diff options
author | Tim Smith <tsmith@chef.io> | 2019-09-11 06:20:01 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-11 06:20:01 -0700 |
commit | 2744875f182b4a19fcaf822ae6aff86f0f184d9e (patch) | |
tree | 7ba7f243c99353990b8fb05a3e61768df12be95c /lib | |
parent | 292bf24a26da9d0b7b99d2dce3d2b9b37cf94f28 (diff) | |
parent | 1977fbf8410efc415b2ba8c59177b99ab2dcad62 (diff) | |
download | chef-2744875f182b4a19fcaf822ae6aff86f0f184d9e.tar.gz |
Merge pull request #8874 from chef/ryan/fix-macos-build
[macos] fix mac_user platform constraints
Diffstat (limited to 'lib')
-rw-r--r-- | lib/chef/provider/user/mac.rb | 40 | ||||
-rw-r--r-- | lib/chef/resource/user/dscl_user.rb | 2 | ||||
-rw-r--r-- | lib/chef/resource/user/mac_user.rb | 2 |
3 files changed, 22 insertions, 22 deletions
diff --git a/lib/chef/provider/user/mac.rb b/lib/chef/provider/user/mac.rb index 414445cfa1..7b12eaec3c 100644 --- a/lib/chef/provider/user/mac.rb +++ b/lib/chef/provider/user/mac.rb @@ -134,8 +134,8 @@ class Chef def create_user cmd = [-"-addUser", new_resource.username] - cmd += ["-fullName", new_resource.comment] if new_resource.property_is_set?(:comment) - cmd += ["-UID", new_resource.uid] if new_resource.property_is_set?(:uid) + cmd += ["-fullName", new_resource.comment] if prop_is_set?(:comment) + cmd += ["-UID", new_resource.uid] if prop_is_set?(:uid) cmd += ["-shell", new_resource.shell] cmd += ["-home", new_resource.home] cmd += ["-admin"] if new_resource.admin @@ -143,7 +143,7 @@ class Chef # We can technically create a new user without the admin credentials # but without them the user cannot enable SecureToken, thus they cannot # create other secure users or enable FileVault full disk encryption. - if new_resource.property_is_set?(:admin_username) && new_resource.property_is_set?(:admin_password) + if prop_is_set?(:admin_username) && prop_is_set?(:admin_password) cmd += ["-adminUser", new_resource.admin_username] cmd += ["-adminPassword", new_resource.admin_password] end @@ -165,7 +165,7 @@ class Chef reload_user_plist reload_admin_group_plist - if new_resource.property_is_set?(:password) + if prop_is_set?(:password) converge_by("set password") { set_password } end @@ -181,7 +181,7 @@ class Chef end end - if new_resource.property_is_set?(:gid) + if prop_is_set?(:gid) # NOTE: Here we're managing the primary group of the user which is # a departure from previous behavior. We could just set the # PrimaryGroupID for the user and move on if we decide that actual @@ -282,7 +282,7 @@ class Chef def remove_user cmd = ["-deleteUser", new_resource.username] cmd << new_resource.manage_home ? "-secure" : "-keepHome" - if new_resource.property_is_set?(:admin_username) && new_resource.property_is_set?(:admin_password) + if %i{admin_username admin_password}.all? { |p| prop_is_set?(p) } cmd += ["-adminUser", new_resource.admin_username] cmd += ["-adminPassword", new_resource.admin_password] end @@ -344,7 +344,7 @@ class Chef else # Other fields are have been set on current resource so just compare # them. - new_resource.property_is_set?(prop) && (new_resource.send(prop) != current_resource.send(prop)) + !new_resource.send(prop).nil? && (new_resource.send(prop) != current_resource.send(prop)) end end @@ -384,14 +384,8 @@ class Chef def toggle_secure_token # Check for this lazily as we only need to validate for these credentials # if we're toggling secure token. - unless new_resource.property_is_set?(:admin_username) && - new_resource.property_is_set?(:admin_password) && - # property_is_set? can't handle a default inherited from password - # when not using shadow hash data. Hence, we'll just have to - # make sure some valid string is there. - new_resource.secure_token_password && - new_resource.secure_token_password != "" - raise Chef::Exceptions::User, "secure_token_password, admin_user and admin_password properties are required to modify SecureToken" + unless %i{admin_username admin_password secure_token_password}.all? { |p| prop_is_set?(p) } + raise Chef::Exceptions::User, "secure_token_password, admin_username and admin_password properties are required to modify SecureToken" end cmd = (new_resource.secure_token ? %w{-secureTokenOn} : %w{-secureTokenOff}) @@ -414,11 +408,11 @@ class Chef # Therefore, if we're configuring a user based upon existing shadow # hash data we'll have to set the password again so that future runs # of the client don't show password drift. - set_password if new_resource.property_is_set?(:salt) + set_password if prop_is_set?(:salt) end def user_group_diverged? - return false unless new_resource.property_is_set?(:gid) + return false unless prop_is_set?(:gid) group_name, group_id = user_group_info @@ -439,11 +433,11 @@ class Chef # * Not configuring it # Check for no desired password configuration - return false unless new_resource.property_is_set?(:password) + return false unless prop_is_set?(:password) # Check for ShadowHashData divergence by comparing the entropy, # salt, and iterations. - if new_resource.property_is_set?(:salt) + if prop_is_set?(:salt) return true if %i{salt iterations}.any? { |prop| diverged?(prop) } return new_resource.password != current_resource.password @@ -473,7 +467,7 @@ class Chef end def set_password - if new_resource.property_is_set?(:salt) + if prop_is_set?(:salt) entropy = StringIO.new(convert_to_binary(new_resource.password)) salt = StringIO.new(convert_to_binary(new_resource.salt)) else @@ -586,6 +580,12 @@ class Chef result.stdout end + def prop_is_set?(prop) + v = new_resource.send(prop.to_sym) + + !v.nil? && v != "" + end + class Plist DSCL_PROPERTY_MAP = { uid: "dsAttrTypeStandard:UniqueID", diff --git a/lib/chef/resource/user/dscl_user.rb b/lib/chef/resource/user/dscl_user.rb index a3f6661c22..5ba9d3d099 100644 --- a/lib/chef/resource/user/dscl_user.rb +++ b/lib/chef/resource/user/dscl_user.rb @@ -24,7 +24,7 @@ class Chef resource_name :dscl_user provides :dscl_user - provides :user, os: "darwin", platform_version: "<= 10.13" + provides :user, platform: "mac_os_x", platform_version: "< 10.14" property :iterations, Integer, description: "macOS platform only. The number of iterations for a password with a SALTED-SHA512-PBKDF2 shadow hash.", diff --git a/lib/chef/resource/user/mac_user.rb b/lib/chef/resource/user/mac_user.rb index ab5cc12947..0892dea077 100644 --- a/lib/chef/resource/user/mac_user.rb +++ b/lib/chef/resource/user/mac_user.rb @@ -61,7 +61,7 @@ class Chef resource_name :mac_user provides :mac_user - provides :user, os: "darwin", platform_version: ">= 10.14" + provides :user, platform: "mac_os_x", platform_version: ">= 10.14" introduced "15.3" |