From a6bd0b4aa7c39e902cf9cd44579f41d7ac4ae949 Mon Sep 17 00:00:00 2001
From: Michael Hashizume <michael.hashizume@puppet.com>
Date: Thu, 17 Mar 2022 11:09:38 -0700
Subject: [PATCH 1/2] (maint) Removes irrelevant macOS tests

Starting with macOS 10.14 Mojave, Apple require full disk access
(FDA) to make changes to certain system functionality, including
user ID (UID) and the `/home` directory. Granting FDA means either
manual user intervention or creating a Privacy Preferences
Policy Control Payload (PPPCP) profile through mobile device
management (MDM).

This means that these two tests (`should_modify_home.rb` and
`should_modify_uid.rb`) don't work on any version of macOS that
Puppet supports (10.14-11), so we no longer need them.
---
 .../tests/resource/user/should_modify_home.rb | 37 -------------------
 .../tests/resource/user/should_modify_uid.rb  | 37 -------------------
 2 files changed, 74 deletions(-)
 delete mode 100644 acceptance/tests/resource/user/should_modify_home.rb
 delete mode 100644 acceptance/tests/resource/user/should_modify_uid.rb

diff --git a/acceptance/tests/resource/user/should_modify_home.rb b/acceptance/tests/resource/user/should_modify_home.rb
deleted file mode 100644
index a11cf73131e..00000000000
--- a/acceptance/tests/resource/user/should_modify_home.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-test_name "should modify the home directory of an user on OS X < 10.14" do
-  confine :to, :platform => /osx/
-  confine :except, :platform => /(osx-10.1[4-9]|osx-11-)/
-
-  tag 'audit:high',
-      'audit:acceptance' # Could be done as integration tests, but would
-                         # require changing the system running the test
-                       # in ways that might require special permissions
-                       # or be harmful to the system running the test
-
-  require 'puppet/acceptance/common_utils'
-  extend Puppet::Acceptance::BeakerUtils
-  extend Puppet::Acceptance::ManifestUtils
-
-  user = "pl#{rand(999999).to_i}"
-
-  agents.each do |agent|
-    teardown do
-      user_absent(agent, user)
-    end
-
-    step "ensure the user is present" do
-      agent.user_present(user)
-    end
-
-    step "verify that the user has the correct home" do
-      new_home = "/opt/#{user}"
-      user_manifest = resource_manifest('user', user, ensure: 'present', home: new_home)
-      apply_manifest_on(agent, user_manifest)
-
-      agent.user_get(user) do |result|
-        user_home = result.stdout.split(':')[8]
-        assert_equal(user_home, new_home, "Expected home: #{new_home}, actual home: #{user_home}")
-      end
-    end
-  end
-end
diff --git a/acceptance/tests/resource/user/should_modify_uid.rb b/acceptance/tests/resource/user/should_modify_uid.rb
deleted file mode 100644
index a94988fa63d..00000000000
--- a/acceptance/tests/resource/user/should_modify_uid.rb
+++ /dev/null
@@ -1,37 +0,0 @@
-test_name "should modify the uid of an user OS X < 10.14" do
-  confine :to, :platform => /osx/
-  confine :except, :platform => /(osx-10.1[4-9]|osx-11-)/
-
-  tag 'audit:high',
-      'audit:acceptance' # Could be done as integration tests, but would
-                         # require changing the system running the test
-                       # in ways that might require special permissions
-                       # or be harmful to the system running the test
-
-  require 'puppet/acceptance/common_utils'
-  extend Puppet::Acceptance::BeakerUtils
-  extend Puppet::Acceptance::ManifestUtils
-
-  user = "pl#{rand(999999).to_i}"
-
-  agents.each do |agent|
-    teardown do
-      user_absent(agent, user)
-    end
-
-    step "ensure the user is present" do
-      agent.user_present(user)
-    end
-
-    step "verify that the user has the correct uid" do
-      new_uid = rand(999999)
-      user_manifest = resource_manifest('user', user, ensure: 'present', uid: new_uid)
-      apply_manifest_on(agent, user_manifest)
-
-      agent.user_get(user) do |result|
-        user_uid = Integer(result.stdout.split(':')[2])
-        assert_equal(user_uid, new_uid, "Expected uid: #{new_uid}, actual uid: #{user_uid}")
-      end
-    end
-  end
-end

From 270d7626af0644a8d26ca98be507db74b8e4c60f Mon Sep 17 00:00:00 2001
From: Michael Hashizume <michael.hashizume@puppet.com>
Date: Thu, 17 Mar 2022 11:17:40 -0700
Subject: [PATCH 2/2] (maint) Expands test to include macOS 12

This test excludes all versions of macOS starting from 10.15
Catalina. As Puppet dropped macOS 10.14 Mojave support last year,
we no longer have to use a regex matcher as every supported
version of macOS can be excluded.
---
 .../file/ticket_8740_should_not_enumerate_root_directory.rb     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/acceptance/tests/resource/file/ticket_8740_should_not_enumerate_root_directory.rb b/acceptance/tests/resource/file/ticket_8740_should_not_enumerate_root_directory.rb
index 96ed8a5d62c..6ae9fa3a58e 100644
--- a/acceptance/tests/resource/file/ticket_8740_should_not_enumerate_root_directory.rb
+++ b/acceptance/tests/resource/file/ticket_8740_should_not_enumerate_root_directory.rb
@@ -1,7 +1,7 @@
 test_name "#8740: should not enumerate root directory"
 
 confine :except, :platform => 'windows'
-confine :except, :platform => /(osx-10.1[5-9]|osx-11-)/
+confine :except, :platform => 'osx'
 
 tag 'audit:high',
     'audit:refactor',   # Use block style `test_name`