Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
70 changed files
with
1,900 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
cpe_applicationaccess Cookbook | ||
========================= | ||
Install a profile to manage various application settings. | ||
|
||
Requirements | ||
------------ | ||
macOS | ||
|
||
Attributes | ||
---------- | ||
* node['cpe_applicationaccess']['lists']['pathBlackList'] | ||
* node['cpe_applicationaccess']['lists']['pathWhiteList'] | ||
* node['cpe_applicationaccess']['lists']['whiteList'] | ||
* node['cpe_applicationaccess']['features']['allowAutoUnlock'] | ||
* node['cpe_applicationaccess']['features']['allowCamera'] | ||
* node['cpe_applicationaccess']['features']['allowCloudAddressBook'] | ||
* node['cpe_applicationaccess']['features']['allowCloudBTMM'] | ||
* node['cpe_applicationaccess']['features']['allowCloudDesktopAndDocuments'] | ||
* node['cpe_applicationaccess']['features']['allowCloudDocumentSync'] | ||
* node['cpe_applicationaccess']['features']['allowCloudFMM'] | ||
* node['cpe_applicationaccess']['features']['allowCloudKeychainSync'] | ||
* node['cpe_applicationaccess']['features']['allowCloudMail'] | ||
* node['cpe_applicationaccess']['features']['allowCloudCalendar'] | ||
* node['cpe_applicationaccess']['features']['allowCloudReminders'] | ||
* node['cpe_applicationaccess']['features']['allowCloudBookmarks'] | ||
* node['cpe_applicationaccess']['features']['allowCloudNotes'] | ||
* node['cpe_applicationaccess']['features']['allowDefinitionLookup'] | ||
* node['cpe_applicationaccess']['features']['allowMusicService'] | ||
* node['cpe_applicationaccess']['features']['allowSpotlightInternetResults'] | ||
|
||
Usage | ||
----- | ||
The profile will manage the `com.apple.applicationaccess` and `com.apple.applicationaccess.new` preference domains. | ||
|
||
The profile's organization key defaults to `Pinterest` unless `node['organization']` is | ||
configured in your company's custom init recipe. The profile will also use | ||
whichever prefix is set in `node['cpe_profiles']['prefix']`, which defaults to `com.facebook.chef` | ||
|
||
The profile delivers a payload of all keys in `node['cpe_applicationaccess']['features']` and/or `node['cpe_applicationaccess']['lists']` that are non-nil values. All provided keys are nil by default, so that no profile is installed without overriding. | ||
|
||
|
||
The most common use case for `com.apple.applicationaccess.new` is for service machines that will be significantly locked down. | ||
|
||
# Allow anything from "/". | ||
node.default['cpe_applicationaccess']['lists']['pathWhiteList'] = [ | ||
'/', | ||
] | ||
# Block paths. | ||
node.default['cpe_applicationaccess']['lists']['pathBlackList'] = [ | ||
'/Applications/AutoPkgr.app', | ||
'/Applications/Transmission.app', | ||
] | ||
|
||
The most common use case for `com.apple.applicationaccess` is to lock down specific internet/iCloud features. | ||
|
||
# Block iCloud | ||
node.default['cpe_applicationaccess']['features']['allowCloudDesktopAndDocuments'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# | ||
# Cookbook Name:: cpe_applicationaccess | ||
# Attributes:: default | ||
# | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
# | ||
# Copyright (c) 2017-present, Pinterest, Inc. | ||
# All rights reserved. | ||
# | ||
# This source code is licensed under the Apache 2.0 license found in the | ||
# LICENSE file in the root directory of this source tree. | ||
# | ||
|
||
default['cpe_applicationaccess'] = { | ||
# Path Application Whitelist/Blacklist | ||
'lists' => { | ||
'pathBlackList' => nil, | ||
'pathWhiteList' => nil, | ||
'whiteList' => nil, | ||
}, | ||
# Application Access Features | ||
'features' => { | ||
'allowAutoUnlock' => nil, | ||
'allowCamera' => nil, | ||
'allowCloudAddressBook' => nil, | ||
'allowCloudBTMM' => nil, | ||
'allowCloudDesktopAndDocuments' => nil, | ||
'allowCloudDocumentSync' => nil, | ||
'allowCloudFMM' => nil, | ||
'allowCloudKeychainSync' => nil, | ||
'allowCloudMail' => nil, | ||
'allowCloudCalendar' => nil, | ||
'allowCloudReminders' => nil, | ||
'allowCloudBookmarks' => nil, | ||
'allowCloudNotes' => nil, | ||
'allowDefinitionLookup' => nil, | ||
'allowMusicService' => nil, | ||
'allowSpotlightInternetResults' => nil, | ||
}, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
|
||
name 'cpe_applicationaccess' | ||
maintainer 'Pinterest' | ||
maintainer_email 'itcpe@pinterest.com' | ||
license 'Apache' | ||
description 'Manages Apple System Preference Panes settings / profile' | ||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) | ||
version '0.1.0' | ||
supports 'mac_os_x' | ||
|
||
depends 'cpe_profiles' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# | ||
# Cookbook Name:: cpe_applicationaccess | ||
# Resource:: cpe_applicationaccess | ||
# | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
# | ||
# Copyright (c) 2017-present, Pinterest, Inc. | ||
# All rights reserved. | ||
# | ||
# This source code is licensed under the Apache 2.0 license found in the | ||
# LICENSE file in the root directory of this source tree. | ||
# | ||
|
||
cpe_applicationaccess 'Apply Application Access profile' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
# | ||
# Cookbook Name:: cpe_applicationaccess | ||
# Resource:: cpe_applicationaccess | ||
# | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
# | ||
# Copyright (c) 2017-present, Pinterest, Inc. | ||
# All rights reserved. | ||
# | ||
# This source code is licensed under the Apache 2.0 license found in the | ||
# LICENSE file in the root directory of this source tree. | ||
# | ||
|
||
resource_name :cpe_applicationaccess | ||
default_action :run | ||
|
||
action :run do | ||
aa_prefs = node['cpe_applicationaccess']['features'].reject { |_k, v| v.nil? } | ||
aan_prefs = node['cpe_applicationaccess']['lists'].reject { |_k, v| v.nil? } | ||
if aa_prefs.empty? && aan_prefs.empty? | ||
Chef::Log.info("#{cookbook_name}: No prefs found.") | ||
return | ||
end | ||
|
||
organization = node['organization'] ? node['organization'] : 'GitHub' | ||
prefix = node['cpe_profiles']['prefix'] | ||
aa_profile = { | ||
'PayloadIdentifier' => "#{prefix}.applicationaccess", | ||
'PayloadRemovalDisallowed' => true, | ||
'PayloadScope' => 'System', | ||
'PayloadType' => 'Configuration', | ||
'PayloadUUID' => 'D1B78DD9-13A1-4BC5-9F22-EF10042F6041', | ||
'PayloadOrganization' => organization, | ||
'PayloadVersion' => 1, | ||
'PayloadDisplayName' => 'Application Restrictions', | ||
'PayloadContent' => [], | ||
} | ||
unless aa_prefs.empty? | ||
aa_profile['PayloadContent'].push( | ||
'PayloadType' => 'com.apple.applicationaccess', | ||
'PayloadVersion' => 1, | ||
'PayloadIdentifier' => "#{prefix}.applicationaccess", | ||
'PayloadUUID' => '6493D033-179A-4E8D-AD85-FDBD09A28DCC', | ||
'PayloadEnabled' => true, | ||
'PayloadDisplayName' => 'Application Restrictions', | ||
) | ||
|
||
aa_prefs.keys.each do |key| | ||
next if aa_prefs[key].nil? | ||
aa_profile['PayloadContent'][0][key] = aa_prefs[key] | ||
end | ||
end | ||
|
||
unless aan_prefs.empty? | ||
aa_profile['PayloadContent'].push( | ||
'PayloadType' => 'com.apple.applicationaccess.new', | ||
'PayloadVersion' => 1, | ||
'PayloadIdentifier' => "#{prefix}.applicationaccess.new", | ||
'PayloadUUID' => '23E11571-624B-4B74-89C0-12226EEEACD1', | ||
'PayloadEnabled' => true, | ||
'PayloadDisplayName' => 'Application Restrictions New', | ||
'familyControlsEnabled' => true, | ||
) | ||
|
||
aan_prefs.keys.each do |key| | ||
next if aan_prefs[key].nil? | ||
aa_profile['PayloadContent'][-1][key] = aan_prefs[key] | ||
end | ||
end | ||
|
||
node.default['cpe_profiles']["#{prefix}.applicationaccess"] = aa_profile | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
cpe_ard Cookbook | ||
========================= | ||
Install a profile to manage Apple Remote Desktop Application settings. | ||
|
||
Requirements | ||
------------ | ||
Mac OS X | ||
|
||
Attributes | ||
---------- | ||
* node['cpe_ard'] | ||
* node['cpe_ard']['AdminConsoleAllowsRemoteControl'] | ||
* node['cpe_ard']['LoadRemoteManagementMenuExtra'] | ||
|
||
Usage | ||
----- | ||
The profile will manage the `com.apple.RemoteManagement` preference domain. | ||
|
||
The profile's organization key defaults to `Pinterest` unless `node['organization']` is | ||
configured in your company's custom init recipe. The profile will also use | ||
whichever prefix is set in node['cpe_profiles']['prefix'], which defaults to `com.facebook.chef` | ||
|
||
The profile delivers a payload of all keys in `node['cpe_ard']` that are non-nil values. The two provided keys `node['cpe_ard']['AdminConsoleAllowsRemoteControl']` and `node['cpe_ard']['LoadRemoteManagementMenuExtra']` are nil, so that no profile is installed by default. | ||
|
||
You can add any arbitrary keys to `node['cpe_ard']` to have them added to your profile. As long as the values are not nil and create a valid profile, this cookbook will install and manage them. | ||
|
||
The most common use case is for service machines with Apple Remote Desktop installed. | ||
|
||
# Force Apple Remote Desktop use when application is open. | ||
node.default['cpe_ard']['AdminConsoleAllowsRemoteControl'] = true | ||
node.default['cpe_ard']['LoadRemoteManagementMenuExtra'] = true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# | ||
# Cookbook Name:: cpe_ard | ||
# Attributes:: default | ||
# | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
# | ||
# Copyright (c) 2017-present, Pinterest, Inc. | ||
# All rights reserved. | ||
# | ||
# This source code is licensed under the Apache 2.0 license found in the | ||
# LICENSE file in the root directory of this source tree. | ||
# | ||
|
||
# Disable bluetooth setup assistant for mouse and keyboard | ||
default['cpe_ard']['AdminConsoleAllowsRemoteControl'] = nil | ||
default['cpe_ard']['LoadRemoteManagementMenuExtra'] = nil |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
|
||
name 'cpe_ard' | ||
maintainer 'Pinterest' | ||
maintainer_email 'itcpe@pinterest.com' | ||
license 'Apache' | ||
description 'Manages Apple Remote Desktop Application settings / profile' | ||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) | ||
version '0.1.0' | ||
supports 'mac_os_x' | ||
|
||
depends 'cpe_profiles' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
# | ||
# Cookbook Name:: cpe_ard | ||
# Recipes:: default | ||
# | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
# | ||
# Copyright (c) 2017-present, Pinterest, Inc. | ||
# All rights reserved. | ||
# | ||
# This source code is licensed under the Apache 2.0 license found in the | ||
# LICENSE file in the root directory of this source tree. | ||
# | ||
|
||
cpe_ard 'Apply Apple Remote Desktop App profile' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
# | ||
# Cookbook Name:: cpe_ard | ||
# Resource:: cpe_ard | ||
# | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
# | ||
# Copyright (c) 2017-present, Pinterest, Inc. | ||
# All rights reserved. | ||
# | ||
# This source code is licensed under the Apache 2.0 license found in the | ||
# LICENSE file in the root directory of this source tree. | ||
# | ||
|
||
resource_name :cpe_ard | ||
default_action :run | ||
|
||
ard_prefs = {} | ||
|
||
action :run do | ||
ard_prefs = node['cpe_ard'].reject { |_k, v| v.nil? } | ||
return if ard_prefs.empty? | ||
organization = node['organization'] ? node['organization'] : 'Pinterest' | ||
prefix = node['cpe_profiles']['prefix'] | ||
node.default['cpe_profiles']["#{prefix}.ard"] = { | ||
'PayloadIdentifier' => "#{prefix}.ardapp", | ||
'PayloadRemovalDisallowed' => true, | ||
'PayloadScope' => 'System', | ||
'PayloadType' => 'Configuration', | ||
'PayloadUUID' => '2CAB3C80-54C4-4D61-A142-52C2EBB0DA8C', | ||
'PayloadOrganization' => organization, | ||
'PayloadVersion' => 1, | ||
'PayloadDisplayName' => 'Apple Remote Desktop Application', | ||
'PayloadContent' => [ | ||
{ | ||
'PayloadType' => 'com.apple.ManagedClient.preferences', | ||
'PayloadVersion' => 1, | ||
'PayloadIdentifier' => "#{prefix}.ard", | ||
'PayloadUUID' => '149EAD29-D27D-4639-8E8D-D8513B18A2B5', | ||
'PayloadEnabled' => true, | ||
'PayloadDisplayName' => 'RemoteManagement', | ||
'PayloadContent' => { | ||
'com.apple.RemoteManagement' => { | ||
'Forced' => [ | ||
{ | ||
'mcx_preference_settings' => ard_prefs, | ||
}, | ||
], | ||
}, | ||
}, | ||
}, | ||
], | ||
} | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
cpe_desktopwallpaper Cookbook | ||
========================= | ||
Install a profile to manage Desktop settings. | ||
Requirements | ||
------------ | ||
maOS | ||
|
||
Attributes | ||
---------- | ||
* node['cpe_desktopwallpaper'] | ||
* node['cpe_desktopwallpaper']['OverridePicturePath'] | ||
|
||
Usage | ||
----- | ||
The profile will manage the `com.apple.desktop` preference domain. | ||
|
||
The profile's organization key defaults to `Pinterest` unless `node['organization']` is | ||
configured in your company's custom init recipe. The profile will also use | ||
whichever prefix is set in node['cpe_profiles']['prefix'], which defaults to `com.facebook.chef` | ||
|
||
The profile delivers a payload of all keys in `node['cpe_desktopwallpaper']` that are non-nil values. The key `node['cpe_desktopwallpaper']['OverridePicturePath']` is nil, so that no profile is installed by default. | ||
|
||
The most common use case is for client machines that are heavily locked down. | ||
|
||
# Set Wallpaper | ||
node.default['cpe_desktopwallpaper']['OverridePicturePath'] = '/Library/Desktop Pictures/El Capitan.jpg' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# | ||
# Cookbook Name:: cpe_desktopwallpaper | ||
# Attributes:: default | ||
# | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
# | ||
# Copyright (c) 2017-present, Pinterest, Inc. | ||
# All rights reserved. | ||
# | ||
# This source code is licensed under the Apache 2.0 license found in the | ||
# LICENSE file in the root directory of this source tree. | ||
# | ||
|
||
# Lock and Setup a wallpaper | ||
default['cpe_desktopwallpaper']['OverridePicturePath'] = nil |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
# vim: syntax=ruby:expandtab:shiftwidth=2:softtabstop=2:tabstop=2 | ||
|
||
name 'cpe_desktopwallpaper' | ||
maintainer 'Pinterest' | ||
maintainer_email 'itcpe@pinterest.com' | ||
license 'Apache' | ||
description 'Manages Desktop Wallpaper settings / profile' | ||
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md')) | ||
version '0.1.0' | ||
supports 'mac_os_x' | ||
|
||
depends 'cpe_profiles' |
Oops, something went wrong.