Add mac_user resource that is compatible with macOS >= 10.14

Provide a user resource that is compatible with default TCC restrictions
that were introduced in macOS 10.14.

Changes:

* This resource and the corresponding provider have been modified to
  work with default macOS TCC policies. Direct access to user binary
  plists are no longer permitted by default, thus we've chosen to use
  use newer methods of creating, modifying and removing users.

* Due to the tooling required by the provider this provider is only
  suitable for use on macOS >= 10.14. Support for older platforms has
  been removed.

New Features:

* Primary group management is now included.

* 'admin' is now a boolean property that configures a user to an admin.

* 'admin_username' and 'admin_password' are new properties that define the
  admin user credentials required for toggling SecureToken for an
  exiting user.

  The 'admin_username' must correspond to a system admin with SecureToken
  enabled in order to toggle SecureToken.

* 'secure_token' is a boolean property that sets the desired state
  for SecureToken. SecureToken token is required for FileVault full
  disk encryption.

Signed-off-by: Ryan Cragun <ryan@chef.io>

1 files changed, 1 insertions, 0 deletions

diff --git a/lib/chef/resource/user.rb b/lib/chef/resource/user.rb
index 19ae2d8dc8..6ade20082f 100644
--- a/lib/chef/resource/user.rb
+++ b/lib/chef/resource/user.rb
@@ -47,6 +47,7 @@ class Chef
 
       property :password, String,
         description: "The password shadow hash",
+        sensitive: true,
         desired_state: false
 
       property :non_unique, [ TrueClass, FalseClass ],