diff options
| author | Joseph Chilcote <chilcote+github@gmail.com> | 2020-01-25 14:38:52 -0800 |
|---|---|---|
| committer | Joseph Chilcote <chilcote+github@gmail.com> | 2020-01-25 14:38:52 -0800 |
| commit | fc7626547569a368ae3d53e3917467e8b04f3555 (patch) | |
| tree | 80e01c89e47b70e9e5677b1478349a52f480ea8b | |
| parent | 130e1c958aeb0e8edabf960b0f760f2453995e25 (diff) | |
| download | chef-fc7626547569a368ae3d53e3917467e8b04f3555.tar.gz | |
Adding support for IsHidden user attribute (macOS)
Signed-off-by: Joseph Chilcote <chilcote@fb.com>
| -rw-r--r-- | lib/chef/provider/user/mac.rb | 30 | ||||
| -rw-r--r-- | lib/chef/resource/user/mac_user.rb | 3 |
2 files changed, 32 insertions, 1 deletions
diff --git a/lib/chef/provider/user/mac.rb b/lib/chef/provider/user/mac.rb index 2f8d546130..a8c97ef040 100644 --- a/lib/chef/provider/user/mac.rb +++ b/lib/chef/provider/user/mac.rb @@ -51,6 +51,7 @@ class Chef current_resource.home(user_plist[:home][0]) current_resource.shell(user_plist[:shell][0]) current_resource.comment(user_plist[:comment][0]) + current_resource.hidden(user_plist[:is_hidden][0] == "1" ? true : false) shadow_hash = user_plist[:shadow_hash] if shadow_hash @@ -165,6 +166,10 @@ class Chef reload_user_plist reload_admin_group_plist + if prop_is_set?(:hidden) + set_hidden + end + if prop_is_set?(:password) converge_by("set password") { set_password } end @@ -208,7 +213,7 @@ class Chef end def compare_user - %i{comment shell uid gid salt password admin secure_token}.any? { |m| diverged?(m) } + %i{comment shell uid gid salt password admin secure_token hidden}.any? { |m| diverged?(m) } end def manage_user @@ -276,6 +281,12 @@ class Chef end end + if diverged?(:hidden) + converge_by("alter hidden") do + set_hidden + end + end + reload_user_plist end @@ -336,6 +347,8 @@ class Chef user_group_diverged? when :secure_token secure_token_diverged? + when :hidden + hidden_diverged? else # Other fields are have been set on current resource so just compare # them. @@ -431,6 +444,20 @@ class Chef current_resource.gid != group_id.to_i end + def hidden_diverged? + return false unless prop_is_set?(:hidden) + + (current_resource.hidden ? 1 : 0) != hidden_value.to_i + end + + def set_hidden + run_dscl("create", "/Users/#{new_resource.username}", "IsHidden", hidden_value.to_i) + end + + def hidden_value + new_resource.hidden ? 1 : 0 + end + def password_diverged? # There are three options for configuring the password: # * ShadowHashData which includes the hash data as: @@ -606,6 +633,7 @@ class Chef auth_authority: "dsAttrTypeStandard:AuthenticationAuthority", shadow_hash: "dsAttrTypeNative:ShadowHashData", group_members: "dsAttrTypeStandard:GroupMembers", + is_hidden: "dsAttrTypeNative:IsHidden", }.freeze attr_accessor :plist_hash, :property_map diff --git a/lib/chef/resource/user/mac_user.rb b/lib/chef/resource/user/mac_user.rb index 0892dea077..4b9c12bc64 100644 --- a/lib/chef/resource/user/mac_user.rb +++ b/lib/chef/resource/user/mac_user.rb @@ -100,6 +100,9 @@ class Chef property :admin, [TrueClass, FalseClass], description: "Create the user as an admin", default: false + # Hide a user account in the macOS login window + property :hidden, [TrueClass, FalseClass], description: "Hide account from loginwindow and system preferences", default: false + # TCC on macOS >= 10.14 requires admin credentials of an Admin user that # has SecureToken enabled in order to toggle SecureToken. property :admin_username, String, description: "Admin username for superuser actions" |