add some resource unit tests

resources/macos_user.rb

@@ -108,32 +108,32 @@ action :create do
   end
 
   unless ::File.exist?(user_home) && user_already_exists?
-    command = [*token_credentials, '-addUser', new_resource.username, *user_fullname, '-password', new_resource.password, admin_user]
-    output = exec_sysadminctl(command)
+    cmd = [*token_credentials, '-addUser', new_resource.username, *user_fullname, '-password', new_resource.password, admin_user]
+    output = exec_sysadminctl(cmd)
     unless /creating user/.match?(output.downcase)
-      raise "error when creating user: #{output}"
+      raise "error while creating user: #{output}"
     end
   end
 
   if new_resource.secure_token && !secure_token_enabled?
     validate_secure_token_modification
-    command = [*token_credentials, '-secureTokenOn', new_resource.username, '-password', new_resource.password]
-    output = exec_sysadminctl(command)
+    cmd = [*token_credentials, '-secureTokenOn', new_resource.username, '-password', new_resource.password]
+    output = exec_sysadminctl(cmd)
     unless /done/.match?(output.downcase)
-      raise "error when modifying SecureToken: #{output}"
+      raise "error while modifying SecureToken: #{output}"
     end
   end
 
   if !new_resource.secure_token && secure_token_enabled?
     validate_secure_token_modification
-    command = [*token_credentials, '-secureTokenOff', new_resource.username, '-password', new_resource.password]
-    output = exec_sysadminctl(command)
+    cmd = [*token_credentials, '-secureTokenOff', new_resource.username, '-password', new_resource.password]
+    output = exec_sysadminctl(cmd)
     unless /done/.match?(output.downcase)
-      raise "error when modifying SecureToken: #{output}"
+      raise "error while modifying SecureToken: #{output}"
     end
   end
 
-  if new_resource.hidden == true
+  if new_resource.hidden
     execute "hide user #{new_resource.username}" do
       key = 'IsHidden'
       desired_value = '1'
@@ -214,8 +214,8 @@ action :delete do
   end
 
   if user_already_exists?
-    command = ['-deleteUser', new_resource.username]
-    output = exec_sysadminctl(command)
+    cmd = ['-deleteUser', new_resource.username]
+    output = exec_sysadminctl(cmd)
     unless /deleting record|not found/.match?(output.downcase)
       raise "error deleting user: #{output}"
     end

spec/unit/resources/macos_user_spec.rb

@@ -0,0 +1,81 @@
+require 'spec_helper'
+
+describe 'macos_user hidden with a securetoken' do
+  step_into :macos_user
+
+  platform 'mac_os_x', '11'
+
+  before do
+    stubs_for_provider('macos_user[create user with secure token]') do |provider|
+      allow(provider).to receive_shell_out('/usr/sbin/sysadminctl', '-adminUser', 'vagrant', '-adminPassword',
+                                           'vagrant', '-addUser', 'carl', '', '-password', 'philemon', '',
+                                           stderr: 'Creating user record…', exitstatus: 0)
+      allow(provider).to receive_shell_out('/usr/sbin/sysadminctl', '-secureTokenStatus', 'carl',
+                                           stderr: 'Secure token is ENABLED for user carl', exitstatus: 0)
+    end
+    stubs_for_resource('execute[hide user carl]') do |resource|
+      allow(resource).to receive_shell_out('/usr/bin/dscl', '.', 'read', '/Users/carl', 'IsHidden')
+    end
+  end
+
+  recipe do
+    macos_user 'create user with secure token' do
+      username 'carl'
+      password 'philemon'
+      hidden true
+      secure_token true
+      existing_token_auth({ username: 'vagrant', password: 'vagrant' })
+    end
+  end
+
+  it { is_expected.to create_macos_user('create user with secure token') }
+  it { is_expected.to run_execute('hide user carl') }
+end
+
+describe 'macos_user with a weak password on machine with a password policy' do
+  step_into :macos_user
+
+  platform 'mac_os_x', '11'
+
+  before do
+    stubs_for_provider('macos_user[create user with a weak password]') do |provider|
+      allow(provider).to receive_shell_out('/usr/sbin/sysadminctl', '', '-addUser', 'new', '', '-password', '123', '',
+                                           stderr: 'New account password error', exitstatus: 0)
+    end
+  end
+
+  recipe do
+    macos_user 'create user with a weak password' do
+      username 'new'
+      password '123'
+    end
+  end
+
+  it 'raises an error' do
+    expect { subject }.to raise_error(RuntimeError, /New account password error/)
+  end
+end
+
+describe 'macos_user attempting to delete the last secure token user' do
+  step_into :macos_user
+
+  platform 'mac_os_x', '11'
+
+  before do
+    stubs_for_provider('macos_user[owner]') do |provider|
+      allow(provider).to receive(:user_already_exists?).and_return(true)
+      allow(provider).to receive_shell_out('/usr/sbin/sysadminctl', '-deleteUser', 'owner',
+                                           stderr: "User owner can not be deleted (it's either last admin user or last secure token user neither of which can be deleted)", exitstatus: 0)
+    end
+  end
+
+  recipe do
+    macos_user 'owner' do
+      action :delete
+    end
+  end
+
+  it 'raises an error' do
+    expect { subject }.to raise_error(RuntimeError, /can not be deleted/)
+  end
+end

test/cookbooks/macos_test/recipes/users.rb

@@ -34,7 +34,7 @@ macos_user 'create hidden user' do
 end
 
 macos_user 'create user with secure token' do
-  username 'jung'
+  username 'carl'
   password 'philemon'
   secure_token true
   existing_token_auth({ username: 'vagrant', password: 'vagrant' })

test/integration/default/controls/users_and_groups_test.rb

@@ -114,11 +114,11 @@ control 'secure-token-user' do
   title 'added with a secure token but then removed'
   desc 'Verify the user initially added with a secure token does not have one'
 
-  describe user('jung') do
+  describe user('carl') do
     it { should exist }
   end
 
-  describe command('sysadminctl -secureTokenStatus jung') do
+  describe command('sysadminctl -secureTokenStatus carl') do
     its('stderr') { should include 'ENABLED' }
   end