From d9a69df03137753d5948a28a0bc9a2493dd8b89c Mon Sep 17 00:00:00 2001
From: Sean Karlage <skarlage@get9.io>
Date: Mon, 8 Jan 2018 09:14:53 -0800
Subject: Fix dscl group provider gid_used? (#6703)

Use dscl search verb in gid_used?

`dscl` has a search verb which makes checking whether a gid is
currently used much easier than parsing string output of listing all
gids.

Signed-off-by: Sean Karlage <skarlage@fb.com>
---
 lib/chef/provider/group/dscl.rb       |  8 ++++++--
 spec/unit/provider/group/dscl_spec.rb | 19 ++++++++++++++-----
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/lib/chef/provider/group/dscl.rb b/lib/chef/provider/group/dscl.rb
index 71e42b36ba..fe152eda33 100644
--- a/lib/chef/provider/group/dscl.rb
+++ b/lib/chef/provider/group/dscl.rb
@@ -88,8 +88,12 @@ class Chef
 
         def gid_used?(gid)
           return false unless gid
-          groups_gids = safe_dscl("list", "/Groups", "gid")
-          !!( groups_gids =~ Regexp.new("#{Regexp.escape(gid.to_s)}\n") )
+          search_gids = safe_dscl("search", "/Groups", "PrimaryGroupID", gid.to_s)
+
+          # dscl -search should not return anything if the gid doesn't exist,
+          # but on the off-chance that it does, check whether the given gid is
+          # in the output.
+          !!(search_gids =~ /\b#{gid}\b/)
         end
 
         def set_gid
diff --git a/spec/unit/provider/group/dscl_spec.rb b/spec/unit/provider/group/dscl_spec.rb
index e25b77c051..cf3f0237f5 100644
--- a/spec/unit/provider/group/dscl_spec.rb
+++ b/spec/unit/provider/group/dscl_spec.rb
@@ -117,11 +117,16 @@ describe Chef::Provider::Group::Dscl do
     before do
       @node = Chef::Node.new
       @provider = Chef::Provider::Group::Dscl.new(@node, @new_resource)
-      allow(@provider).to receive(:safe_dscl).and_return("\naj      500\n")
+      allow(@provider).to receive(:safe_dscl).and_return(<<-eos
+        someprogram		somethingElse:gid = (
+            500
+        )
+        eos
+      )
     end
 
-    it "should run safe_dscl with list /Groups gid" do
-      expect(@provider).to receive(:safe_dscl).with(*"list /Groups gid".split(" "))
+    it "should run safe_dscl with search /Groups gid" do
+      expect(@provider).to receive(:safe_dscl).with(*"search /Groups PrimaryGroupID 500".split(" "))
       @provider.gid_used?(500)
     end
 
@@ -130,7 +135,11 @@ describe Chef::Provider::Group::Dscl do
     end
 
     it "should return false for an unused gid number" do
-      expect(@provider.gid_used?(501)).to be_falsey
+      expect(@provider.gid_used?(0)).to be_falsey
+      expect(@provider.gid_used?(50)).to be_falsey
+      expect(@provider.gid_used?(5000)).to be_falsey
+      expect(@provider.gid_used?(1500)).to be_falsey
+      expect(@provider.gid_used?(18)).to be_falsey
     end
 
     it "should return false if not given any valid gid number" do
@@ -171,7 +180,7 @@ describe Chef::Provider::Group::Dscl do
     describe "with a valid gid number which is not already in use" do
       it "should run safe_dscl with create /Groups/group PrimaryGroupID gid" do
         allow(@provider).to receive(:get_free_gid).and_return(50)
-        expect(@provider).to receive(:safe_dscl).with(*"list /Groups gid".split(" "))
+        expect(@provider).to receive(:safe_dscl).with(*"search /Groups PrimaryGroupID 50".split(" ")).and_return("")
         expect(@provider).to receive(:safe_dscl).with("create", "/Groups/aj", "PrimaryGroupID", 50).and_return(true)
         @provider.set_gid
       end
-- 
cgit v1.2.1