From 8316b58e3d95fca270f071ea05d41eb5d17ce5f5 Mon Sep 17 00:00:00 2001
From: Jared Weyer <v-jaredweyer@microsoft.com>
Date: Thu, 9 Mar 2023 16:25:19 -0800
Subject: [PATCH] value does not exist if desired users are not configured.
 Plus fix typos

---
 resources/remote_management.rb     |  6 +--
 resources/remote_management.rb.bak | 83 ++++++++++++++++++++++++++++++
 2 files changed, 86 insertions(+), 3 deletions(-)
 create mode 100644 resources/remote_management.rb.bak

diff --git a/resources/remote_management.rb b/resources/remote_management.rb
index 3026f8e..20b8698 100644
--- a/resources/remote_management.rb
+++ b/resources/remote_management.rb
@@ -6,7 +6,7 @@ default_action :enable
 property :users,
          [String, Array],
          default: 'all',
-         description: 'The user(s) whoose ARD privileges will be configured.',
+         description: 'The user(s) whose ARD privileges will be configured.',
          coerce: ->(p) { [p].flatten }
 
 property :privileges,
@@ -19,12 +19,12 @@ property :privileges,
 property :computer_info,
          [String, Array],
          default: [],
-         description: 'Info fields; helpful for stratifing computers in ARD client app.',
+         description: 'Info fields; helpful for stratifying computers in ARD client app.',
          coerce: ->(p) { p.compact.map(&:to_s) },
          callbacks: { 'has too many elements; computer info excepts up to four info fields' => ->(p) { (p.is_a?(Array) && p.size < 4) } }
 
 load_current_value do |desired|
-  current_value_does_not_exist! unless RemoteManagement.activated?
+  current_value_does_not_exist! unless RemoteManagement.activated? && RemoteManagement.users_configured?(desired.users)
   privileges RemoteManagement.current_mask(desired.users)
   computer_info RemoteManagement.current_computer_info
 end
diff --git a/resources/remote_management.rb.bak b/resources/remote_management.rb.bak
new file mode 100644
index 0000000..3026f8e
--- /dev/null
+++ b/resources/remote_management.rb.bak
@@ -0,0 +1,83 @@
+unified_mode true
+
+provides :remote_management
+default_action :enable
+
+property :users,
+         [String, Array],
+         default: 'all',
+         description: 'The user(s) whoose ARD privileges will be configured.',
+         coerce: ->(p) { [p].flatten }
+
+property :privileges,
+         [String, Array, Integer],
+         default: 'all',
+         description: 'The desired privileges to bestow upon the given users.',
+         coerce: ->(p) { p.is_a?(Integer) ? p : RemoteManagement::BitMask.mask_from_privileges(p) },
+         callbacks: { 'is invalid. See https://ss64.com/osx/kickstart.html for valid privileges' => ->(p) { RemoteManagement::BitMask.valid_mask?(p) } }
+
+property :computer_info,
+         [String, Array],
+         default: [],
+         description: 'Info fields; helpful for stratifing computers in ARD client app.',
+         coerce: ->(p) { p.compact.map(&:to_s) },
+         callbacks: { 'has too many elements; computer info excepts up to four info fields' => ->(p) { (p.is_a?(Array) && p.size < 4) } }
+
+load_current_value do |desired|
+  current_value_does_not_exist! unless RemoteManagement.activated?
+  privileges RemoteManagement.current_mask(desired.users)
+  computer_info RemoteManagement.current_computer_info
+end
+
+# TODO; the enable action should be decoupled from configuration; configure action should be added; default action should be [:configure, :enable]
+
+action :enable do
+  converge_if_changed(:privileges, :computer_info) do
+    raise(RemoteManagement::Exceptions::TCCError) unless RemoteManagement::TCC::DB.correct_privileges?
+
+    execute 'restart the TCC daemon' do
+      command 'sudo pkill -9 tccd'
+      only_if { platform_version >= Chef::Version.new('12.0.0') }
+      not_if { RemoteManagement::TCC::State.enabled? }
+    end
+
+    converge_if_changed(:privileges) do
+      if new_resource.users.include?('all')
+        converge_by('setting privileges for all users') do
+          execute 'set privileges for all users' do
+            command [RemoteManagement.kickstart, '-configure', '-allowAccessFor', '-allUsers', '-access', '-on', '-privs', '-mask', new_resource.privileges]
+          end
+        end
+      else
+        converge_by('setting privileges for specified users') do
+          execute 'set up Remote Management to only grant access to users with privileges' do
+            command [RemoteManagement.kickstart, '-configure', '-allowAccessFor', '-specifiedUsers']
+          end
+
+          execute "set privileges for #{new_resource.users.join(', ')}" do
+            command [RemoteManagement.kickstart, '-configure', '-access', '-on', '-privs', '-mask', new_resource.privileges, '-users', new_resource.users.join(',')]
+          end
+        end
+      end
+    end
+
+    converge_if_changed(:computer_info) do
+      new_resource.computer_info.each_with_index do |info, i|
+        execute "set computer info field #{i + 1}" do
+          command [RemoteManagement.kickstart, '-configure', '-computerinfo', "-set#{i + 1}", "-#{i + 1}", info]
+        end
+      end
+    end
+
+    execute 'activate the Remote Management service and restart the agent' do
+      command [RemoteManagement.kickstart, '-activate', '-restart', '-agent']
+    end
+  end
+end
+
+action :disable do
+  execute 'stop the Remote Management service and deactivate it so it will not start after the next restart' do
+    command [RemoteManagement.kickstart, '-deactivate', '-stop']
+    only_if { RemoteManagement.activated? }
+  end
+end