Release/2.3 (#121)
* add new box names to kitchen.yml * remove always install strategy since our boxes are clean now * don't run APFS commands on new box * make disk image volumes instead of partitions * update base boxes (#119) * add new box names to kitchen.yml * remove always install strategy since our boxes are clean now * don't run APFS commands on new box * make disk image volumes instead of partitions * Fix for Issue #107: User Deletion (#117) * delete user fix. #{user} is never actually used. Also used an array for command * add a seperate test suite for testing user deletion * Add a seperate recipe for user deletion that does not use macos_user resource for user creation * Use password to unlock keychain (#120) * Fix for Issue #96: Hidden Users (#118) * add functionality for hidden user support * Add a new user called griffin to the new_user recipe for hidden user testing * Add test suite for hidden user testing * add some documentation * Respond to code review comments 1. Update user hiding execute block to check for IsHidden as a guard 2. Don't use mv and instead use FileUtils 3. Change hidden property to accept false or true, right now we ignore false 4. Fix integration test to look for griffin's home in var * bump version * update latest stable version of Xcode * update beta version of Xcode * Use explicit box versions in kitchen.yml * update smoke tests
This commit is contained in:
Родитель
39445b7880
Коммит
63782b44bd
30
.kitchen.yml
30
.kitchen.yml
|
@ -5,48 +5,56 @@ driver:
|
|||
|
||||
provisioner:
|
||||
product_name: chef
|
||||
install_strategy: always
|
||||
|
||||
verifier:
|
||||
name: inspec
|
||||
sudo: true
|
||||
format:
|
||||
- cli
|
||||
- junit:/tmp/inspec.xml
|
||||
inspec_tests:
|
||||
- test/integration/default
|
||||
|
||||
platforms:
|
||||
- name: el-capitan-chef13
|
||||
driver:
|
||||
box: apex/macos-10.11.6
|
||||
box: microsoft/os-x-el-capitan
|
||||
version: 10.11.6
|
||||
provisioner:
|
||||
product_version: 13
|
||||
|
||||
- name: el-capitan-chef14
|
||||
driver:
|
||||
box: apex/macos-10.11.6
|
||||
box: microsoft/os-x-el-capitan
|
||||
version: 10.11.6
|
||||
provisioner:
|
||||
product_version: 14
|
||||
|
||||
- name: sierra-chef13
|
||||
driver:
|
||||
box: apex/macos-10.12.6
|
||||
box: microsoft/macos-sierra
|
||||
version: 10.12.6
|
||||
provisioner:
|
||||
product_version: 13
|
||||
|
||||
- name: sierra-chef14
|
||||
driver:
|
||||
box: apex/macos-10.12.6
|
||||
box: microsoft/macos-sierra
|
||||
version: 10.12.6
|
||||
provisioner:
|
||||
product_version: 14
|
||||
|
||||
- name: high-sierra-chef13
|
||||
driver:
|
||||
box: apex/macos-10.13.4
|
||||
box: microsoft/macos-high-sierra
|
||||
version: 10.13.5
|
||||
provisioner:
|
||||
product_version: 13
|
||||
|
||||
- name: high-sierra-chef14
|
||||
driver:
|
||||
box: apex/macos-10.13.4
|
||||
box: microsoft/macos-high-sierra
|
||||
version: 10.13.5
|
||||
provisioner:
|
||||
product_version: 14
|
||||
|
||||
|
@ -114,6 +122,14 @@ suites:
|
|||
controls:
|
||||
- admin-user
|
||||
- standard-user
|
||||
- hidden-user
|
||||
|
||||
- name: delete_users
|
||||
run_list:
|
||||
- recipe[macos_test::delete_users]
|
||||
verifier:
|
||||
controls:
|
||||
- test-user
|
||||
|
||||
- name: keychain
|
||||
run_list:
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
default['macos']['admin_user'] = 'vagrant'
|
||||
default['macos']['admin_password'] = 'vagrant'
|
||||
|
||||
default['macos']['xcode']['version'] = '9.3'
|
||||
default['macos']['xcode']['version'] = '9.4.1'
|
||||
|
||||
default['macos']['remote_login_enabled'] = true
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@ macos_user 'user and action description' do
|
|||
password String # password for user, defaults to "password" if not specified
|
||||
autologin TrueClass # user autologin
|
||||
admin TrueClass # admin status of user
|
||||
hidden TrueClass # hidden status of user
|
||||
fullname String # full name of user
|
||||
groups Array, String # list of groups the user is in
|
||||
end
|
||||
|
|
|
@ -5,7 +5,7 @@ license 'MIT'
|
|||
description 'Resources for configuring and provisioning macOS'
|
||||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
|
||||
chef_version '>= 13.0' if respond_to?(:chef_version)
|
||||
version '2.2.0'
|
||||
version '2.3.0'
|
||||
|
||||
source_url 'https://github.com/Microsoft/macos-cookbook'
|
||||
issues_url 'https://github.com/Microsoft/macos-cookbook/issues'
|
||||
|
|
|
@ -15,7 +15,7 @@ action :install do
|
|||
cert = SecurityCommand.new(new_resource.certfile, keychain)
|
||||
|
||||
execute 'unlock keychain' do
|
||||
command [*cert.unlock_keychain(node['macos']['admin_user'])]
|
||||
command [*cert.unlock_keychain(node['macos']['admin_password'])]
|
||||
end
|
||||
|
||||
execute 'install-certificate' do
|
||||
|
|
|
@ -7,12 +7,21 @@ property :autologin, [TrueClass]
|
|||
property :admin, [TrueClass]
|
||||
property :fullname, String
|
||||
property :groups, [Array, String]
|
||||
property :hidden, [true, false], default: false
|
||||
|
||||
action_class do
|
||||
def user_home
|
||||
::File.join('/', 'Users', new_resource.username)
|
||||
end
|
||||
|
||||
def user_hidden_home
|
||||
::File.join('/', 'var', new_resource.username)
|
||||
end
|
||||
|
||||
def user_sharepoints
|
||||
::File.join('/', 'SharePoints', new_resource.username)
|
||||
end
|
||||
|
||||
def setup_assistant_plist
|
||||
::File.join(user_home, 'Library', 'Preferences', 'com.apple.SetupAssistant.plist')
|
||||
end
|
||||
|
@ -40,6 +49,10 @@ action_class do
|
|||
'/usr/sbin/sysadminctl'
|
||||
end
|
||||
|
||||
def dscl
|
||||
'/usr/bin/dscl'
|
||||
end
|
||||
|
||||
def user_fullname
|
||||
new_resource.property_is_set?(:fullname) ? ['-fullName', new_resource.fullname] : ''
|
||||
end
|
||||
|
@ -70,6 +83,34 @@ action :create do
|
|||
|
||||
sleep(0.5)
|
||||
|
||||
if new_resource.hidden == true
|
||||
execute "hide user #{new_resource.username}" do
|
||||
key = 'IsHidden'
|
||||
desired_value = '1'
|
||||
read_command = shell_out(dscl, '.', 'read', user_home, key)
|
||||
current_value = read_command.stdout.empty? ? 0 : read_command.stdout.split(':').last.strip
|
||||
command [dscl, '.', 'create', user_home, key, desired_value]
|
||||
not_if { current_value.eql? desired_value }
|
||||
end
|
||||
|
||||
ruby_block "hide user #{new_resource.username} home directory #{user_home}" do
|
||||
block do
|
||||
FileUtils.mkdir_p user_hidden_home
|
||||
FileUtils.cp_r(Dir[user_home.to_s], Dir[user_hidden_home.to_s])
|
||||
end
|
||||
end
|
||||
|
||||
execute 'update user record' do
|
||||
command [dscl, '.', 'create', user_home, 'NFSHomeDirectory', user_hidden_home]
|
||||
only_if { ::File.exist?(user_hidden_home) && ::File.exist?(user_home) }
|
||||
end
|
||||
|
||||
execute 'remove Public Folder share point' do
|
||||
command [dscl, '.', 'delete', user_sharepoints]
|
||||
only_if { ::File.exist?(user_sharepoints) }
|
||||
end
|
||||
end
|
||||
|
||||
if new_resource.property_is_set?(:autologin)
|
||||
setup_assistant_keypair_values.each do |e, v|
|
||||
plist setup_assistant_plist do
|
||||
|
@ -119,8 +160,8 @@ action :delete do
|
|||
only_if { ::File.exist? user_home }
|
||||
end
|
||||
|
||||
execute "delete user: #{user}" do
|
||||
command "#{sysadminctl} -deleteUser #{new_resource.username}"
|
||||
execute "delete user: #{new_resource.username}" do
|
||||
command [sysadminctl, '-deleteUser', new_resource.username]
|
||||
only_if { user_already_exists? }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
user = 'test_user'
|
||||
user_home = File.join('/', 'Users', user)
|
||||
|
||||
if Gem::Version.new(node['platform_version']) >= Gem::Version.new('10.13')
|
||||
admin_credentials = ['-adminUser', node['macos']['admin_user'], '-adminPassword', node['macos']['admin_password']]
|
||||
else ''
|
||||
end
|
||||
|
||||
execute "add user #{user}" do
|
||||
command ['/usr/sbin/sysadminctl', *admin_credentials, '-addUser', user]
|
||||
not_if { ::File.exist?(user_home) && user_already_exists? }
|
||||
end
|
||||
|
||||
macos_user 'delete a given user' do
|
||||
username user
|
||||
action :delete
|
||||
end
|
|
@ -17,3 +17,9 @@ macos_user 'create non-admin without groups' do
|
|||
username 'paul'
|
||||
password 'bacon-saffron-doormat-educe'
|
||||
end
|
||||
|
||||
macos_user 'create test' do
|
||||
username 'griffin'
|
||||
password 'wells'
|
||||
hidden true
|
||||
end
|
||||
|
|
|
@ -1,23 +1,13 @@
|
|||
if node['platform_version'].match?(/10.13/)
|
||||
execute 'create test disk collection on APFS' do
|
||||
command ['diskutil', 'apfs', 'resizeContainer',
|
||||
'disk0s2', '25g',
|
||||
'jhfs+', 'test_disk1', '1G',
|
||||
'jhfs+', 'TDD2', '1G',
|
||||
'jhfs+', 'Macintosh TD', '1G',
|
||||
'jhfs+', 'TDD-ROM', '700MB']
|
||||
not_if ['ls', '/Volumes/test_disk1']
|
||||
end
|
||||
test_file = 'test.txt'
|
||||
test_volumes = ['test_disk1', 'TDD2', 'Macintosh TD', 'TDD-ROM']
|
||||
|
||||
else
|
||||
file test_file
|
||||
test_volumes.each do |volume|
|
||||
execute 'create test disk collection on HFS' do
|
||||
command ['diskutil', 'resizeVolume',
|
||||
'disk0s2', '25g',
|
||||
'jhfs+', 'test_disk1', '1G',
|
||||
'jhfs+', 'TDD2', '1G',
|
||||
'jhfs+', 'Macintosh TD', '1G',
|
||||
'jhfs+', 'TDD-ROM', '700MB']
|
||||
not_if ['ls', '/Volumes/test_disk1']
|
||||
command ['hdiutil', 'create', "#{volume}.dmg",
|
||||
'-size', '1g', '-format', 'UDRW',
|
||||
'-volname', volume, '-srcfolder', test_file,
|
||||
'-ov', '-attach']
|
||||
end
|
||||
end
|
||||
|
||||
|
|
|
@ -2,4 +2,4 @@ execute 'Disable Gatekeeper' do
|
|||
command ['spctl', '--master-disable']
|
||||
end
|
||||
|
||||
xcode '9.4' if node['platform_version'].match? Regexp.union '10.13'
|
||||
xcode '10.0' if node['platform_version'].match? Regexp.union '10.13'
|
||||
|
|
|
@ -85,3 +85,30 @@ control 'standard-user' do
|
|||
its('stdout.split') { should_not include '80' }
|
||||
end
|
||||
end
|
||||
|
||||
control 'hidden-user' do
|
||||
title 'added as a hidden user'
|
||||
desc 'Verify that a standard user is hidden'
|
||||
|
||||
describe user('griffin') do
|
||||
it { should exist }
|
||||
its('home') { should eq '/var/griffin' }
|
||||
end
|
||||
|
||||
describe command("/usr/libexec/Plistbuddy -c 'Print IsHidden' /var/db/dslocal/nodes/Default/users/griffin.plist") do
|
||||
its('stdout') { should match(/1/) }
|
||||
end
|
||||
|
||||
describe directory('/var/griffin') do
|
||||
it { should exist }
|
||||
end
|
||||
end
|
||||
|
||||
control 'test-user' do
|
||||
title 'Checks that a user does not exist'
|
||||
desc 'Given a previously added user, check that its deletion results in user no longer being in existence.'
|
||||
|
||||
describe user('test_user').exists? do
|
||||
it { should eq false }
|
||||
end
|
||||
end
|
||||
|
|
|
@ -15,7 +15,7 @@ control 'xcode-and-simulators' do
|
|||
end
|
||||
|
||||
if macos_version.match? Regexp.union '10.13'
|
||||
describe directory('/Applications/Xcode-9.3.app') do
|
||||
describe directory('/Applications/Xcode-9.4.1.app') do
|
||||
it { should exist }
|
||||
end
|
||||
|
||||
|
@ -51,7 +51,7 @@ control 'xcode-beta' do
|
|||
macos_version = command('/usr/bin/sw_vers -productVersion').stdout.strip
|
||||
|
||||
if macos_version.match? Regexp.union '10.13'
|
||||
describe directory('/Applications/Xcode-9.4.app') do
|
||||
describe directory('/Applications/Xcode-10.app') do
|
||||
it { should exist }
|
||||
end
|
||||
end
|
||||
|
|
Загрузка…
Ссылка в новой задаче