Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ChefSpec Test Fails On Specific Windows Registry Values But Not Others #8650

Open
BGaudreault-EDR opened this issue Jun 11, 2019 · 2 comments

Comments

Projects
None yet
2 participants
@BGaudreault-EDR
Copy link

commented Jun 11, 2019

Description

Cannot get 'RSpec' to pass on all Windows registry Values as it fails on "DisabledByDefault" Values (I have not tried other Keys or Values besides the Value "Enabled" which passes).

Chef Version

Chef Development Kit Version: 4.0.60
chef-client version: 15.0.300

Platform Version

Windows 10 Enterprise 10.0.16299 N/A Build 16299

Replication Case

I run the following command: 'chef exec rspec --color ./spec/unit/recipes/default_spec.rb'

Here's a shortened version of my default_spec.rb file (removed sections that just repeat for different registry Keys):

Cookbook:: edr-win-tls

ChefSpec Unit tests

Spec:: default

*REQUIRE

require 'spec_helper'

END *REQUIRE <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

describe 'edr-win-tls::default' do
context 'When all attributes are default' do
let(:chef_run) do
# for a complete list of available platforms and versions see:
# https://github.com/customink/fauxhai/blob/master/PLATFORMS.md
runner = ChefSpec::ServerRunner.new(platform: 'windows', version: '2012R2') # "R2" is upper-case.
runner.converge(described_recipe)
end
#
# CONVERGES
it 'converges successfully' do
expect { chef_run }.to_not raise_error
end
it 'installs chef_gem chef-vault' do
expect(chef_run).to install_chef_gem('chef-vault')
end
#
# WINDOWS REGISTRY - SSL 2.0 DISABLE
it 'create_registry_key SSL 2.0 Client DisabledByDefault Value' do
expect(chef_run).to create_registry_key('HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client').with(
unscrubbed_values: [{ name: 'DisabledByDefault', type: :dword, data: 1 }])
end
it 'create_registry_key SSL 2.0 Client Enabled Value' do
expect(chef_run).to create_registry_key('HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client').with(
unscrubbed_values: [{ name: 'Enabled', type: :dword, data: 0 }])
end
it 'create_registry_key SSL 2.0 Server Enabled Value' do
expect(chef_run).to create_registry_key('HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server').with(
unscrubbed_values: [{ name: 'Enabled', type: :dword, data: 0 }])
end
#
# WINDOWS REGISTRY - TLS 1.2 ENABLE
it 'create_registry_key TLS 1.2 Client DisabledByDefault Values' do
expect(chef_run).to create_registry_key('HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client').with(
unscrubbed_values: [{ name: 'DisabledByDefault', type: :dword, data: 0 }])
end
it 'create_registry_key TLS 1.2 Client Enabled Values' do
expect(chef_run).to create_registry_key('HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client').with(
unscrubbed_values: [{ name: 'Enabled', type: :dword, data: 1 }])
end
it 'create_registry_key TLS 1.2 Server Enabled Value' do
expect(chef_run).to create_registry_key('HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server').with(
unscrubbed_values: [{ name: 'Enabled', type: :dword, data: 1 }])
end
end # END context
end # END describe

END WINDOWS REGISTRY

Client Output

I get multiples of the following error:

Failure/Error:
expect(chef_run).to create_registry_key('HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client').with(
unscrubbed_values: [{ name: 'DisabledByDefault', type: :dword, data: 1 }])

   expected "registry_key[HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]" to have parameters:

     unscrubbed_values [{:name=>"DisabledByDefault", :type=>:dword, :data=>1}], was [{:name=>"Enabled", :type=>:dword, :data=>0}]
   Diff:
   @@ -1,2 +1,2 @@
   -[{:data=>1, :name=>"DisabledByDefault", :type=>:dword}]
   +[{:data=>0, :name=>"Enabled", :type=>:dword}]

 # C:/Users/Username/chef-repos/cookbooks/edr-win-tls/spec/unit/recipes/default_spec.rb:37:in `block (3 levels) in <top (required)>'

Stacktrace

N/A

@lamont-granquist

This comment has been minimized.

Copy link
Contributor

commented Jun 13, 2019

This should have been filed against the chefspec repo, you'll probably have better luck asking in the #chefspec channel on chef community slack.

It might be if you have multiple registry_key resources which are all named the same, then chefspec will only find one of them (either the first or the last) and will always match against that. You could try renaming them all and using whatever the name property is of that resource and doing matching against the new name of the resource in chefspec.

Although I suspect that you shouldn't be using chefspec, you seem to be writing your recipe twice which is fairly useless testing. You should probably be using test-kitchen and inspec testing and making sure that when you run your recipe that inspec finds all of those registry settings actually get set.

@BGaudreault-EDR

This comment has been minimized.

Copy link
Author

commented Jun 24, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.