diff options
Diffstat (limited to 'spec/unit/provider/script_spec.rb')
-rw-r--r-- | spec/unit/provider/script_spec.rb | 55 |
1 files changed, 49 insertions, 6 deletions
diff --git a/spec/unit/provider/script_spec.rb b/spec/unit/provider/script_spec.rb index 7e34a8f083..2f024c4c29 100644 --- a/spec/unit/provider/script_spec.rb +++ b/spec/unit/provider/script_spec.rb @@ -56,12 +56,55 @@ describe Chef::Provider::Script, "action_run" do end end - context "#set_owner_and_group" do - it "sets the owner and group for the script file" do - new_resource.user "toor" - new_resource.group "wheel" - expect(FileUtils).to receive(:chown).with("toor", "wheel", tempfile.path) - provider.set_owner_and_group + context "when configuring the script file's security" do + context "when not running on Windows" do + before do + allow(::Chef::Platform).to receive(:windows?).and_return(false) + end + context "#set_owner_and_group" do + it "sets the owner and group for the script file" do + new_resource.user "toor" + new_resource.group "wheel" + expect(FileUtils).to receive(:chown).with("toor", "wheel", tempfile.path) + provider.set_owner_and_group + end + end + end + + context "when running on Windows" do + before do + allow(::Chef::Platform).to receive(:windows?).and_return(true) + expect(new_resource.user).to eq(nil) + stub_const("Chef::ReservedNames::Win32::API::Security::GENERIC_READ", 1) + stub_const("Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE", 4) + stub_const("Chef::ReservedNames::Win32::Security", Class.new) + stub_const("Chef::ReservedNames::Win32::Security::SecurableObject", Class.new) + stub_const("Chef::ReservedNames::Win32::Security::SID", Class.new) + stub_const("Chef::ReservedNames::Win32::Security::ACE", Class.new) + stub_const("Chef::ReservedNames::Win32::Security::ACL", Class.new) + end + + context "when an alternate user is not specified" do + it "does not attempt to set the script file's security descriptor" do + expect(provider).to receive(:grant_alternate_user_read_access) + expect(Chef::ReservedNames::Win32::Security::SecurableObject).not_to receive(:new) + provider.set_owner_and_group + end + end + + context "when an alternate user is specified" do + let(:security_descriptor) { instance_double("Chef::ReservedNames::Win32::Security::SecurityDescriptor", :dacl => []) } + let(:securable_object) { instance_double("Chef::ReservedNames::Win32::Security::SecurableObject", :security_descriptor => security_descriptor, :dacl= => nil) } + it "sets the script file's security descriptor" do + new_resource.user("toor") + expect(Chef::ReservedNames::Win32::Security::SecurableObject).to receive(:new).and_return(securable_object) + expect(Chef::ReservedNames::Win32::Security::SID).to receive(:from_account).and_return(nil) + expect(Chef::ReservedNames::Win32::Security::ACE).to receive(:access_allowed).and_return(nil) + expect(Chef::ReservedNames::Win32::Security::ACL).to receive(:create).and_return(nil) + expect(securable_object).to receive(:dacl=) + provider.set_owner_and_group + end + end end end |