class Chef::Resource::User::MacUser
Provide a user resource that is compatible with default TCC restrictions that were introduced in macOS 10.14.
Changes:
-
This resource and the corresponding provider have been modified to work with default macOS TCC policies. Direct access to user binary plists are no longer permitted by default, thus we’ve chosen to use a combination of newer utilities for managing user lifecycles and older utilities for managing passwords.
-
Due to tooling changes that were necessitated by the new policy restrictions the mac_user resource is only suitable for use on macOS >= 10.14. Support for older platforms has been removed.
New Features:
-
Primary group management is now included.
-
‘admin’ is now a boolean property that configures a user to an admin.
-
‘admin_username’ and ‘admin_password’ are new properties that define the admin user credentials required for toggling SecureToken for a user.
The value of ‘admin_username’ must correspond to a system user that is part of the ‘admin’ with SecureToken enabled in order to toggle SecureToken.
-
‘secure_token’ is a boolean property that sets the desired state for SecureToken. SecureToken token is required for FileVault full disk encryption.
-
‘secure_token_password’ is the plaintext password required to enable or disable secure_token for a user. If no salt is specified we assume the ‘password’ property corresponds to a plaintext password and will attempt to use it in place of secure_token_password if it not set.