Release/3.0 (#193)

* update syntax in ard_test.rb, added mojave test suites, removed test suites for el capitan

* Add deprecation notice for the machine_name resource (#146)

* bump version to 3.0 for release branch

* Drop chef13 support in .kitchen.yml

* Remove machine_name resource in favor of hostname resource in Chef14 (#145)

* update syntax in ard_test.rb, added mojave test suites, removed test suites for el capitan

* update inspec tests

* remove live_stream option

* Remove machine name custom resource and related tests

* Add deprecation notice for the machine_name resource (#146)

* Add spotlight spec test

* Add back el-cap chef14 platform in .kitchen.yml

* Release 3.0 will not support Chef 13 if this change is implemented

* Remove El Capitan support


Linting

- Remove machine_name resource in favor of hostname resource in Chef14 (#145)
* update syntax in ard_test.rb, added mojave test suites, removed test suites for el capitan
* update inspec tests
* remove live_stream option
* Remove machine name custom resource and related tests
* Add deprecation notice for the machine_name resource (#146)
* Add spotlight spec test
* Add back el-cap chef14 platform in .kitchen.yml
* Release 3.0 will not support Chef 13 if this change is implemented
- Remove El Capitan support
- Remove useless assignment in security_test
- Enable password hash unit test
- Markdown linting
- Fix headers
- Remove dollar signs from code blocks that do not include output
- Update 10.13.3 to 10.13.6

* Bump supported Chef version in metadata.rb to 14

* Remove machine_name resource documentation

* Add Azure Pipelines YAML (#185)

* Remove duplicate .gitignore from test cookbook

* Add azure-pipelines YAML with Chef unit/lint job

* Add suites and update kitchen.yml name

* Add pipelines YAML to chefignore

* Add parameter input for kitchenFile

* Remove branch ref for templates repository

* Remove Xcode recipe, tests, and documentation (#187)

* Remove default recipe and fix ChefSpec test for disable_software_updates recipe (#186)

* Delete default recipe and related spec

* Fix failing ChefSpec test for disable_software_updates recipe

* remove default Xcode version attribute

* set test recipe Xcode version

* Remove disable_software_updates recipe, related tests, and documentation (#188)

* update mailmap

* create readme and resource for macos_automatic_software_updates

* remove vagrant.rb

* change name of resource to automatic_software_updates

* add new automatic_software_updates resource

* add spec test for automatic_software_updates

* change name of resource

* group under one action block

* update spec test to check for app_store

* update property names

* update property names in resource

* update property name in spec test

* update value entry to recieve user inputed property

* add block to test both true and false

* Add Action description to software_update.md

* spec tests with seperate it blocks, work in progress

* uploaded some working tests

* update resource to pass spec tests

* make path to software update plist a variable

* lint and beautify

* create app store plist variable

* add test cases for error handling

* add exception handling for spec test cases

* add error handling to resource to check against bad configs

* add disable_software_updates.rb

* update software_updates_test.rb to include all resource values

* make software-update test suite idempotent

* add more content to resource_software_update.md documentation

* update documentation name

* remove old file

* add example to documentation

* remove disable_software_update recipe

* Revert "remove disable_software_update recipe"

This reverts commit e034db13a8dd349ac2dbc2fe2ec1133da650bdca.

* cookstyle

* add integration test for macos_test disable software update recipe

* update integration test for software update with content

* update README.md

* Revert "update README.md"

This reverts commit f1c2f881b7.

* update README.md

* Update documentation/resource_automatic_software_updates.md

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update documentation/resource_automatic_software_updates.md

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update spec/unit/resources/automatic_software_updates_spec.rb

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update spec/unit/resources/automatic_software_updates_spec.rb

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update spec/unit/resources/automatic_software_updates_spec.rb

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update spec/unit/resources/automatic_software_updates_spec.rb

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update spec/unit/resources/automatic_software_updates_spec.rb

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update spec/unit/resources/automatic_software_updates_spec.rb

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update spec/unit/resources/automatic_software_updates_spec.rb

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update spec/unit/resources/automatic_software_updates_spec.rb

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* Update spec/unit/resources/automatic_software_updates_spec.rb

Co-Authored-By: v-anshie <v-anshie@microsoft.com>

* update spec test plist path entries with variable for cleaner code -Mark Merin

* remove duplicate test file with bad InSpec syntax

* fix indentation, update wording, and add inline image of the preferences

* update wording in documentation

* Replace ard resource with remote_management (#191)

* change class name from ARD to RemoteManagement

* update resource name in test

* update resource name

* update method names

* remote unused actions

* make RemoteManagement a class, static methods

* create remote_management resource to replace ard

* remove configuration action, create contexts to check idempotence

* update test recipe to be more explicit

* update spec to use shared examples and contexts

* add full privs mask to configured? guard

* remove old library spec

* update docs

* remove duplicate conditional checking

* refactor plist to plist_content

* refactor configured? to configured_for_all_users_and_privileges?

* remove parens

* update build yaml to include software-update test suite

* update test suite name in kitchen.yml

* update changelog with 3.0 changes

* fix run_list recipe to look in macos_test folder for recipe

* update run_list for software-updates test suite

* update azure-pipelines.yml test suites list (#192)

* update azure-pipelines.yml test suites list

* Fix test recipe name for software_updates suite

* Update InSpec output file name to match azure pipelines template

* Remove Chef version from platform name

* Remove chefVersion from the matrix strategy

* Revert chefVersion removal from matrix strategy

* Revert "Revert chefVersion removal from matrix strategy"

This reverts commit ac03f78bca.

* fix keychain creation guard preventing multi-converge from passing

* add exclude for url suite

* Revert "add exclude for url suite"

This reverts commit b5ea622077.

* add guard in azure-pipelines.yml for xcode version on sierra platform

* Revert "add guard in azure-pipelines.yml for xcode version on sierra platform"

This reverts commit 5a9460d7bc.

* don't exclude sierra from xcode testing

* add '9.2' version to sierra url install

* update build badge in README.md

* fix typo

* add fix for keychain to changelog

* add removal of machine_name to changelog

* fix caps

* move spotlight resource test to resource folder

* note spotlight test additions

* note removal of default attribute for xcode version

* remove dup lines

* add changelog updates

* add mock data back

* add more mock data back

* Update resource doc links

- Fix broken link for renamed resource
- Remove link to machine_name documentation
- Update formatting to match Chef's resource links

* update xcode doc with auth steps

* officially unofficial

* remove extra lines between properties to match other resources

* update CHANGELOG with correct El Capitan prefix

* install rb-readline gem for pry compatibility with unit test guard

https://github.com/pry/pry/issues/1577

.mailmap

@@ -1,7 +1,11 @@
-Jacob Zaval     <jazava@microsoft.com>
-Eric Hanko      <v-erhank@microsoft.com> Unknown <v-erhank@microsoft.com> <eric.hanko1@gmail.com>
+Andre Shields <v-anshie@microsoft.com>
+Chris Gilbert <v-chgilb@microsoft.com>
+Darío Hereñú <magallania@gmail.com>
+Eammon Hanlon <eahanl@microsoft.com> <eammon.hanlon@microsoft.com>
+Eammon Hanlon  <eahanl@microsoft.com> <eammon.hanlon@gmail.com>
+Eammon Hanlon <eahanl@microsoft.com> <ehanlon@users.noreply.github.com>
+Eammon Hanlon <eahanl@microsoft.com> <eammon.hanlon@outlook.com>
+Eric Hanko <v-erhank@microsoft.com> <eric.hanko1@gmail.com>
+Jacob Zaval <jazava@microsoft.com>
 Mark John Merin <v-mamer@microsoft.com> <33106688+mjmerin@users.noreply.github.com>
-Ryan Dominguez  <v-rydom@microsoft.com>
-Eammon Hanlon   <eammon.hanlon@outlook.com> Unknown <eammon.hanlon@microsoft.com> <eahanl@microsoft.com> <eammon.hanlon@gmail.com> <ehanlon@users.noreply.github.com>
-Andre Shelds    <v-anshie@microsoft.com> v-anshie <v-anshie@microsoft.com>
-Darío Hereñú    <magallania@gmail.com>
+Ryan Dominguez <v-rydom@microsoft.com>

CHANGELOG.md

@@ -1,5 +1,26 @@
 # Changelog
 
+## [3.0.0] - 2019-02-28
+
+### Added
+- Added `automatic_software_updates` resource to enable or disable the automatic checking, downloading, and installing of software updates.
+- Added `azure-pipelines.yml` to allow for managing builds as code.
+- Added some resource unit tests for `spotlight` to complement the existing `metadata_util` tests.
+
+### Changed
+- Changed the `ard` resource to `remote_management` and updates applicable tests and documentation. The new `remote_management` resource greatly simplifies syntax and reduces the needed macOS domain knowledge around `kickstart` options. However, it has less functionality than `ard` and is a significant breaking change.
+
+### Fixed
+- Fixed .mailmap file to accurately track contributor emails.
+- Fixed guard in the `keychain` resource for the `:create` action.
+
+### Removed
+- Adiós, Captain! We no longer support OS X El Capitan or Chef 13.
+- Removed `machine_name` resource along with respective tests and documentation in favor of the `hostname` resource in Chef 14.
+- Removed `xcode` recipe along with respective tests, documentation and node attributes in favor of `command_line_tools` resource which was released in 2.10.0.
+- Removed `disable_software_updates` recipe along with respective tests and documentation in favor of `automatic_software_updates` resource.
+- Removed `default` recipe - it was empty anyway. 
+
 ## [2.10.1] - 2019-01-29
 
 ### Fixed

Gemfile

@@ -7,4 +7,5 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 group :development do
   gem 'guard', require: false
   gem 'guard-rspec', require: false
+  gem 'rb-readline', require: false
 end

README.md

@@ -1,6 +1,6 @@
 # macOS Cookbook
 
-[![Build status](https://dev.azure.com/office/APEX/_apis/build/status/lab/cookbooks/macos?branchName=master)](https://dev.azure.com/office/APEX/_build/latest?definitionId=2143)
+[![Build Status](https://dev.azure.com/office/OE/_apis/build/status/Microsoft.macos-cookbook?branchName=master)](https://dev.azure.com/office/OE/_build/latest?definitionId=5072&branchName=master)
 
 Chef resources and recipes for managing and provisioning macOS.
 
@@ -13,12 +13,10 @@ Chef resources and recipes for managing and provisioning macOS.
 
 ## Supported Chef Versions
 
-- Chef 13
 - Chef 14
 
 ## Supported OS Versions
 
-- OS X El Capitan 10.11
 - macOS Sierra 10.12
 - macOS High Sierra 10.13
 - macOS Mojave 10.14
@@ -38,14 +36,6 @@ should be an admin user with passwordless super-user rights.
 
 ## Recipes
 
-### Disable Software Updates
-
-Disables automatic checking and downloading of software updates.
-
-**Usage:** `include_recipe 'macos::disable_software_updates'`
-
-No attributes used in this recipe.
-
 ### Keep Awake
 
 Prevent macOS from falling asleep, disable the screensaver, reboot upon power failure,
@@ -60,46 +50,14 @@ to always keep macOS on and available.
 | `node['macos']['network_time_server']`  | `'time.windows.com'`    |
 | `node['macos']['time_zone']`            | `'America/Los_Angeles'` |
 
-### Xcode
-
-Installs the latest Xcode the platform supports. See the [Xcode resource documentation](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_xcode.md) if you need
-more flexibility.
-
-:warning: Requires a `credentials` data bag containing an `apple_id` data bag item,
-or a user/password pair set under `node['macos']['apple_id']`.
-
-**Usage:** `include_recipe 'macos::xcode'`
-
-| Attributes used                                        | Default value |
-|--------------------------------------------------------|---------------|
-| `node['macos']['xcode']['version']`                    | `'9.3'`       |
-| `node['macos']['xcode']['simulator']['major_version']` | `nil`         |
-| `node['macos']['apple_id']['user']`                    | `nil`         |
-| `node['macos']['apple_id']['password']`                | `nil`         |
-
-## Data Bags
-
-The `macos::xcode` recipe can utilize a `credentials` data bag with an `apple_id`
-data bag item. The item should contain valid Apple ID credentials. For example:
-
-**Example:**
-
-```json
-{
-  "id": "apple_id",
-  "apple_id": "farva@spurbury.gov",
-  "password": "0k@yN0cR34m"
-}
-```
-
 ## Resources
 
-- [ARD (Apple Remote Desktop)](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_ard.md)
-- [Certificate (security)](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_certificate.md)
-- [Xcode Command Line Tools](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_command_line_tools.md)
-- [Keychain (security)](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_keychain.md)
-- [Machine Name](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_machine_name.md)
-- [macOS User (sysadminctl)](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_macos_user.md)
-- [Plist](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_plist.md)
-- [Spotlight (mdutil)](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_spotlight.md)
-- [Xcode](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_xcode.md)
+- [`automatic_software_updates`](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_automatic_software_updates.md)
+- [`certificate`](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_certificate.md)
+- [`command_line_tools`](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_command_line_tools.md)
+- [`keychain`](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_keychain.md)
+- [`macos_user`](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_macos_user.md)
+- [`plist`](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_plist.md)
+- [`remote_management`](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_remote_management.md)
+- [`spotlight`](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_spotlight.md)
+- [`xcode`](https://github.com/Microsoft/macos-cookbook/blob/master/documentation/resource_xcode.md)

TESTING.md

@@ -5,64 +5,52 @@
 - [Integration tests](#integration-tests)
 - [Rake Tasks](#rake-tasks)
 
+## Requirements
+
+- [ChefDK](https://downloads.chef.io/chefdk)
+- [Vagrant](https://www.vagrantup.com/)
+- [Packer](https://www.packer.io/)
+- A supported macOS hypervisor:
+  - [Parallels](https://www.parallels.com/landingpage/pd/general/)
+  - [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
+  - [VMWare Fusion](https://www.vmware.com/products/fusion.html)
+
 ## Syntax and style
 
-### Requirements:
-
-- `cookstyle` and `foodcritic` (both are shipped with the [ChefDK](https://downloads.chef.io/chefdk))
-
-### Running the tests
+- `cookstyle` and `foodcritic`
 
 Syntax testing is pretty straight forward. At the root of the cookbook, run:
 
 ```shell
-$ cookstyle
-```
-
-and
-
-```
-$ foodcritic .
+cookstyle
+foodcritic .
 ```
 
 ## Unit tests
 
-### Requirements:
-
-- [RSpec](http://rspec.info/)
-- [ChefDK](https://downloads.chef.io/chefdk) (optional)
-
 For unit tests, we focus on testing the library files, which are written
 in pure Ruby and tested with RSpec. The library files contain most of the core
 business logic for each of the custom resources and are used as either mixins
 for the custom resources or contain classes that act as helpers, except with
 explicit namespacing. Some libary files are heavily unit tested, others are definitely
-missing much-needed unit test coverage.
-
-### Running the tests
+missing much-needed unit test coverage. The following command syntax assumes
+you've made the ChefDK `rspec` your default by running `chef shell-init bash`
+(https://docs.chef.io/ctl_chef.html#chef-shell-init)
 
 Clone this repo and in the root of the cookbook, run:
 
 ```shell
-$ rspec spec
+rspec spec
 ```
 
 To run the unit tests in a specific file:
 
 ```shell
-$ rspec spec/unit/libraries/xcode_spec.rb
+rspec spec/unit/libraries/xcode_spec.rb
 ```
 
 ## Integration tests
 
-###  Requirements:
-
-- [ChefDK](https://downloads.chef.io/chefdk)
-- A virtual machine provider (we use [Parallels](https://www.parallels.com/landingpage/pd/general/), but [VirtualBox](https://www.virtualbox.org/wiki/Downloads) or [VMWare Fusion](https://www.vmware.com/products/fusion.html) should be fine)
-- [Vagrant](https://www.vagrantup.com/)
-- macOS Vagrant base boxes running (we're currently testing 10.11.6, 10.12.6, and 10.13.3)
-- [Packer](https://www.packer.io/) (recommended for box building)
-
 For integration tests, we test custom resources using a test cookbook, found in
 [`test/cookbooks/macos_test`](https://github.com/Microsoft/macos-cookbook/tree/master/test/cookbooks/macos_test).
 In general, each of the custom resources is used in a corresponding test recipe,
@@ -97,14 +85,13 @@ a few issues that need to be addressed before doing so.
 Once you have finished building and "adding" your box (with `vagrant box add`),
 you'll need to modify the `.kitchen.yml`. The only modifications you should
 need to make are replacing our box names with yours. For example, you would
-replace `apex/macos-10.13.3` with `my_high_sierra_box`. To double check the
+replace `apex/macos-10.13.6` with `my_high_sierra_box`. To double check the
 available boxes and their names, execute `vagrant box list`. For example:
 
 ```shell
 $ vagrant box list
-apex/macos-10.11.6 (parallels, 1.0.0)
 apex/macos-10.12.6 (parallels, 2.0.0)
-apex/macos-10.13.3 (parallels, 1.1.0)
+apex/macos-10.13.6 (parallels, 1.1.0)
 ```
 
 Next, make sure you're in the macOS cookbook root and run `kitchen list` to view
@@ -113,18 +100,14 @@ the available instances. It should look something like this:
 ```shell
 $ kitchen list
 Instance                      Driver   Provisioner  Verifier  Transport  Last Action    Last Error
-default-apex-macos-10133      Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
+default-apex-macos-10136      Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
 default-apex-macos-10126      Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
-default-apex-macos-10116      Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
-xcode-apex-macos-10133        Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
+xcode-apex-macos-10136        Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
 xcode-apex-macos-10126        Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
-xcode-apex-macos-10116        Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
-spotlight-apex-macos-10133    Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
+spotlight-apex-macos-10136    Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
 spotlight-apex-macos-10126    Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
-spotlight-apex-macos-10116    Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
-certificate-apex-macos-10133  Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
+certificate-apex-macos-10136  Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
 certificate-apex-macos-10126  Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
-certificate-apex-macos-10116  Vagrant  ChefZero     Inspec    Ssh        <Not Created>  <None>
 ```
 
 The `kitchen list` command serves as a nearly-perfect way to validate the
@@ -133,16 +116,15 @@ run `kitchen help COMMAND` for help on a specific subcommand. When you're ready,
 run `kitchen test`.
 
 ```shell
-$ kitchen test
+kitchen test
 ```
 
 `kitchen` supports using regular expressions to only run a specific instance.
 For example:
 
 ```shell
-$ kitchen test 1011 # test all the suites on 10.11 only
-$ kitchen test xcode # test the xcode suite on all versions
-$ kitchen test default.*101[23] # only test default suites on 10.12 and 10.13
+kitchen test xcode # test the xcode suite on all versions
+kitchen test default.*101[23] # only test default suites on 10.12 and 10.13
 ```
 
 macOS takes a little while to boot and the suites themselves (especially Xcode)

attributes/default.rb

@@ -1,8 +1,6 @@
 default['macos']['admin_user'] = 'vagrant'
 default['macos']['admin_password'] = 'vagrant'
 
-default['macos']['xcode']['version'] = '10.1'
-
 default['macos']['remote_login_enabled'] = true
 
 default['macos']['network_time_server'] = 'time.windows.com'

azure-pipelines.yml

@@ -0,0 +1,69 @@
+name: $(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
+
+trigger:
+  batch: true
+  branches:
+    include:
+    - master
+    - release/*
+    - hotfix/*
+  paths:
+    exclude:
+    - documentation/*
+    - LICENSE
+    - README.md
+    - CHANGELOG.md
+    - TESTING.md
+    - CONTRIBUTING.md
+    - .mailmap
+    - .rubocop.yml
+    - .gitignore
+    - chefignore
+
+pr:
+  branches:
+    include:
+    - master
+    - release/*
+  paths:
+    exclude:
+    - documentation/*
+    - LICENSE
+    - README.md
+    - CHANGELOG.md
+    - TESTING.md
+    - CONTRIBUTING.md
+    - .mailmap
+    - .rubocop.yml
+    - .gitignore
+    - chefignore
+
+resources:
+  repositories:
+  - repository: templates
+    type: git
+    name: chef-pipelines-templates
+
+jobs:
+- template: common.yml@templates
+  parameters:
+    kitchenFile: kitchen.yml
+    platforms:
+    - sierra
+    - high-sierra
+    - mojave
+    suites:
+    - certificate
+    - command-line-tools
+    - default
+    - delete-users
+    - keychain
+    - power-management
+    - remote-access
+    - software-updates
+    - spotlight
+    - users
+    - xcode-from-apple
+    - xcode-from-url
+    chefVersion:
+    - chef14

chefignore

@@ -65,6 +65,7 @@ Rakefile
 .foodcritic
 .codeclimate.yml
 .delivery
+azure-pipelines.yml
 
 # SCM #
 #######

documentation/resource_ard.md

@@ -1,133 +0,0 @@
-ard
-===
-
-Use the **ard** resource to manage the "Remote Management" settings, found in System
-Preferences > Sharing > Remote Management. Under the hood, the [**ard**](https://github.com/Microsoft/macos-cookbook/blob/master/resources/ard.rb) resource
-executes the `kickstart` command, located in ARDAgent.app (one of macOS' "core services").
-
-Syntax
-------
-
-The **ard** resource block declares a basic description of the command configuration
-and a set of properties depending on the actions executed. For example:
-
-```ruby
-ard 'activate and configure ard' do
-  action [:activate, :configure]
-end
-```
-
-where
-
-- `:activate` activates the ARD agent
-- `:configure` configures the agent using the `kickstart` default commandline arguments.
-
-The default `:configure` action is equivalent to the following
-**System Preferences > Sharing** settings:
-
-![Sharing Preferences](sharing_preferences.png)
-
-The full syntax for all of the properties that are available to the **ard**
-resource is:
-
-```ruby
-ard 'description' do
-  install_package                String
-  uninstall_options              Array # defaults to ['-files', '-settings', '-prefs'] if not specified
-  restart_options                Array # defaults to ['-agent', '-console', '-menu'] if not specified
-  users                          Array
-  privs                          Array # defaults to ['-all'] if not specified
-  access                         String # defaults to '-on' if not specified
-  allow_access_for               String # defaults to '-allUsers' if not specified
-  computerinfo                   Array
-  clientopts                     Array
-  action                         Symbol # defaults to [:activate, :configure] if not specified
-end
-```
-
-:warning: Not all properties are compatible with each action. For example, the
-`uninstall_options` property is only applicable when the `:uninstall` action is used.
-
-Actions
--------
-
-This resource has the following actions:
-
-`:activate`
-
-      Activate the remote desktop agent.
-
-`:deactivate`
-
-      Deactivate the remote desktop agent.
-
-`:uninstall`
-
-      Uninstall a package from another remotely
-managed Mac.
-
-`:stop`
-
-      Stop the agent.
-
-`:restart`
-
-      Restart the remote desktop agent.
-
-`:configure`
-
-      Configure the setup of the remote desktop
-agent using the default options.
-
-Properties
-----------
-
-`install_package`
-
-      **Ruby Type:** `String`
-
-`uninstall_options`
-
-      **Ruby type:** `Array`
-
-      default options: `['-files', '-settings', '-prefs']`
-
-`restart_options`
-
-      **Ruby type:** `Array`
-
-      default options: `['-agent', '-console', '-menu']`
-
-`users`
-
-      **Ruby type:** `Array`
-
-`privs`
-
-      **Ruby type:** `Array`
-
-      default: `['-all']`
-
-`access`
-
-      **Ruby type:** `String`
-
-      default: `'-on'`
-
-`allow_access_for`
-
-      **Ruby type:** `String`
-
-      default: `'-allUsers'`
-
-`computerinfo`
-
-      **Ruby type:** `Array`
-
-`clientopts`
-
-      **Ruby type:** `Array`
-
-`action`
-
-      **Ruby type:** `Symbol`

documentation/resource_automatic_software_updates.md

@@ -0,0 +1,82 @@
+automatic_software_updates
+=====
+
+Use the **automatic_software_updates** resource to manage the Automatic Software Update preferences.
+
+The [**automatic_software_updates**](https://github.com/Microsoft/macos-cookbook/blob/master/resources/automatic_software_updates.rb) resource manages the state of the desired software update preference using the **plist** resource to set the values for each individual property.
+
+![Automatic Software Updates](automatic_software_updates.png)
+
+Syntax
+------
+
+The simplest use of the **automatic_software_updates** resource is:
+
+```ruby
+automatic_software_updates "enables automatic check, download, and install of software updates" do
+  check true
+  download true
+  install_os true
+  install_app_store true
+  install_critical true
+end
+```
+
+## Actions
+
+The ``automatic_software_updates`` resource has the following actions:
+
+``:set``
+
+      Default. Set `plist` attribute to true.
+
+Properties
+----------
+
+`check`
+
+      **Ruby type:** `TrueClass, FalseClass`
+
+      Enable or disable automatic checking of software updates.
+
+`download`
+
+      **Ruby type:** `TrueClass, FalseClass`
+
+      Enable or disable automatic download of software updates. Only applicable if the `check` property is `true`.
+
+`install_os`
+
+      **Ruby type:** `TrueClass, FalseClass`
+
+      Enable or disable automatic install of OS updates.
+Only applicable if the `download` property is `true`.
+
+`install_critical`
+
+      **Ruby type:** `TrueClass, FalseClass`
+
+      Enable or disable automatic install of critical updates.
+Only applicable if the `check` property is enabled
+
+`install_app_store`
+
+      **Ruby type:** `TrueClass, FalseClass`
+
+      Enable or disable automatic install of application updates from the app store.
+Only applicable if the `download` property is `true`.
+
+Examples
+----------
+
+**Enable automatic checking of software updates**
+
+```ruby
+automatic_software_updates "enable automatic checking of software updates" do
+  check true
+  download false
+  install_os false
+  install_app_store false
+  install_critical false
+end
+```

documentation/resource_machine_name.md

@@ -1,87 +0,0 @@
-machine_name
-============
-
-Use the [**machine_name**](https://github.com/Microsoft/macos-cookbook/blob/master/resources/machine_name.rb) resource to manage a machine's name. In theory, the
-`machine_name` resource should yield the same results that setting the
-**Computer Name** field in System Preferences would.
-
-As defined by the `scutil` manual, an individual macOS system has three different
-types of names managed by `scutil`: `ComputerName`, `LocalHostName`, and `HostName`.
-
-A `dns_domain` property can be optionally specified. This will be tacked on to the
-end of the specified `hostname` property to form a fully-qualified domain name
-that the system `HostName` will be set to.
-
-When the state of a `machine_name` resource changes, an `ohai` resource is notified
-to reload; this is so that all name changes are reflected and immediately available
-via the node's normal attributes. Additionally, regardless of the chosen `ComputerName`,
-both `HostName` and `LocalHostName` will be formatted to adhere to [RFC 1034](https://tools.ietf.org/html/rfc1034).
-
-Syntax
-------
-
-A **machine_name** resource block manages a machine's name. The simplest use of
-the **machine_name** resource is:
-
-```ruby
-machine_name "Johnny's MacBookPro"
-```
-
-which would set:
-
-- `ComputerName` to **Johnny's MacBookPro**
-- `LocalHostName` to **Johnnys-MacBookPro**
-- `HostName` to **Johnnys-MacBookPro**
-
-The full syntax for all of the properties that are available to the **machine_name**
-resource is:
-
-```ruby
-machine_name 'description' do
-  computer_name               String # defaults to 'hostname' if not specified
-  local_hostname              String # defaults to 'hostname' if not specified
-  hostname                    String # defaults to the 'name' property if not specified
-  dns_domain                  String
-end
-```
-
-Properties
-----------
-
-`computer_name`
-
-      **Ruby type:** `String`
-
-      The user-friendly name for the system.
-
-`local_hostname`
-
-      **Ruby type:** `String`
-
-      The local (Bonjour) host name.
-
-`hostname`
-
-      **Ruby Type:** `String`
-
-      The name associated with `hostname(1)` and `gethostname(3)`.
-
-`dns_domain`
-
-      **Ruby type:** `String`
-
-      Domain Name System domain name.
-
-Examples
---------
-
-**Set `HostName`, `LocalHostName`, and `ComputerName` to different values**
-
-```ruby
-machine_name 'set computer/hostname' do
-  hostname 'johnnys-macpro'
-  computer_name "Johnny's MacPro"
-  local_hostname "Johnnys-MacPro"
-  dns_domain 'vagrantup.com'
-end
-```

documentation/resource_remote_management.md

@@ -0,0 +1,50 @@
+remote_management
+===
+
+Use the **remote_management** resource to manage the "Remote Management" settings, found in System
+Preferences > Sharing > Remote Management. Under the hood, the [**remote_management**](https://github.com/Microsoft/macos-cookbook/blob/master/resources/remote_management.rb) resource
+executes the `kickstart` command, located in ARDAgent.app (one of macOS' "core services").
+
+Syntax
+------
+
+The **remote_management** resource block declares a basic description of the command configuration
+and an action executed. For example:
+
+```ruby
+remote_management 'enable remote management' do
+  action :enable
+end
+```
+
+where
+
+- `:enable` activates remote management and configures full privileges for all users on the system.
+- `:disable` deactivates the remote management agent and prevents it from activating at boot time.
+
+The default `:enable` action is equivalent to configuring the following
+**System Preferences > Sharing** settings:
+
+![Sharing Preferences](sharing_preferences.png)
+
+The full syntax for all of the properties that are available to the **remote_management**
+resource is:
+
+```ruby
+remote_management 'description' do
+  action                         Symbol # defaults to [:enable] if not specified
+end
+```
+
+Actions
+-------
+
+This resource has the following actions:
+
+`:enable`
+
+      Activate remote management and configure full privileges for all users on the system.
+
+`:disable`
+
+      Deactivate the remote management agent and prevent it from activating at boot time.

documentation/resource_xcode.md

@@ -60,6 +60,31 @@ directory for the node.
       Download and install latest major version
 of iOS simulators declared in `ios_simulators`.
 
+## Authentication with Apple
+
+In order to install Xcode directly from Apple, you'll need to provide a AppleID for an active developer account. There are two methods to do so:
+
+The `xcode` resource can utilize a `credentials` data bag with an `apple_id` data bag item.
+
+**Example:**
+
+```json
+{
+  "id": "apple_id",
+  "apple_id": "farva@spurbury.gov",
+  "password": "0k@yN0cR34m"
+}
+```
+
+The `xcode` resource can also utilize an AppleID set (preferably at run-time for security) under the node attributes `node['macos']['apple_id']['apple_id']` and `node['macos']['apple_id']['password']`.
+
+**Example:**
+
+```ruby
+node['macos']['apple_id']['apple_id'] = 'farva@spurbury.gov'
+node['macos']['apple_id']['password'] = '0k@yN0cR34m'
+```
+
 Examples
 --------
 

kitchen.yml

@@ -17,27 +17,6 @@ verifier:
   - test/integration/default
 
 platforms:
-- name: el-capitan-chef13
-  driver:
-    box: microsoft/os-x-el-capitan
-    version: 10.11.6
-  provisioner:
-    product_version: 13
-
-- name: el-capitan-chef14
-  driver:
-    box: microsoft/os-x-el-capitan
-    version: 10.11.6
-  provisioner:
-    product_version: 14
-
-- name: sierra-chef13
-  driver:
-    box: microsoft/macos-sierra
-    version: 10.12.6
-  provisioner:
-    product_version: 13
-
 - name: sierra-chef14
   driver:
     box: microsoft/macos-sierra
@@ -45,13 +24,6 @@ platforms:
   provisioner:
     product_version: 14
 
-- name: high-sierra-chef13
-  driver:
-    box: microsoft/macos-high-sierra
-    version: 10.13.6-v2
-  provisioner:
-    product_version: 13
-
 - name: high-sierra-chef14
   driver:
     box: microsoft/macos-high-sierra
@@ -59,17 +31,10 @@ platforms:
   provisioner:
     product_version: 14
 
-- name: mojave-chef13
-  driver:
-    box: microsoft/macos-mojave
-    version: 10.14.2
-  provisioner:
-    product_version: 13
-
 - name: mojave-chef14
   driver:
     box: microsoft/macos-mojave
-    version: 10.14.2
+    version: 10.14.3
   provisioner:
     product_version: 14
 
@@ -78,15 +43,22 @@ suites:
   provisioner:
     enforce_idempotency: true
   run_list:
-  - recipe[macos::disable_software_updates]
   - recipe[macos_test::preferences]
   verifier:
     controls:
     - dock-appearance
     - show-all-files
-    - updates-disabled
     - plist-creation
 
+- name: software-updates
+  provisioner:
+    enforce_idempotency: true
+  run_list:
+  - recipe[macos_test::disable_software_updates]
+  verifier:
+    controls:
+    - updates-disabled
+
 - name: power-management
   provisioner:
     enforce_idempotency: true
@@ -98,13 +70,6 @@ suites:
     - remote-administration
     - no-sleep
 
-- name: machine-name
-  run_list:
-  - recipe[macos_test::machine_name]
-  verifier:
-    controls:
-    - nonstandard-computer-name
-
 - name: spotlight
   provisioner:
     enforce_idempotency: true
@@ -132,8 +97,6 @@ suites:
     controls:
     - xcode-and-simulators
     - command-line-tool-sentinel
-  excludes:
-  - sierra-chef14
 
 - name: command-line-tools
   run_list:

libraries/ard.rb

@@ -1,39 +0,0 @@
-include Chef::Mixin::ShellOut
-
-module MacOS
-  module ARD
-    def ard_already_activated?
-      ::File.exist?('/Library/Application Support/Apple/Remote Desktop/RemoteManagement.launchd')
-    end
-
-    def ard_already_configured?(configure_options)
-      return false unless configure_options == ['-allowAccessFor -allUsers', '-access -on', '-privs -all']
-      remote_management_plist.include?('ARD_AllLocalUsers = true') && remote_management_plist.include?(all_privileges)
-    end
-
-    def remote_management_plist
-      shell_out('/usr/libexec/PlistBuddy -c Print /Library/Preferences/com.apple.RemoteManagement.plist').stdout
-    end
-
-    def all_privileges
-      # user_has_access  = 1 << 31
-      text_messages    = 1 << 0
-      control_observe  = 1 << 1
-      send_files       = 1 << 2
-      delete_files     = 1 << 3
-      generate_reports = 1 << 4
-      open_quit_apps   = 1 << 5
-      change_settings  = 1 << 6
-      restart_shutdown = 1 << 7
-      # observe_only     = 1 << 8
-      show_observe     = 1 << 30
-
-      (text_messages | control_observe | send_files |
-        delete_files | generate_reports | open_quit_apps |
-        change_settings | restart_shutdown | show_observe).to_s
-    end
-  end
-end
-
-Chef::Recipe.include(MacOS::ARD)
-Chef::Resource.include(MacOS::ARD)

libraries/machine_name.rb

@@ -1,56 +0,0 @@
-module MacOS
-  module MachineName
-    def conform_to_dns_standards(hostname)
-      hostname.tr(' _', '-')
-              .tr(special_chars, '')
-              .strip_chars('-_' + special_chars)[0, 63]
-    end
-
-    def get_name(name_type)
-      valid_names = %w(LocalHostName HostName ComputerName)
-      Chef::Application.fatal! "Name type must be one of #{valid_names}. We got '#{name_type}'." unless valid_names.include? name_type
-      command = shell_out scutil, '--get', name_type
-
-      command.nil? ? '' : command.stdout.chomp
-    end
-
-    def current_hostname
-      split_hostname.first
-    end
-
-    def current_dns_domain
-      return '' if split_hostname.empty?
-
-      dns_domain = split_hostname.length - 1
-      split_hostname.last(dns_domain).join '.'
-    end
-
-    private
-
-    def split_hostname
-      hostname = get_name 'HostName'
-      hostname.split '.'
-    end
-
-    def special_chars
-      '!\"\#$%&\'()*+,./:;<=>?'
-    end
-
-    def scutil
-      '/usr/sbin/scutil'
-    end
-  end
-end
-
-module CharStripper
-  def strip_chars(chars)
-    chars = Regexp.escape(chars)
-    gsub(/^[#{chars}]+|[#{chars}]+$/, '')
-  end
-end
-
-String.include CharStripper
-
-Chef::Recipe.include MacOS::MachineName
-Chef::Resource.include MacOS::MachineName
-Chef::DSL::Recipe.include MacOS::MachineName

libraries/remote_management.rb

@@ -0,0 +1,39 @@
+include Chef::Mixin::ShellOut
+
+module MacOS
+  class RemoteManagement
+    class << self
+      def activated?
+        ::File.exist? '/Library/Application Support/Apple/Remote Desktop/RemoteManagement.launchd'
+      end
+
+      def configured_for_all_users_and_privileges?
+        RemoteManagement.plist_content.include?('ARD_AllLocalUsers = true') &&
+          RemoteManagement.plist_content.include?(full_privileges)
+      end
+
+      def plist_content
+        shell_out('/usr/libexec/PlistBuddy -c Print /Library/Preferences/com.apple.RemoteManagement.plist').stdout
+      end
+
+      def full_privileges
+        text_messages    = 1 << 0
+        control_observe  = 1 << 1
+        send_files       = 1 << 2
+        delete_files     = 1 << 3
+        generate_reports = 1 << 4
+        open_quit_apps   = 1 << 5
+        change_settings  = 1 << 6
+        restart_shutdown = 1 << 7
+        show_observe     = 1 << 30
+
+        (text_messages | control_observe | send_files |
+          delete_files | generate_reports | open_quit_apps |
+          change_settings | restart_shutdown | show_observe).to_s
+      end
+    end
+  end
+end
+
+Chef::Recipe.include(MacOS)
+Chef::Resource.include(MacOS)

metadata.rb

@@ -4,8 +4,8 @@ maintainer_email 'chef@microsoft.com'
 license 'MIT'
 description 'Resources for configuring and provisioning macOS'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-chef_version '>= 13.0' if respond_to?(:chef_version)
-version '2.10.1'
+chef_version '>= 14.0' if respond_to?(:chef_version)
+version '3.0.0'
 
 source_url 'https://github.com/Microsoft/macos-cookbook'
 issues_url 'https://github.com/Microsoft/macos-cookbook/issues'

recipes/disable_software_updates.rb

@@ -1,18 +0,0 @@
-plist 'disable automatic software update downloads' do
-  path '/Library/Preferences/com.apple.SoftwareUpdate.plist'
-  entry 'AutomaticDownload'
-  value false
-end
-
-sleep 10 if node['platform_version'].match?(/10\.11/)
-
-plist 'disable automatic software update check' do
-  path '/Library/Preferences/com.apple.SoftwareUpdate.plist'
-  entry 'AutomaticCheckEnabled'
-  value false
-end
-
-execute 'disable software updates using commandline utility' do
-  command [software_update_command, '--schedule', 'off']
-  not_if { automatic_check_disabled? }
-end

recipes/xcode.rb

@@ -1,24 +0,0 @@
-if mac_os_x_after_sierra?
-  execute 'Disable Gatekeeper' do
-    command ['spctl', '--master-disable']
-  end
-
-  xcode node['macos']['xcode']['version']
-
-elsif mac_os_x_sierra?
-  execute 'Disable Gatekeeper' do
-    command ['spctl', '--master-disable']
-  end
-
-  xcode '9.2' do
-    ios_simulators %w(11 10)
-  end
-
-elsif mac_os_x_el_capitan?
-  xcode '8.2.1' do
-    ios_simulators %w(10 9)
-  end
-
-else
-  raise "#{node['platform_version']} is not supported."
-end

resources/ard.rb

@@ -1,78 +0,0 @@
-resource_name :ard
-default_action %i(activate configure)
-
-BASE_COMMAND = '/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart'.freeze
-
-property :install_package, String
-property :uninstall_options, Array, default: ['-files', '-settings', '-prefs']
-property :restart_options, Array, default: ['-agent', '-console', '-menu']
-
-property :users, Array
-property :privs, Array, default: ['-all']
-property :access, String, default: '-on'
-property :allow_access_for, String, default: '-allUsers'
-property :computerinfo, Array
-property :clientopts, Array
-
-action :activate do
-  execute BASE_COMMAND do
-    command "#{BASE_COMMAND} -activate"
-    not_if { ard_already_activated? }
-  end
-end
-
-action :deactivate do
-  execute BASE_COMMAND do
-    command "#{BASE_COMMAND} -deactivate"
-  end
-end
-
-action :install do
-  execute BASE_COMMAND do
-    command "#{BASE_COMMAND} -install #{new_resource.install_package}"
-  end
-end
-
-action :uninstall do
-  execute BASE_COMMAND do
-    command "#{BASE_COMMAND} -uninstall #{new_resource.uninstall_options.join(' ')}"
-  end
-end
-
-action :stop do
-  execute BASE_COMMAND do
-    command "#{BASE_COMMAND} -stop"
-  end
-end
-
-action :restart do
-  execute BASE_COMMAND do
-    command "#{BASE_COMMAND} -restart #{new_resource.restart_options.join(' ')}"
-  end
-end
-
-action :configure do
-  configure_options = []
-  if new_resource.users
-    configure_options.insert(0, "-users #{new_resource.users.join(',')}")
-  end
-  if new_resource.privs
-    configure_options.insert(0, "-privs #{new_resource.privs.join(' ')}")
-  end
-  if new_resource.access
-    configure_options.insert(0, "-access #{new_resource.access}")
-  end
-  if new_resource.allow_access_for
-    configure_options.insert(0, "-allowAccessFor #{new_resource.allow_access_for}")
-  end
-  if new_resource.computerinfo
-    configure_options.insert(0, "-computerinfo #{new_resource.computerinfo.join(' ')}")
-  end
-  if new_resource.clientopts
-    configure_options.insert(0, "-clientopts #{new_resource.clientopts.join(' ')}")
-  end
-  execute BASE_COMMAND do
-    command "#{BASE_COMMAND} -configure #{configure_options.join(' ')}"
-    not_if { ard_already_configured?(configure_options) }
-  end
-end

resources/automatic_software_updates.rb

@@ -0,0 +1,54 @@
+resource_name :automatic_software_updates
+
+property :check, [TrueClass, FalseClass]
+property :download, [TrueClass, FalseClass]
+property :install_os, [TrueClass, FalseClass]
+property :install_app_store, [TrueClass, FalseClass]
+property :install_critical, [TrueClass, FalseClass]
+
+software_update_plist = '/Library/Preferences/com.apple.SoftwareUpdate.plist'
+app_store_plist = '/Library/Preferences/com.apple.commerce.plist'
+
+action :set do
+  unless new_resource.check
+    if new_resource.download
+      raise "No other properties of this resource can be true if 'check' is false"
+    end
+  end
+
+  unless new_resource.download
+    if new_resource.install_os || new_resource.install_app_store
+      raise "OS or App Store updates cannot be enabled if 'download' is false"
+    end
+  end
+
+  plist 'entry for AutomaticCheckEnabled' do
+    entry 'AutomaticCheckEnabled'
+    value new_resource.check
+    path software_update_plist
+  end
+
+  plist 'entry for AutomaticDownload' do
+    entry 'AutomaticDownload'
+    value new_resource.download
+    path software_update_plist
+  end
+
+  plist 'entry for CriticalUpdateInstall' do
+    entry 'CriticalUpdateInstall'
+    value new_resource.install_critical
+    path software_update_plist
+  end
+
+  plist 'entry for AutomaticallyInstallMacOSUpdates' do
+    entry 'AutomaticallyInstallMacOSUpdates'
+    value new_resource.install_os
+    path software_update_plist
+  end
+
+  plist 'entry for AutoUpdate' do
+    entry 'AutoUpdate'
+    value new_resource.install_app_store
+    path app_store_plist
+  end
+end

resources/keychain.rb

@@ -15,7 +15,7 @@ action :create do
 
   execute 'create a keychain' do
     command [*keyc.create_keychain(new_resource.kc_passwd)]
-    not_if { ::File.exist?(keychain) }
+    not_if { ::File.exist? keychain + '-db' }
   end
 end
 

resources/machine_name.rb

@@ -1,49 +0,0 @@
-resource_name :machine_name
-
-deprecated 'The `machine_name` resource is deprecated, and will be removed in the release of v3.0 of the macOS cookbook.'
-
-property :hostname, [String, nil], desired_state: true, coerce: proc { |name| conform_to_dns_standards(name) }, name_property: true
-property :computer_name, String, desired_state: true
-property :local_hostname, [String, nil], desired_state: true, coerce: proc { |name| conform_to_dns_standards(name) }
-property :dns_domain, [String, nil], desired_state: false
-
-load_current_value do
-  hostname current_hostname
-  dns_domain current_dns_domain
-  computer_name get_name('ComputerName')
-  local_hostname get_name('LocalHostName')
-end
-
-action :set do
-  new_resource.property_is_set?(:computer_name) ? new_resource.computer_name : new_resource.computer_name = new_resource.hostname
-  new_resource.property_is_set?(:local_hostname) ? new_resource.local_hostname : new_resource.local_hostname = new_resource.hostname
-
-  converge_if_changed :hostname do
-    converge_by 'set Hostname' do
-      fqdn = new_resource.property_is_set?(:dns_domain) ? [new_resource.hostname, new_resource.dns_domain].join('.') : new_resource.hostname
-      execute [scutil, '--set', 'HostName', fqdn] do
-        notifies :reload, 'ohai[reload ohai]'
-      end
-    end
-  end
-
-  converge_if_changed :computer_name do
-    converge_by 'set ComputerName' do
-      execute [scutil, '--set', 'ComputerName', new_resource.computer_name] do
-        notifies :reload, 'ohai[reload ohai]'
-      end
-    end
-  end
-
-  converge_if_changed :local_hostname do
-    converge_by 'set LocalHostName' do
-      execute [scutil, '--set', 'LocalHostName', new_resource.local_hostname] do
-        notifies :reload, 'ohai[reload ohai]'
-      end
-    end
-  end
-
-  ohai 'reload ohai' do
-    action :nothing
-  end
-end

resources/remote_management.rb

@@ -0,0 +1,24 @@
+resource_name :remote_management
+default_action :enable
+
+kickstart = '/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart'
+
+action :enable do
+  execute "#{kickstart} -activate" do
+    not_if { RemoteManagement.activated? }
+  end
+
+  execute "#{kickstart} -configure -allowAccessFor -allUsers -access -on -privs -all" do
+    not_if { RemoteManagement.configured_for_all_users_and_privileges? }
+  end
+end
+
+action :disable do
+  execute "#{kickstart} -deactivate" do
+    only_if { RemoteManagement.activated? }
+  end
+
+  execute "#{kickstart} -stop" do
+    only_if { RemoteManagement.activated? }
+  end
+end

spec/spec_helper.rb

@@ -3,7 +3,6 @@ require 'chefspec/berkshelf'
 require 'chef/sugar'
 
 require_relative '../libraries/macos_user'
-require_relative '../libraries/machine_name'
 require_relative '../libraries/metadata_util'
 require_relative '../libraries/plist'
 require_relative '../libraries/system'
@@ -12,7 +11,8 @@ require_relative '../libraries/xcversion'
 require_relative '../libraries/developer_account'
 require_relative '../libraries/command_line_tools'
 require_relative '../libraries/security_cmd'
-require_relative '../libraries/ard'
+require_relative '../libraries/software_updates'
+require_relative '../libraries/remote_management'
 
 RSpec.configure do |config|
   config.platform = 'mac_os_x'

spec/unit/libraries/ard_spec.rb

@@ -1,29 +0,0 @@
-require 'spec_helper'
-include MacOS::ARD
-
-describe MacOS::ARD, '#ard_already_activated?' do
-  context 'when remote management is already enabled' do
-    before do
-      allow(::File).to receive(:exist?)
-        .with('/Library/Application Support/Apple/Remote Desktop/RemoteManagement.launchd')
-        .and_return(true)
-    end
-    it 'returns true' do
-      expect(ard_already_activated?).to be true
-    end
-  end
-end
-
-describe MacOS::ARD, '#ard_already_configured?' do
-  context 'when remote management is already configured for the defaults' do
-    before do
-      allow_any_instance_of(ARD).to receive(:remote_management_plist)
-        .and_return 'Dict { ARD_AllLocalUsersPrivs = 1073742079
-                            allowInsecureDH = true
-                            ARD_AllLocalUsers = true }'
-    end
-    it 'returns true' do
-      expect(ard_already_configured?(['-allowAccessFor -allUsers', '-access -on', '-privs -all'])).to be true
-    end
-  end
-end

spec/unit/libraries/machine_name_spec.rb

@@ -1,50 +0,0 @@
-require 'spec_helper'
-
-include MacOS::MachineName
-
-describe MacOS::MachineName, '#conform_to_dns_standards' do
-  context 'when conforming an already compliant name' do
-    it 'does not change the name' do
-      expect(conform_to_dns_standards('New10134-Washing-Machine')).to eq 'New10134-Washing-Machine'
-    end
-  end
-
-  context 'when conforming name with periods and underscores' do
-    it 'removes periods, replaces underscores with hyphens, and does not touch casing' do
-      expect(conform_to_dns_standards('New10.13.4_Washing_Machine')).to eq 'New10134-Washing-Machine'
-    end
-  end
-
-  context 'when conforming name with two underscores in a row' do
-    it 'all underscores replaced with hyphens' do
-      expect(conform_to_dns_standards('New_Washing_Machine__042')).to eq 'New-Washing-Machine--042'
-    end
-  end
-
-  context 'when conforming that begins or ends with non-alphanumeric characters' do
-    it 'strips the non-alphanumeric characters from beginning and end' do
-      expect(conform_to_dns_standards('--New10.13.4_Washing_Machine__')).to eq 'New10134-Washing-Machine'
-    end
-  end
-
-  context 'when a name contains whitespace and apostraphes' do
-    it 'replaces spaces with hyphens and removes apostraphes' do
-      expect(conform_to_dns_standards("Johnny's MacBookPro")).to eq 'Johnnys-MacBookPro'
-    end
-  end
-
-  context 'when a name contains only symbols and numbers' do
-    it 'sets the name to numbers only' do
-      expect(conform_to_dns_standards("!\"\#$%&'()*+,-./0123456789:;<=>?")).to eq '0123456789'
-    end
-  end
-
-  context 'when conforming a name that is 64 characters or longer' do
-    let(:shortened_name) { conform_to_dns_standards('cCdefSFwH3LnKE7pXKNqlIb2BmAjUplOeL95fHTnQGsovT91DHJuifnEwhzNfqlah4DxUC') }
-
-    it 'shortens the name to 63 characters' do
-      expect(shortened_name).to eq 'cCdefSFwH3LnKE7pXKNqlIb2BmAjUplOeL95fHTnQGsovT91DHJuifnEwhzNfql'
-      expect(shortened_name.length).to eq 63
-    end
-  end
-end

spec/unit/recipes/default_spec.rb

@@ -1,11 +0,0 @@
-require 'spec_helper'
-
-describe 'macos::default' do
-  context 'When all attributes are default, on macOS High Sierra 10.13' do
-    let(:chef_run) { ChefSpec::SoloRunner.new.converge(described_recipe) }
-
-    it 'converges successfully' do
-      expect { chef_run }.to_not raise_error
-    end
-  end
-end

spec/unit/recipes/disable_software_updates_spec.rb

@@ -1,13 +0,0 @@
-require 'spec_helper'
-
-describe 'macos::disable_software_updates' do
-  context 'When all attributes are default, on macOS High Sierra 10.13' do
-    let(:chef_run) { ChefSpec::SoloRunner.new.converge(described_recipe) }
-
-    it 'converges successfully' do
-      allow_any_instance_of(MacOS::SoftwareUpdates).to receive(:automatic_check_disabled?)
-        .and_return(false)
-      expect { chef_run }.to_not raise_error
-    end
-  end
-end

spec/unit/recipes/xcode_spec.rb

@@ -1,20 +0,0 @@
-require 'spec_helper'
-
-describe 'macos::xcode' do
-  context 'Xcode recipe converges successfully' do
-    before(:each) do
-      stub_data_bag_item('credentials', 'apple_id').and_return(
-        apple_id: 'developer@apple.com',
-        password: 'apple_id_password')
-    end
-
-    let(:chef_run) do
-      runner = ChefSpec::SoloRunner.new(platform: 'mac_os_x', version: '10.13')
-      runner.converge(described_recipe)
-    end
-
-    it 'converges successfully' do
-      expect { chef_run }.to_not raise_error
-    end
-  end
-end

spec/unit/resources/automatic_software_updates_spec.rb

@@ -0,0 +1,182 @@
+require 'spec_helper'
+software_update_plist = '/Library/Preferences/com.apple.SoftwareUpdate.plist'
+app_store_plist = '/Library/Preferences/com.apple.commerce.plist'
+describe 'automatic software updates entirely disabled' do
+  step_into :automatic_software_updates
+  platform 'mac_os_x'
+
+  recipe do
+    automatic_software_updates 'disable all updates' do
+      check false
+      download false
+      install_os false
+      install_app_store false
+      install_critical false
+    end
+  end
+
+  it {
+    is_expected.to set_plist('entry for AutomaticCheckEnabled')
+      .with(entry: 'AutomaticCheckEnabled',
+            value: false,
+            path: software_update_plist)
+  }
+
+  it {
+    is_expected.to set_plist('entry for AutomaticDownload')
+      .with(entry: 'AutomaticDownload',
+            value: false,
+            path: software_update_plist)
+  }
+
+  it {
+    is_expected.to set_plist('entry for AutomaticallyInstallMacOSUpdates')
+      .with(entry: 'AutomaticallyInstallMacOSUpdates',
+            value: false,
+            path: software_update_plist)
+  }
+
+  it {
+    is_expected.to set_plist('entry for CriticalUpdateInstall')
+      .with(entry: 'CriticalUpdateInstall',
+            value: false,
+            path: software_update_plist)
+  }
+
+  it {
+    is_expected.to set_plist('entry for AutoUpdate')
+      .with(entry: 'AutoUpdate',
+            value: false,
+            path: app_store_plist)
+  }
+end
+
+describe 'automatic software updates entirely enabled' do
+  step_into :automatic_software_updates
+  platform 'mac_os_x'
+
+  recipe do
+    automatic_software_updates 'enable automatic check, download, and install of all updates' do
+      check true
+      download true
+      install_os true
+      install_app_store true
+      install_critical true
+    end
+  end
+
+  it {
+    is_expected.to set_plist('entry for AutomaticCheckEnabled')
+      .with(entry: 'AutomaticCheckEnabled',
+            value: true,
+            path: software_update_plist)
+  }
+
+  it {
+    is_expected.to set_plist('entry for AutomaticDownload')
+      .with(entry: 'AutomaticDownload',
+            value: true,
+            path: software_update_plist)
+  }
+
+  it {
+    is_expected.to set_plist('entry for AutomaticallyInstallMacOSUpdates')
+      .with(entry: 'AutomaticallyInstallMacOSUpdates',
+            value: true,
+            path: software_update_plist)
+  }
+
+  it {
+    is_expected.to set_plist('entry for CriticalUpdateInstall')
+      .with(entry: 'CriticalUpdateInstall',
+            value: true,
+            path: software_update_plist)
+  }
+
+  it {
+    is_expected.to set_plist('entry for AutoUpdate')
+      .with(entry: 'AutoUpdate',
+            value: true,
+            path: app_store_plist)
+  }
+end
+
+describe 'automatic software update checking disabled but other properties are enabled' do
+  step_into :automatic_software_updates
+  platform 'mac_os_x'
+
+  recipe do
+    automatic_software_updates 'download and install everything but no new updates' do
+      check false
+      download true
+      install_os true
+      install_app_store true
+      install_critical true
+    end
+  end
+
+  it 'raises an error' do
+    expect { subject }.to raise_error(RuntimeError, /No other properties of this resource can be true if 'check' is false/)
+  end
+end
+
+describe 'automatic software update downloading is disabled but installing non-critical updates is enabled' do
+  step_into :automatic_software_updates
+  platform 'mac_os_x'
+
+  recipe do
+    automatic_software_updates 'install OS and App Store updates' do
+      check true
+      download false
+      install_os true
+    end
+  end
+
+  it 'raises an error' do
+    expect { subject }.to raise_error(RuntimeError, /OS or App Store updates cannot be enabled if 'download' is false/)
+  end
+end
+
+describe 'automatic software update downloading is disabled but installing non-critical updates is enabled' do
+  step_into :automatic_software_updates
+  platform 'mac_os_x'
+
+  recipe do
+    automatic_software_updates 'install OS and App Store updates' do
+      check true
+      download false
+      install_app_store true
+    end
+  end
+
+  it 'raises an error' do
+    expect { subject }.to raise_error(RuntimeError, /OS or App Store updates cannot be enabled if 'download' is false/)
+  end
+end
+
+describe 'automatic software update downloading is disabled but installing critical updates is enabled' do
+  step_into :automatic_software_updates
+  platform 'mac_os_x'
+
+  recipe do
+    automatic_software_updates 'only install critical updates' do
+      check true
+      download false
+      install_critical true
+    end
+  end
+
+  it {
+    is_expected.to set_plist('entry for AutomaticCheckEnabled')
+      .with(entry: 'AutomaticCheckEnabled',
+            value: true,
+            path: software_update_plist)
+  }
+
+  it {
+    is_expected.to set_plist('entry for CriticalUpdateInstall')
+      .with(entry: 'CriticalUpdateInstall',
+            value: true,
+            path: software_update_plist)
+  }
+end

spec/unit/resources/remote_management_spec.rb

@@ -0,0 +1,102 @@
+require 'spec_helper'
+
+shared_context 'with remote management enabled' do
+  step_into :remote_management
+  platform 'mac_os_x'
+
+  before do
+    allow(File).to receive(:exist?).and_call_original
+    allow(File).to receive(:exist?)
+      .with('/Library/Application Support/Apple/Remote Desktop/RemoteManagement.launchd')
+      .and_return(true)
+    allow(RemoteManagement).to receive(:plist_content)
+      .and_return 'Dict { ARD_AllLocalUsersPrivs = 1073742079
+                          ARD_AllLocalUsers = true }'
+  end
+end
+
+shared_context 'with remote management disabled' do
+  step_into :remote_management
+  platform 'mac_os_x'
+
+  before do
+    allow(File).to receive(:exist?).and_call_original
+    allow(File).to receive(:exist?)
+      .with('/Library/Application Support/Apple/Remote Desktop/RemoteManagement.launchd')
+      .and_return(false)
+    allow(RemoteManagement).to receive(:plist_content)
+      .and_return ''
+  end
+end
+
+shared_examples 'kickstart activating and configuring the ARD agent' do
+  it { is_expected.to run_execute('/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate') }
+  it { is_expected.to run_execute('/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -allUsers -access -on -privs -all') }
+end
+
+shared_examples 'kickstart deactivating and stopping the ARD agent' do
+  it { is_expected.to run_execute('/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate') }
+  it { is_expected.to run_execute('/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -stop') }
+end
+
+shared_examples 'kickstart not activating or configuring the ARD agent' do
+  it { is_expected.to_not run_execute('/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate') }
+  it { is_expected.to_not run_execute('/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -configure -allowAccessFor -allUsers -access -on -privs -all') }
+end
+
+shared_examples 'kickstart not deactivating or stopping the ARD agent' do
+  it { is_expected.to_not run_execute('/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -deactivate') }
+  it { is_expected.to_not run_execute('/System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -stop') }
+end
+
+describe 'enabling when already disabled' do
+  include_context 'with remote management disabled'
+
+  recipe do
+    remote_management 'enabled' do
+      action :enable
+    end
+  end
+
+  it_behaves_like 'kickstart activating and configuring the ARD agent'
+  it_behaves_like 'kickstart not deactivating or stopping the ARD agent'
+end
+
+describe 'enabling when already enabled' do
+  include_context 'with remote management enabled'
+
+  recipe do
+    remote_management 'enabled' do
+      action :enable
+    end
+  end
+
+  it_behaves_like 'kickstart not activating or configuring the ARD agent'
+  it_behaves_like 'kickstart not deactivating or stopping the ARD agent'
+end
+
+describe 'disabling when already disabled' do
+  include_context 'with remote management disabled'
+
+  recipe do
+    remote_management 'disabled' do
+      action :disable
+    end
+  end
+
+  it_behaves_like 'kickstart not activating or configuring the ARD agent'
+  it_behaves_like 'kickstart not deactivating or stopping the ARD agent'
+end
+
+describe 'disabling when already enabled' do
+  include_context 'with remote management enabled'
+
+  recipe do
+    remote_management 'disabled' do
+      action :disable
+    end
+  end
+
+  it_behaves_like 'kickstart not activating or configuring the ARD agent'
+  it_behaves_like 'kickstart deactivating and stopping the ARD agent'
+end

spec/unit/resources/spotlight_spec.rb

@@ -0,0 +1,19 @@
+require 'spec_helper'
+
+describe 'macos::spotlight' do
+  step_into :spotlight
+
+  context 'Spotlight resource converges successfully' do
+    platform 'mac_os_x', 10.13
+
+    recipe do
+      spotlight 'test' do
+        indexed false
+        searchable false
+        volume '/'
+      end
+    end
+
+    it { is_expected.to run_execute('turn Spotlight indexing off for /') }
+  end
+end

test/cookbooks/macos_test/.gitignore

@@ -1,103 +0,0 @@
-*~
-*#
-.#*
-\#*#
-.*.sw[a-z]
-*.un~
-
-# Bundler
-Gemfile
-Gemfile.lock
-bin/*
-.bundle/*
-
-# test kitchen
-.kitchen/
-.kitchen.local.yml
-
-# Chef
-Berksfile.lock
-.zero-knife.rb
-Policyfile.lock.json
-.autotest
-coverage
-.DS_Store
-pkg/*
-tags
-*/tags
-.chef
-results
-
-# You should check in your Gemfile.lock in applications, and not in gems
-external_tests/*.lock
-/Gemfile.local
-
-# ignore some common Bundler 'binstubs' directory names
-# http://gembundler.com/man/bundle-exec.1.html
-b/
-binstubs/
-.bundle
-# RVM and RBENV ruby version files
-.rbenv-version
-.rvmrc
-.ruby-version
-.ruby-gemset
-
-# IDE files
-.project
-
-# Documentation
-_site/*
-.yardoc/
-doc/
-
-# Kitchen Tests Local Mode Data
-kitchen-tests/nodes/*
-
-# Temporary files present during spec runs
-spec/data/test-dir
-spec/data/nodes
-/config/
-
-# acceptance binstubs
-acceptance/bin/*
-
-vendor/
-acceptance/vendor
-kitchen-tests/vendor
-
-# Visual Studio Code files
-.vscode
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and Webstorm
-.idea
-
-# CMake
-cmake-build-debug/
-
-## File-based project format:
-*.iws
-
-## Plugin-specific files:
-
-# IntelliJ
-out/
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
-# Testing
-*.box
-berks-cookbooks
-Vagrantfile
-.rubocop.yml
-.vagrant
-data_bags

test/cookbooks/macos_test/recipes/disable_software_updates.rb

@@ -0,0 +1,7 @@
+automatic_software_updates 'disabled automatic check and download' do
+  check false
+  download false
+  install_os false
+  install_app_store false
+  install_critical false
+end

test/cookbooks/macos_test/recipes/keychain.rb

@@ -17,7 +17,7 @@ macos_user 'create admin user' do
   action :create
 end
 
-kcfile = '/Users/testuser/Library/Keychains/login.keychain-db'
+kcfile = '/Users/testuser/Library/Keychains/login.keychain'
 
 keychain 'create login keychain' do
   kc_file kcfile

test/cookbooks/macos_test/recipes/machine_name.rb

@@ -1,12 +0,0 @@
-washing_machine_name = 'New' + node['platform_version'] + '_Washing_Machine'
-
-execute 'setting hostname to nil' do
-  command 'sudo scutil --set HostName'
-end
-
-machine_name 'set computer/hostname' do
-  hostname washing_machine_name
-  computer_name washing_machine_name
-  local_hostname washing_machine_name
-  dns_domain 'body-of-swirling-water.com'
-end

test/cookbooks/macos_test/recipes/remote_access.rb

@@ -1 +1,3 @@
-ard 'activate and configure remote management for all users'
+remote_management 'activate and configure remote management for all users' do
+  action :enable
+end

test/cookbooks/macos_test/recipes/xcode_from_apple.rb

@@ -1,5 +1,5 @@
 if mac_os_x_after_sierra?
-  xcode node['macos']['xcode']['version']
+  xcode '10.1'
 
 elsif mac_os_x_sierra?
   xcode '9.2' do

test/cookbooks/macos_test/recipes/xcode_from_url.rb

@@ -1,4 +1,12 @@
-xcode 'installs 10.1' do
-  download_url node['xcode']['download_url']
-  version '10.1'
+if mac_os_x_after_sierra?
+  xcode 'installs 10.1' do
+    download_url node['xcode']['download_url']
+    version '10.1'
+  end
+
+elsif mac_os_x_sierra?
+  xcode 'installs 10.1' do
+    download_url node['xcode']['download_url']
+    version '9.2'
+  end
 end

test/integration/default/controls/security_test.rb

@@ -1,5 +1,3 @@
-macos_version = command('/usr/bin/sw_vers -productVersion').stdout.strip
-
 title 'security'
 
 control 'certificate-install' do
@@ -25,15 +23,8 @@ control 'keychain-creation' do
     Verify that a test keychain is able to be created and discoverable based
     on macOS version and file name.
     '
-  if macos_version == '10.11.6'
-    describe file('/Users/vagrant/Library/Keychains/test.keychain') do
-      it { should exist }
-    end
-
-  else
-    describe file('/Users/vagrant/Library/Keychains/test.keychain-db') do
-      it { should exist }
-    end
+  describe file('/Users/vagrant/Library/Keychains/test.keychain-db') do
+    it { should exist }
   end
 end
 

test/integration/default/controls/sharing_test.rb

@@ -1,80 +0,0 @@
-title 'sharing'
-
-control 'standardized-hostname' do
-  impact 0.8
-  title 'macOS named with the preferred style'
-  desc '
-    Verify the correct values for the user-friendly name,
-    the local (Bonjour) name, and the name associated with hostname
-  '
-
-  macos_version = command('/usr/bin/sw_vers -productVersion').stdout.strip
-  platform_and_version = [os[:name], macos_version.tr('.', '')].join('-')
-  hostname_pattern = Regexp.union platform_and_version
-  fqdn_pattern = Regexp.union [platform_and_version, 'vagrantup.com'].join('.')
-
-  describe command('scutil --get ComputerName') do
-    its('stdout.chomp') { should match hostname_pattern }
-  end
-
-  describe command('scutil --get LocalHostName') do
-    its('stdout.chomp') { should match hostname_pattern }
-  end
-
-  describe command('scutil --get HostName') do
-    its('stdout.chomp') { should match fqdn_pattern }
-  end
-
-  describe command('hostname') do
-    its('stdout.chomp') { should match fqdn_pattern }
-  end
-
-  describe command('hostname -s') do
-    its('stdout.chomp') { should match hostname_pattern }
-  end
-
-  describe command('hostname -f') do
-    its('stdout.chomp') { should match fqdn_pattern }
-  end
-end
-
-control 'nonstandard-computer-name' do
-  impact 0.5
-  title 'macOS named with an non-conventional style'
-  desc '
-    Verify the correct values for each of the three names are set,
-    correctly, even when the name does not adhere to RFC 1034
-  '
-
-  ref 'https://tools.ietf.org/html/rfc1034'
-
-  macos_version = command('/usr/bin/sw_vers -productVersion').stdout.strip
-  computer_name_pattern = Regexp.union("New#{macos_version}_Washing_Machine")
-  hostname = "New#{macos_version.tr('.', '')}-Washing-Machine"
-  hostname_pattern = Regexp.union(hostname)
-  fqdn_pattern = Regexp.union [hostname, 'body-of-swirling-water.com'].join('.')
-
-  describe command('scutil --get ComputerName') do
-    its('stdout.chomp') { should match computer_name_pattern }
-  end
-
-  describe command('scutil --get LocalHostName') do
-    its('stdout.chomp') { should match hostname_pattern }
-  end
-
-  describe command('scutil --get HostName') do
-    its('stdout.chomp') { should match fqdn_pattern }
-  end
-
-  describe command('hostname') do
-    its('stdout.chomp') { should match fqdn_pattern }
-  end
-
-  describe command('hostname -s') do
-    its('stdout.chomp') { should match hostname_pattern }
-  end
-
-  describe command('hostname -f') do
-    its('stdout.chomp') { should match fqdn_pattern }
-  end
-end

test/integration/default/controls/software_updates_test.rb

@@ -5,30 +5,70 @@ control 'updates-disabled' do
   desc 'Verify that software updates do not download or install automatically'
 
   software_update_plist = '/Library/Preferences/com.apple.SoftwareUpdate.plist'
-  automatic_check_enabled = 'AutomaticCheckEnabled'
-  automatic_download = 'AutomaticDownload'
+  app_store_plist = '/Library/Preferences/com.apple.commerce.plist'
+  check = 'AutomaticCheckEnabled'
+  download = 'AutomaticDownload'
+  install_os = 'AutomaticallyInstallMacOSUpdates'
+  install_critical = 'CriticalUpdateInstall'
+  install_app_store = 'AutoUpdate'
 
-  describe command("/usr/libexec/PlistBuddy -c 'Print :#{automatic_check_enabled}' #{software_update_plist}") do
+  describe command("/usr/libexec/PlistBuddy -c 'Print :#{check}' #{software_update_plist}") do
     its('stdout') { should match('false') }
   end
 
-  describe command("/usr/libexec/PlistBuddy -c 'Print :#{automatic_download}' #{software_update_plist}") do
+  describe command("/usr/libexec/PlistBuddy -c 'Print :#{download}' #{software_update_plist}") do
     its('stdout') { should match('false') }
   end
 
-  describe command("/usr/bin/defaults read-type #{software_update_plist} #{automatic_download}") do
+  describe command("/usr/libexec/PlistBuddy -c 'Print :#{install_os}' #{software_update_plist}") do
+    its('stdout') { should match('false') }
+  end
+
+  describe command("/usr/libexec/PlistBuddy -c 'Print :#{install_critical}' #{software_update_plist}") do
+    its('stdout') { should match('false') }
+  end
+
+  describe command("/usr/libexec/PlistBuddy -c 'Print :#{install_app_store}' #{app_store_plist}") do
+    its('stdout') { should match('false') }
+  end
+
+  describe command("/usr/bin/defaults read-type #{software_update_plist} #{check}") do
     its('stdout') { should match('boolean') }
   end
 
-  describe command("/usr/bin/defaults read-type #{software_update_plist} #{automatic_check_enabled}") do
+  describe command("/usr/bin/defaults read-type #{software_update_plist} #{download}") do
     its('stdout') { should match('boolean') }
   end
 
-  describe command("/usr/bin/defaults read #{software_update_plist} #{automatic_download}") do
+  describe command("/usr/bin/defaults read-type #{software_update_plist} #{install_os}") do
+    its('stdout') { should match('boolean') }
+  end
+
+  describe command("/usr/bin/defaults read-type #{software_update_plist} #{install_critical}") do
+    its('stdout') { should match('boolean') }
+  end
+
+  describe command("/usr/bin/defaults read-type #{app_store_plist} #{install_app_store}") do
+    its('stdout') { should match('boolean') }
+  end
+
+  describe command("/usr/bin/defaults read #{software_update_plist} #{check}") do
     its('stdout') { should match('0') }
   end
 
-  describe command("/usr/bin/defaults read #{software_update_plist} #{automatic_check_enabled}") do
+  describe command("/usr/bin/defaults read #{software_update_plist} #{download}") do
+    its('stdout') { should match('0') }
+  end
+
+  describe command("/usr/bin/defaults read #{software_update_plist} #{install_os}") do
+    its('stdout') { should match('0') }
+  end
+
+  describe command("/usr/bin/defaults read #{software_update_plist} #{install_critical}") do
+    its('stdout') { should match('0') }
+  end
+
+  describe command("/usr/bin/defaults read #{app_store_plist} #{install_app_store}") do
     its('stdout') { should match('0') }
   end