_to receive(:add_account_right).with("wallace", service_right)
+ provider.start_service
+ end
end
end
@@ -417,37 +426,19 @@ describe Chef::Provider::Service::Windows, "load_current_resource" do
include_context "testing private methods"
let(:username) { "unit_test_user" }
- let(:success_string) { "The task has completed successfully.\r\nSee logfile etc." }
- let(:failure_string) { "Look on my works, ye Mighty, and despair!" }
- let(:command) {
- dbfile = provider.grant_dbfile_name(username)
- policyfile = provider.grant_policyfile_name(username)
- logfile = provider.grant_logfile_name(username)
-
- %Q{secedit.exe /configure /db "#{dbfile}" /cfg "#{policyfile}" /areas USER_RIGHTS SECURITYPOLICY SERVICES /log "#{logfile}"}
- }
- let(:shellout_env) { {:environment=>{"LC_ALL"=>"en_US.UTF-8"}} }
- before {
- expect_any_instance_of(described_class).to receive(:shell_out).with(command).and_call_original
- expect_any_instance_of(Mixlib::ShellOut).to receive(:run_command).and_return(nil)
- }
-
- after {
- # only needed for the second test.
- ::File.delete(provider.grant_policyfile_name(username)) rescue nil
- ::File.delete(provider.grant_logfile_name(username)) rescue nil
- ::File.delete(provider.grant_dbfile_name(username)) rescue nil
- }
-
- it "calls Mixlib::Shellout with the correct command string" do
- expect_any_instance_of(Mixlib::ShellOut).to receive(:exitstatus).and_return(0)
+ it "calls win32 api to grant user SeServiceLogonRight" do
+ expect(Chef::ReservedNames::Win32::Security).to receive(:add_account_right).with(username, service_right)
expect(provider.grant_service_logon(username)).to equal true
end
- it "raises an exception when the grant command fails" do
- expect_any_instance_of(Mixlib::ShellOut).to receive(:exitstatus).and_return(1)
- expect_any_instance_of(Mixlib::ShellOut).to receive(:stdout).and_return(failure_string)
+ it "strips '.\' from user name when sending to win32 api" do
+ expect(Chef::ReservedNames::Win32::Security).to receive(:add_account_right).with(username, service_right)
+ expect(provider.grant_service_logon(".\\#{username}")).to equal true
+ end
+
+ it "raises an exception when the grant fails" do
+ expect(Chef::ReservedNames::Win32::Security).to receive(:add_account_right).and_raise(Chef::Exceptions::Win32APIError, "barf")
expect { provider.grant_service_logon(username) }.to raise_error(Chef::Exceptions::Service)
end
end