2 files changed, 113 insertions, 4 deletions

diff --git a/lib/chef/provider/group/suse.rb b/lib/chef/provider/group/suse.rb
index a79038e25e..273485df16 100644
--- a/lib/chef/provider/group/suse.rb
+++ b/lib/chef/provider/group/suse.rb
@@ -17,6 +17,7 @@
 #
 
 require "chef/provider/group/groupadd"
+require "etc"
 
 class Chef
   class Provider
@@ -36,24 +37,42 @@ class Chef
             a.failure_message Chef::Exceptions::Group, "Could not find binary /usr/sbin/groupmod for #{@new_resource.name}"
             # No whyrun alternative: this component should be available in the base install of any given system that uses it
           end
+
+          requirements.assert(:create, :manage, :modify) do |a|
+            a.assertion do
+              begin
+                to_add(@new_resource.members).any? { |member| Etc.getpwnam(member) }
+              rescue
+                false
+              end
+            end
+            a.failure_message Chef::Exceptions::Group, "Could not add users #{to_add(@new_resource.members).join(", ")} to #{@new_resource.group_name}: one of these users does not exist"
+            a.whyrun "Could not find one of these users: #{to_add(@new_resource.members).join(", ")}. Assuming it will be created by a prior step"
+          end
         end
 
         def set_members(members)
-          to_delete = @current_resource.members - members
-          to_delete.each do |member|
+          to_remove(members).each do |member|
             remove_member(member)
           end
 
-          to_add = members - @current_resource.members
-          to_add.each do |member|
+          to_add(members).each do |member|
             add_member(member)
           end
         end
 
+        def to_add(members)
+          members - @current_resource.members
+        end
+
         def add_member(member)
           shell_out!("groupmod -A #{member} #{@new_resource.group_name}")
         end
 
+        def to_remove(members)
+          @current_resource.members - members
+        end
+
         def remove_member(member)
           shell_out!("groupmod -R #{member} #{@new_resource.group_name}")
         end
diff --git a/spec/unit/provider/group/suse_spec.rb b/spec/unit/provider/group/suse_spec.rb
new file mode 100644
index 0000000000..da4e8e9155
--- /dev/null
+++ b/spec/unit/provider/group/suse_spec.rb
@@ -0,0 +1,90 @@
+#
+# Author:: Tom Duffield (<tom@chef.io>)
+# Copyright:: Copyright 2016 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require "spec_helper"
+
+describe Chef::Provider::Group::Suse do
+  let(:node) { Chef::Node.new }
+  let(:events) { Chef::EventDispatch::Dispatcher.new }
+  let(:run_context) { Chef::RunContext.new(node, {}, events) }
+  let(:new_members) { %w{root new_user} }
+  let(:new_resource) do
+    Chef::Resource::Group.new("new_group").tap do |r|
+      r.gid 50
+      r.members new_members
+      r.system false
+      r.non_unique false
+    end
+  end
+  let(:current_resource) do
+    Chef::Resource::Group.new("new_group").tap do |r|
+      r.gid 50
+      r.members %w{root}
+      r.system false
+      r.non_unique false
+    end
+  end
+  let(:provider) do
+    described_class.new(new_resource, run_context).tap do |p|
+      p.current_resource = current_resource
+    end
+  end
+
+  describe "when determining the current group state" do
+    before(:each) do
+      allow(File).to receive(:exists?).and_return(true)
+      provider.action = :create
+      provider.define_resource_requirements
+    end
+
+    # Checking for required binaries is already done in the spec
+    # for Chef::Provider::Group - no need to repeat it here.  We'll
+    # include only what's specific to this provider.
+    it "should raise an error if the required binary /usr/sbin/groupmod doesn't exist" do
+      expect(File).to receive(:exists?).with("/usr/sbin/groupmod").and_return(false)
+      expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
+    end
+
+    it "should raise error if one of the member users does not exist" do
+      expect(Etc).to receive(:getpwnam).with("new_user").and_raise ArgumentError
+      expect { provider.process_resource_requirements }.to raise_error(Chef::Exceptions::Group)
+    end
+  end
+
+  describe "#set_members" do
+    it "should add missing members and remove deleted members" do
+      expect(provider).not_to receive(:remove_member)
+      expect(provider).to receive(:add_member).with("new_user")
+      provider.set_members(new_members)
+    end
+  end
+
+  describe "#add_member" do
+    it "should call out to groupmod to add user" do
+      expect(provider).to receive(:shell_out!).with("groupmod -A new_user new_group")
+      provider.add_member("new_user")
+    end
+  end
+
+  describe "#remove_member" do
+    it "should call out to groupmod to remove user" do
+      expect(provider).to receive(:shell_out!).with("groupmod -R new_user new_group")
+      provider.remove_member("new_user")
+    end
+  end
+end