merge user test suites

kitchen.yml

@@ -110,19 +110,14 @@ suites:
 
 - name: users
   run_list:
-  - recipe[macos_test::new_users]
+  - recipe[macos_test::users]
   verifier:
     controls:
     - admin-user
     - standard-user
     - hidden-user
-
-- name: delete-users
-  run_list:
-  - recipe[macos_test::delete_users]
-  verifier:
-    controls:
-    - test-user
+    - deleted-user
+    - secure-token-user
 
 - name: keychain
   run_list:

test/cookbooks/macos_test/recipes/delete_users.rb

@@ -1,16 +0,0 @@
-user = 'test_user'
-user_home = File.join('/', 'Users', user)
-
-if Gem::Version.new(node['platform_version']) >= Gem::Version.new('10.13')
-  admin_credentials = ['-adminUser', node['macos']['admin_user'], '-adminPassword', node['macos']['admin_password']]
-end
-
-execute "add user #{user}" do
-  command ['/usr/sbin/sysadminctl', *admin_credentials, '-addUser', user]
-  not_if { ::File.exist?(user_home) && user_already_exists? }
-end
-
-macos_user 'delete a given user' do
-  username user
-  action :delete
-end

test/cookbooks/macos_test/recipes/new_users.rb

@@ -1,25 +0,0 @@
-macos_user 'create admin user with autologin' do
-  username 'randall'
-  password 'correct-horse-battery-staple'
-  autologin true
-  admin true
-  groups 'alpha'
-end
-
-macos_user 'create non-admin user with groups' do
-  username 'johnny'
-  fullname 'Johnny Appleseed'
-  password 'yang-yolked-cordon-karate'
-  groups ['alpha', 'beta']
-end
-
-macos_user 'create non-admin without groups' do
-  username 'paul'
-  password 'bacon-saffron-doormat-educe'
-end
-
-macos_user 'create test' do
-  username 'griffin'
-  password 'wells'
-  hidden true
-end

test/cookbooks/macos_test/recipes/users.rb

@@ -0,0 +1,60 @@
+execute 'add user for deletion' do
+  command ['/usr/sbin/sysadminctl', '-addUser', 'delete_me']
+end
+
+macos_user 'delete a given user' do
+  username 'delete_me'
+  action :delete
+end
+
+macos_user 'create admin user with autologin' do
+  username 'randall'
+  password 'correct-horse-battery-staple'
+  autologin true
+  admin true
+  groups 'alpha'
+end
+
+macos_user 'create non-admin user with groups' do
+  username 'johnny'
+  fullname 'Johnny Appleseed'
+  password 'yang-yolked-cordon-karate'
+  groups ['alpha', 'beta']
+end
+
+macos_user 'create non-admin without groups' do
+  username 'paul'
+  password 'bacon-saffron-doormat-educe'
+end
+
+macos_user 'create hidden user' do
+  username 'griffin'
+  password 'wells'
+  hidden true
+end
+
+macos_user 'create user with secure token' do
+  username 'jung'
+  password 'philemon'
+  secure_token true
+  existing_token_auth({ username: 'vagrant', password: 'vagrant' })
+end
+
+macos_user 'create user with secure token' do
+  username 'jung'
+  password 'philemon'
+  secure_token true
+  existing_token_auth({ username: 'vagrant', password: 'vagrant' })
+end
+
+macos_user 'create user with secure token' do
+  username 'ray'
+  password 'leah'
+  secure_token true
+  existing_token_auth({ username: 'vagrant', password: 'vagrant' })
+end
+
+macos_user "remove existing user's secure token" do
+  username 'ray'
+  secure_token false
+end

test/integration/default/controls/users_and_groups_test.rb

@@ -101,11 +101,32 @@ control 'hidden-user' do
   end
 end
 
-control 'test-user' do
+control 'deleted-user' do
   title 'Checks that a user does not exist'
   desc 'Given a previously added user, check that its deletion results in user no longer being in existence.'
 
-  describe user('test_user').exists? do
+  describe user('delete_me').exists? do
     it { should eq false }
   end
 end
+
+control 'secure-token-user' do
+  title 'added with a secure token but then removed'
+  desc 'Verify the user initially added with a secure token does not have one'
+
+  describe user('jung') do
+    it { should exist }
+  end
+
+  describe command('sysadminctl -secureTokenStatus jung') do
+    its('stdout') { should include 'ENABLED' }
+  end
+
+  describe user('ray') do
+    it { should exist }
+  end
+
+  describe command('sysadminctl -secureTokenStatus ray') do
+    its('stdout') { should include 'DISABLED' }
+  end
+end