From a6bd0b4aa7c39e902cf9cd44579f41d7ac4ae949 Mon Sep 17 00:00:00 2001 From: Michael Hashizume Date: Thu, 17 Mar 2022 11:09:38 -0700 Subject: [PATCH 1/2] (maint) Removes irrelevant macOS tests Starting with macOS 10.14 Mojave, Apple require full disk access (FDA) to make changes to certain system functionality, including user ID (UID) and the `/home` directory. Granting FDA means either manual user intervention or creating a Privacy Preferences Policy Control Payload (PPPCP) profile through mobile device management (MDM). This means that these two tests (`should_modify_home.rb` and `should_modify_uid.rb`) don't work on any version of macOS that Puppet supports (10.14-11), so we no longer need them. --- .../tests/resource/user/should_modify_home.rb | 37 ------------------- .../tests/resource/user/should_modify_uid.rb | 37 ------------------- 2 files changed, 74 deletions(-) delete mode 100644 acceptance/tests/resource/user/should_modify_home.rb delete mode 100644 acceptance/tests/resource/user/should_modify_uid.rb diff --git a/acceptance/tests/resource/user/should_modify_home.rb b/acceptance/tests/resource/user/should_modify_home.rb deleted file mode 100644 index a11cf73131e..00000000000 --- a/acceptance/tests/resource/user/should_modify_home.rb +++ /dev/null @@ -1,37 +0,0 @@ -test_name "should modify the home directory of an user on OS X < 10.14" do - confine :to, :platform => /osx/ - confine :except, :platform => /(osx-10.1[4-9]|osx-11-)/ - - tag 'audit:high', - 'audit:acceptance' # Could be done as integration tests, but would - # require changing the system running the test - # in ways that might require special permissions - # or be harmful to the system running the test - - require 'puppet/acceptance/common_utils' - extend Puppet::Acceptance::BeakerUtils - extend Puppet::Acceptance::ManifestUtils - - user = "pl#{rand(999999).to_i}" - - agents.each do |agent| - teardown do - user_absent(agent, user) - end - - step "ensure the user is present" do - agent.user_present(user) - end - - step "verify that the user has the correct home" do - new_home = "/opt/#{user}" - user_manifest = resource_manifest('user', user, ensure: 'present', home: new_home) - apply_manifest_on(agent, user_manifest) - - agent.user_get(user) do |result| - user_home = result.stdout.split(':')[8] - assert_equal(user_home, new_home, "Expected home: #{new_home}, actual home: #{user_home}") - end - end - end -end diff --git a/acceptance/tests/resource/user/should_modify_uid.rb b/acceptance/tests/resource/user/should_modify_uid.rb deleted file mode 100644 index a94988fa63d..00000000000 --- a/acceptance/tests/resource/user/should_modify_uid.rb +++ /dev/null @@ -1,37 +0,0 @@ -test_name "should modify the uid of an user OS X < 10.14" do - confine :to, :platform => /osx/ - confine :except, :platform => /(osx-10.1[4-9]|osx-11-)/ - - tag 'audit:high', - 'audit:acceptance' # Could be done as integration tests, but would - # require changing the system running the test - # in ways that might require special permissions - # or be harmful to the system running the test - - require 'puppet/acceptance/common_utils' - extend Puppet::Acceptance::BeakerUtils - extend Puppet::Acceptance::ManifestUtils - - user = "pl#{rand(999999).to_i}" - - agents.each do |agent| - teardown do - user_absent(agent, user) - end - - step "ensure the user is present" do - agent.user_present(user) - end - - step "verify that the user has the correct uid" do - new_uid = rand(999999) - user_manifest = resource_manifest('user', user, ensure: 'present', uid: new_uid) - apply_manifest_on(agent, user_manifest) - - agent.user_get(user) do |result| - user_uid = Integer(result.stdout.split(':')[2]) - assert_equal(user_uid, new_uid, "Expected uid: #{new_uid}, actual uid: #{user_uid}") - end - end - end -end From 270d7626af0644a8d26ca98be507db74b8e4c60f Mon Sep 17 00:00:00 2001 From: Michael Hashizume Date: Thu, 17 Mar 2022 11:17:40 -0700 Subject: [PATCH 2/2] (maint) Expands test to include macOS 12 This test excludes all versions of macOS starting from 10.15 Catalina. As Puppet dropped macOS 10.14 Mojave support last year, we no longer have to use a regex matcher as every supported version of macOS can be excluded. --- .../file/ticket_8740_should_not_enumerate_root_directory.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acceptance/tests/resource/file/ticket_8740_should_not_enumerate_root_directory.rb b/acceptance/tests/resource/file/ticket_8740_should_not_enumerate_root_directory.rb index 96ed8a5d62c..6ae9fa3a58e 100644 --- a/acceptance/tests/resource/file/ticket_8740_should_not_enumerate_root_directory.rb +++ b/acceptance/tests/resource/file/ticket_8740_should_not_enumerate_root_directory.rb @@ -1,7 +1,7 @@ test_name "#8740: should not enumerate root directory" confine :except, :platform => 'windows' -confine :except, :platform => /(osx-10.1[5-9]|osx-11-)/ +confine :except, :platform => 'osx' tag 'audit:high', 'audit:refactor', # Use block style `test_name`