microsoft
/
macos-cookbook
зеркало из https://github.com/microsoft/macos-cookbook.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

update UTs

This commit is contained in:
Jared Weyer 2023-03-10 12:31:57 -08:00
Родитель 091a9825c5
Коммит 13c9571fff
3 изменённых файлов: 109 добавлений и 127 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

230
spec/unit/libraries/remote_management_spec.rb
Просмотреть файл

@ -3,14 +3,8 @@ require_relative '../../spec_helper'
describe MacOS::RemoteManagement do
let(:shellout) { double(stdout: nil, stderr: nil) }
describe '.kickstart' do
it 'should return correct executable path' do
expect(described_class.kickstart).to eq '/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart'
end
end
describe '.current_mask' do
context 'when ARD is currently configured to grant access to all local users' do
context 'when ARD is currently configured to use global privileges' do
let(:global_settings_xml) do
<<~XML
<?xml version="1.0" encoding="UTF-8"?>
@ -28,128 +22,29 @@ describe MacOS::RemoteManagement do
XML
end
it 'should return the retrieve the privilege value from global settings plist and return the equivalent mask' do
it 'should retrieve the privilege value from global settings plist and return the equivalent mask' do
allow(described_class).to receive(:global_settings_xml).and_return global_settings_xml
expect(described_class.current_mask('bilbo')).to eq(-2147483645)
expect(described_class.current_mask('bilbo')).to eq(-2147483645) # priv value: 3 -> priv mask: -2147483645
end
end
context 'when ARD is currently configured to grant access to specified users' do
before(:each) { allow(described_class).to receive(:configured_for_all_users?).and_return false }
context 'when there is only one user' do
context 'when the specified user currently does not have privileges set' do
it 'should return an empty string' do
allow(described_class).to receive(:users_configured?).and_return false
expect(described_class.current_mask('bilbo')).to eq ''
end
end
context 'when the specified user currently has privileges set' do
let(:dscl_naprivs) { 'bilbo -2147483648' }
it 'should return the mask retrieved from `dscl`' do
allow(shellout).to receive(:stdout).and_return dscl_naprivs
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_mask('bilbo')).to eq(-2147483648)
end
end
context 'when ARD is currently configured to use individual privileges' do
let(:dscl_naprivs) do
<<~STDOUT
bilbo -2147483644
gandalf -2147483644
STDOUT
end
context 'when there are multiple users' do
context 'when the users have different privilege masks' do
let(:dscl_naprivs) do
<<~STDOUT
bilbo -2147483644
gandalf -2147483648
STDOUT
end
it 'should return an empty string' do
allow(shellout).to receive(:stdout).and_return dscl_naprivs
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_mask('bilbo', 'gandalf')).to eq ''
end
end
context 'when the users have the same privilege masks' do
let(:dscl_naprivs) do
<<~STDOUT
bilbo -2147483644
ganalf -2147483644
STDOUT
end
it 'should return the shared privilege mask' do
allow(shellout).to receive(:stdout).and_return dscl_naprivs
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_mask('bilbo', 'ganalf')).to eq(-2147483644)
end
end
context 'when one of the users has not been setup yet' do
let(:dscl_naprivs) do
<<~STDOUT
ganalf -2147483644
STDOUT
end
it 'should return an empty string' do
allow(described_class).to receive(:users_configured?).and_return false
expect(described_class.current_mask('bilbo', 'ganalf')).to eq ''
end
end
it 'should return the mask retrieved from `dscl`' do
allow(described_class).to receive(:using_global_privileges?).and_return false
allow(shellout).to receive(:stdout).and_return dscl_naprivs
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_mask(['bilbo', 'gandalf'])).to eq(-2147483644)
end
end
end
describe '.current_computer_info' do
context 'when there is no computer info' do
let(:computer_info_xml) do
<<~XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DOCAllowRemoteConnections</key>
<false/>
</dict>
</plist>
XML
end
it 'should return an empty array' do
allow(shellout).to receive(:stdout).and_return computer_info_xml
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_computer_info).to eq []
end
end
context 'when there is computer info' do
let(:computer_info_xml) do
<<~XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DOCAllowRemoteConnections</key>
<false/>
<key>Text1</key>
<string>bilbo</string>
<key>Text2</key>
<string>baggins</string>
<key>Text3</key>
<string></string>
<key>Text4</key>
<string></string>
</dict>
</plist>
XML
end
it 'should return an empty array' do
allow(shellout).to receive(:stdout).and_return computer_info_xml
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_computer_info).to eq ['bilbo', 'baggins']
end
end
end
describe '.users_configured?' do
describe '.current_users_configured?' do
context 'when using global settings' do
let(:global_settings_xml) do
<<~XML
@ -171,23 +66,106 @@ describe MacOS::RemoteManagement do
it 'should return true when global privilege value exists' do
allow(shellout).to receive(:stdout).and_return global_settings_xml
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.users_configured?(['bilbo'])).to be true
expect(described_class.current_users_configured?(['bilbo'])).to be true
end
end
context 'when using individual settings' do
context 'when all desired users are configured' do
it 'should return true' do
allow(described_class).to receive(:using_global_settings?).and_return false
allow(described_class).to receive(:using_global_privileges?).and_return false
allow(described_class).to receive(:individual_settings).and_return({ 'bilbo' => 1 })
expect(described_class.users_configured?(['bilbo'])).to be true
expect(described_class.current_users_configured?(['bilbo'])).to be true
end
end
context 'when desired users are not configured' do
it 'should return false' do
allow(described_class).to receive(:using_global_settings?).and_return false
allow(described_class).to receive(:using_global_privileges?).and_return false
allow(described_class).to receive(:individual_settings).and_return({ 'bilbo' => 1 })
expect(described_class.users_configured?(['bilbo', 'frodo'])).to be false
expect(described_class.current_users_configured?(['bilbo', 'frodo'])).to be false
end
end
end
describe '.users_have_identical_masks?' do
before(:each) { allow(described_class).to receive(:using_global_privileges?).and_return false }
context 'when the users have different privilege masks' do
let(:dscl_naprivs) do
<<~STDOUT
bilbo -2147483644
gandalf -2147483648
STDOUT
end
it 'should return false' do
allow(shellout).to receive(:stdout).and_return dscl_naprivs
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_users_have_identical_masks?(['bilbo', 'gandalf'])).to be false
end
end
context 'when the users have the same privilege masks' do
let(:dscl_naprivs) do
<<~STDOUT
bilbo -2147483644
ganalf -2147483644
STDOUT
end
it 'should return true' do
allow(shellout).to receive(:stdout).and_return dscl_naprivs
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_users_have_identical_masks?(['bilbo', 'ganalf'])).to be true
end
end
end
describe '.current_computer_info' do
context 'when there is no computer info' do
let(:computer_info_xml) do
<<~XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DOCAllowRemoteConnections</key>
<false/>
</dict>
</plist>
XML
end
it 'should return an empty array' do
allow(shellout).to receive(:stdout).and_return computer_info_xml
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_computer_info).to eq []
end
end
context 'when there is computer info' do
let(:computer_info_xml) do
<<~XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>DOCAllowRemoteConnections</key>
<false/>
<key>Text1</key>
<string>bilbo</string>
<key>Text2</key>
<string>baggins</string>
<key>Text3</key>
<string></string>
<key>Text4</key>
<string></string>
</dict>
</plist>
XML
end
it 'should return an empty array' do
allow(shellout).to receive(:stdout).and_return computer_info_xml
allow_any_instance_of(Chef::Mixin::ShellOut).to receive(:shell_out!).and_return shellout
expect(described_class.current_computer_info).to eq ['bilbo', 'baggins']
end
end
end

4
spec/unit/resources/remote_management_spec.rb
Просмотреть файл

@ -9,10 +9,14 @@ shared_context 'remote management disabled' do
end
shared_context 'users current mask is -2147483648 (no privileges)' do
before { allow(RemoteManagement).to receive(:current_users_configured?).and_return true }
before { allow(RemoteManagement).to receive(:current_users_have_identical_masks?).and_return true }
before { allow(RemoteManagement).to receive(:current_mask).and_return(-2147483648) }
end
shared_context 'users current mask is -1073741569 (all privileges)' do
before { allow(RemoteManagement).to receive(:current_users_configured?).and_return true }
before { allow(RemoteManagement).to receive(:current_users_have_identical_masks?).and_return true }
before { allow(RemoteManagement).to receive(:current_mask).and_return(-1073741569) }
end

2
test/cookbooks/macos_test/recipes/remote_access.rb
Просмотреть файл

@ -15,7 +15,7 @@ execute 'authorize screensharing client to utilize the kTCCServiceScreenCapture
end
remote_management 'activate and configure remote management for all users' do
users 'vagrant'
users 'all'
privileges %w(control_observe open_quit_apps)
computer_info ['Arkenstone', 'Gold']
only_if { shell_out('/usr/sbin/system_profiler', 'SPSoftwareDataType').stdout.match?(Regexp.new('System Integrity Protection: Disabled')) }