* Dscl user provider changes to support Mac 10.7, 10.8 & 10.9.

* Make the dscl user provider password handling idempotent.
* Refactor / modernize dscl user provider unit tests.
* Functional tests for dscl user provider.

2 files changed, 199 insertions, 1 deletions

diff --git a/spec/functional/resource/user/dscl_spec.rb b/spec/functional/resource/user/dscl_spec.rb
new file mode 100644
index 0000000000..5f13bfcb0b
--- /dev/null
+++ b/spec/functional/resource/user/dscl_spec.rb
@@ -0,0 +1,198 @@
+#
+# Copyright:: Copyright (c) 2014 Chef Software, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'spec_helper'
+require 'chef/mixin/shell_out'
+
+metadata = {
+  :unix_only => true,
+  :requires_root => true,
+  :provider => {:user => Chef::Provider::User::Dscl}
+}
+
+describe "Chef::Resource::User with Chef::Provider::User::Dscl provider", metadata do
+  include Chef::Mixin::ShellOut
+
+  def clean_user
+    begin
+      shell_out!("/usr/bin/dscl . -delete '/Users/#{username}'")
+    rescue Mixlib::ShellOut::ShellCommandFailed
+      # Raised when the user is already cleaned
+    end
+  end
+
+  def user_should_exist
+    shell_out("/usr/bin/dscl . -ls /Users").stdout.should include username
+  end
+
+  def check_password(pass)
+    # In order to test the password we use dscl passwd command since
+    # that's the only command that gets the user password from CLI.
+    shell_out("dscl . -passwd /Users/greatchef #{pass} new_password").exitstatus.should == 0
+    # Now reset the password back
+    shell_out("dscl . -passwd /Users/greatchef new_password #{pass}").exitstatus.should == 0
+  end
+
+  let(:node) do
+    n = Chef::Node.new
+    n.consume_external_attrs(OHAI_SYSTEM.data.dup, {})
+    n
+  end
+
+  let(:events) do
+    Chef::EventDispatch::Dispatcher.new
+  end
+
+  let(:run_context) do
+    Chef::RunContext.new(node, {}, events)
+  end
+
+  let(:username) do
+    "greatchef"
+  end
+
+  let(:uid) { nil }
+  let(:gid) { 20 }
+  let(:home) { nil }
+  let(:manage_home) { false }
+  let(:password) { "XXXYYYZZZ" }
+  let(:comment) { "Great Chef" }
+  let(:shell) { "/bin/bash" }
+  let(:salt) { nil }
+  let(:iterations) { nil }
+
+  let(:user_resource) do
+    r = Chef::Resource::User.new("TEST USER RESOURCE", run_context)
+    r.username(username)
+    r.uid(uid)
+    r.gid(gid)
+    r.home(home)
+    r.shell(shell)
+    r.comment(comment)
+    r.manage_home(manage_home)
+    r.password(password)
+    r.salt(salt)
+    r.iterations(iterations)
+    r
+  end
+
+  before do
+    clean_user
+  end
+
+  after(:each) do
+    clean_user
+  end
+
+  describe "action :create" do
+    it "should create the user" do
+      user_resource.run_action(:create)
+      user_should_exist
+      check_password(password)
+    end
+  end
+
+  describe "when user exists" do
+    before do
+      existing_resource = user_resource.dup
+      existing_resource.run_action(:create)
+      user_should_exist
+    end
+
+    describe "when password is updated" do
+      it "should update the password of the user" do
+        user_resource.password("mykitchen")
+        user_resource.run_action(:create)
+        check_password("mykitchen")
+      end
+    end
+  end
+
+  describe "when password is being set via shadow hash" do
+    let(:password) {
+      if node[:platform_version].start_with?("10.7.")
+        # On Mac 10.7 we only need to set the password
+        "c9b3bd1a0cde797eef0eff16c580dab996ba3a21961cccc\
+d0f5e65c61558243e50b1a490088bd4824e3b35562d383ca02260398\
+ef1979b302212ec1c5383d1d05fc8d843"
+      else
+        "c734b6e4787c3727bb35e29fdd92b97c\
+1de12df509577a045728255ec7c6c5f5\
+c18efa05ed02b682ffa7ebc05119900e\
+b1d4880833aa7a190afc13e2bf0936b8\
+20123e8c98f0f9bcac2a629d9163caac\
+9464a8c234f3919082400b4f939bb77b\
+c5adbbac718b7eb99463a7b679571e0f\
+1c9fef2ef08d0b9e9c2bcf644eed2ffc"
+      end
+    }
+
+    let(:iterations) { 25000 }
+    let(:salt) { "9e2e7d5ee473b496fd24cf0bbfcaedfcb291ee21740e570d1e917e874f8788ca" }
+
+    it "action :create should create the user" do
+      user_resource.run_action(:create)
+      user_should_exist
+      check_password("soawesome")
+    end
+
+    describe "when user exists" do
+      before do
+        existing_resource = user_resource.dup
+        existing_resource.run_action(:create)
+        user_should_exist
+      end
+
+      describe "when password is updated" do
+        it "should update the password of the user" do
+          user_resource.password("mykitchen")
+          user_resource.run_action(:create)
+          check_password("mykitchen")
+        end
+      end
+    end
+  end
+
+  describe "when a user is member of some groups" do
+    let(:groups) { ["staff", "operator"] }
+
+    before do
+      existing_resource = user_resource.dup
+      existing_resource.run_action(:create)
+
+      groups.each do |group|
+        shell_out!("/usr/bin/dscl . -append '/Groups/#{group}' GroupMembership #{username}")
+      end
+    end
+
+    after do
+      groups.each do |group|
+        # Do not raise an error when user is correctly removed
+        shell_out("/usr/bin/dscl . -delete '/Groups/#{group}' GroupMembership #{username}")
+      end
+    end
+
+    it ":remove action removes the user from the groups and deletes the user"do
+      user_resource.run_action(:remove)
+      groups.each do |group|
+        # Do not raise an error when group is empty
+        shell_out("dscl . read /Groups/staff GroupMembership").stdout.should_not include(group)
+      end
+    end
+  end
+
+end
diff --git a/spec/functional/resource/user_spec.rb b/spec/functional/resource/user/useradd_spec.rb
index 1e9f924b34..997276fc3c 100644
--- a/spec/functional/resource/user_spec.rb
+++ b/spec/functional/resource/user/useradd_spec.rb
@@ -35,7 +35,7 @@ metadata = { :unix_only => true,
   :provider => {:user => user_provider_for_platform}
 }
 
-describe Chef::Resource::User, metadata do
+describe Chef::Provider::User::Useradd, metadata do
 
   include Chef::Mixin::ShellOut