Chef- Resources -macos_password_policy Resource

Actions:

This resource has the following actions::nothing

 

The resource block will not act unless it is requested to do so by another resource explicitly. Once notified, it either queues it at the end of a Chef Infra Client run or runs it immediately.

:set

This sets the policy as defined in the property 

 

Properties 

The macos_password_policy has the following properties:

 

exempt_user

• Ruby Type: string 

Define the users for whom the password policy isn't applicable. 
 

lockout_time 

• Ruby Type: Integer 

Time duration for which your account is locked out after exceeding the maximum number of unsuccessful attempts.
 

max_failed_logins

• Ruby Type: Integer 

The number of failed login attempts a user can make before getting locked out. 
 

rememeber_how_many_passwords 

• Ruby type: integer 
• Default value: 3

The number of previous passwords the system remembers to avoid repetition of the same password.
 

maximum_password_age 

• Ruby Type: Integer 
• Default Value: 365

Maximum days for which a password is valid and needs to be renewed/changed after the stipulated time. 
 

minimum_lowercase_letters

• Ruby Type: Integer 
• Default value: 0

The minimum number of lowercase letters necessary in a password. 
 

minimum_password_length

• Ruby Type: Integer 
• Default value:12

Defines the minimum required length of a password
 

minimum_numeric_characters

• Ruby Type: Integer 
• Default value: 0

Minimum numbers that should be present in a password during its creation 
 

minimum_special_characters

• Ruby Type: Integer 
• Default value: 0

Defines the minimum number of special characters required in a password, like #,$,% etc.
 

minimum_uppercase_letters 

• Ruby type: integer 
• Default value: 0 

Defines the minimum number of uppercase characters required in a password during its creation.
 

Common Functionalities of Resource 

Chef resources have a variety of resource guards, common general properties and notifications, which are discussed below in detail:

 

Common Properties 

Here are discussed some common properties of Chef resources:

complie_time

• Ruby Type: true, false 
• Default value: false 

Used to specify the duration for which the resource is run on the node. It is set to true during the compile phase- when the resource collection is being built. It is set to false during the converge phase- when the Chef Infra Client is configuring the node.
 

retry_delay

• Ruby Type: integer 
• Default value: 2

Specifies the delay time between two successive retries
 

sensitive 

• Ruby Type: true, false 
• Default value: false

Ensures the Chef Infra Client does not log the sensitive resource data.
 

ignore_failure

• Ruby Type: true, false
• Default value: false 

Recipe will continue running even after a resource failure is encountered. :quiet ensures the full stack trace is not displayed, and the recipe keeps running over the failure.
 

retries 

• Ruby Type: integer 
• Default value: 0

Specifies the number of tries/attempts  to retry the resource and catch exceptions

 

Notifications 
 

1. notifies

Ruby Type: Symbol, ‘Chef::Resource[String]’
 

Syntax:

notifies :action , ‘resource_name’, :timer 

Notifications are used so that a resource may notify another resource to implement an action after the change of state or completion of a previous action. For this, specify the ‘resource_name’ and :action to be taken, with the :timer for that action. For notifying multiple resources, multiple notifies need to be written separately for each resource.
 

subscribes is used to prevent failure in case the references resource is not found. Otherwise, an error is raised if the required resource is missing in a default condition.
 

The following timers are available for the notification :timer, to specify when the Chef Infra Client is supposed to run a notification:
 

• :before 

Asks the client to run the action on a resource before processing the resource block.
 

• :immediately, :immediate 

Specifies that the action should be performed immediately when the resource block is encountered 
 

• :delayed

In this case, the notification is queued up and executed at the end of a Chef Infra Client Run.

 

1. subscribes 

Ruby Type: Symbol, 'Chef::Resource[String]'
 

Syntax:

subscribes :action, 'resource_name', :timer

 

If one resource is listening to another resource, it may want to take action when the state of the resource it is listening to changes. For this, subscribes is used by specifying the resource_name,:action and :timing of performance.

 

subscribes does not apply the mentioned action to the resource it listens to. It only applies the action to its resource. 
 

Guards

Guard properties are used to examine a node's state during the execution phase of a Chef Infra Client. It accepts a string or a Ruby block value. The result of this property is used to determine whether the resource should be executed further by the Chef Infra Client. The difference in implementation on the two different datatypes are:

• string: executed as a shell command. If 0 is returned, the guard is executed. For any other returned value, the guard property is not applied. String guards in a powershell_script run Windows PowerShell commands and may return true in addition to 0.
• Block: executed as a ruby code and returns true or false. The guard is applied for returned value as true; otherwise, not. 

Guards are used to making sure that resources are idempotent. It allows the resource to test for the desired state during its execution. If the desired state is present, the Chef Infra Client is asked not to do anything. 
 

Properties for Guards: 

• not_if : resource not executed when condition returns true 
• only_if: resource executed only when condition returns true 
   

Example Statements

 

Here is an example of how to use the resource:

macos_password_policy 'Password details and complexity setup' do
  max_failed_logins 4
  lockout_time 5
  maximum_password_age 200
  minimum_password_length 15
  minimum_numeric_characters 2
  minimum_lowercase_letters 10
  minimum_uppercase_letters 1
  minimum_special_characters 2
  remember_how_many_passwords 2
  exempt_user 'MyAdmin'
  action :set
end

 

Frequently Asked Questions 
 

What is Chef, and how to use it?

Chef is an open source software coded in Ruby, used to implement infrastructure to code. For a detailed explanation of the chef software and its usage, visit our Chef-Installation Guide.
 

What is macos_password_policy resource?

The macos_password_policy resource of Chef lets you define and specify password properties for the macOS. It describes the password complexity properties like length, type of characters, numerals etc. 
 

What is Gorilla? What is its use?

Chef is a software used to provide an automated management setup. It enables us to manage the users’ desktop applications with ease. For management in Windows, Gorilla is used. 

 

Conclusion

In this blog, we learnt the implementation of the macos_poassword_policy resource, its properties and usage. Using this resource, we learnt how to define our password properties setup for the macOS. For more information on Chef and its working, visit Chef-basics, Ansible VS Chef. Along this, get a deeper insight into the fundamentals of computers by reading about the primary topics of DBMS, DSA, Competitive Programming, Python, Java, etc. Like and share this blog if you found it helpful, to help fellow ninjas learn about the same. Happy Coding!!