diff options
| author | NAshwini <ashwini.nehate@msystechnologies.com> | 2020-02-24 15:16:05 +0530 |
|---|---|---|
| committer | NAshwini <ashwini.nehate@msystechnologies.com> | 2020-03-05 11:19:16 +0530 |
| commit | 601773484570697ae45290d53864680e1f4aa311 (patch) | |
| tree | 408440652242b28822478a407fc1d966c8e74cad | |
| parent | a6d7991ba02f82fc17ecec26feeb965a045d9654 (diff) | |
| download | chef-601773484570697ae45290d53864680e1f4aa311.tar.gz | |
Replaced dsc_resource to powershell_script resource
Signed-off-by: NAshwini <ashwini.nehate@msystechnologies.com>
| -rw-r--r-- | lib/chef/resource/windows_security_policy.rb | 51 | ||||
| -rw-r--r-- | spec/functional/resource/windows_security_policy_spec.rb | 8 |
2 files changed, 38 insertions, 21 deletions
diff --git a/lib/chef/resource/windows_security_policy.rb b/lib/chef/resource/windows_security_policy.rb index 14e25ac943..ac448f4a71 100644 --- a/lib/chef/resource/windows_security_policy.rb +++ b/lib/chef/resource/windows_security_policy.rb @@ -49,25 +49,42 @@ class Chef property :secvalue, String, required: true, description: "Policy value to be set for policy name." - property :sensitive, [TrueClass, FalseClass], default: true, - description: "Ensure that sensitive resource data is not logged by Chef Infra Client.", - default_description: "true" - action :set do security_option = new_resource.secoption - if powershell_exec("(Get-PackageSource -Name PSGallery).name").result.empty? || powershell_exec("(Get-Package -Name cSecurityOptions -WarningAction SilentlyContinue).name").result.empty? - raise "This resource needs Powershell module cSecurityOptions to be installed. \n Please install it and then re-run the recipe. \n https://www.powershellgallery.com/packages/cSecurityOptions/3.1.3" - end - - sec_hash = { - security_option => new_resource.secvalue, - } - dsc_resource "AccountSettings" do - module_name "cSecurityOptions" - resource :AccountAndBasicAuditing - property :Enable, "$true" - property :AccountAndBasicAuditing, sec_hash - sensitive new_resource.sensitive + security_value = new_resource.secvalue + directory 'c:\\chef_temp' + powershell_script "#{security_option} set to #{security_value}" do + convert_boolean_return true + code <<-EOH + $security_option = "#{security_option}" + if ( ($security_option -match "NewGuestName") -Or ($security_option -match "NewAdministratorName") ) + { + $#{security_option}_Remediation = (Get-Content c:\\chef_temp\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace '#{security_option}\\s*=\\s*\\"\\w*\\"', '#{security_option} = "#{security_value}"' } | Set-Content 'c:\\chef_temp\\#{security_option}_Export.inf' + secedit /configure /db $env:windir\\security\\new.sdb /cfg 'c:\\chef_temp\\#{security_option}_Export.inf' /areas SECURITYPOLICY + } + else + { + $#{security_option}_Remediation = (Get-Content c:\\chef_temp\\#{security_option}_Export.inf) | Foreach-Object { $_ -replace "#{security_option}\\s*=\\s*\\d*", "#{security_option} = #{security_value}" } | Set-Content 'c:\\chef_temp\\#{security_option}_Export.inf' + secedit /configure /db $env:windir\\security\\new.sdb /cfg 'c:\\chef_temp\\#{security_option}_Export.inf' /areas SECURITYPOLICY + } + Remove-Item 'c:\\chef_temp' -Force -Recurse -ErrorAction SilentlyContinue + EOH + guard_interpreter :powershell_script + not_if <<-EOH + $#{security_option}_Export = secedit /export /cfg 'c:\\chef_temp\\#{security_option}_Export.inf' + $ExportAudit = (Get-Content c:\\chef_temp\\#{security_option}_Export.inf | Select-String -Pattern #{security_option}) + $check_digit = $ExportAudit -match '#{security_option} = #{security_value}' + $check_string = $ExportAudit -match '#{security_option} = "#{security_value}"' + if ( $check_string -Or $check_digit ) + { + Remove-Item 'c:\\chef_temp' -Force -Recurse -ErrorAction SilentlyContinue + $true + } + else + { + $false + } + EOH end end end diff --git a/spec/functional/resource/windows_security_policy_spec.rb b/spec/functional/resource/windows_security_policy_spec.rb index 62e379962d..db100f5bd2 100644 --- a/spec/functional/resource/windows_security_policy_spec.rb +++ b/spec/functional/resource/windows_security_policy_spec.rb @@ -22,9 +22,6 @@ require "chef/mixin/powershell_out" describe Chef::Resource::WindowsSecurityPolicy, :windows_only do include Chef::Mixin::PowershellExec - before(:all) { - powershell_exec("Install-Module -Name cSecurityOptions -Force") if powershell_exec("(Get-Package -Name cSecurityOptions -WarningAction SilentlyContinue).name").result.empty? - } let(:secoption) { "MaximumPasswordAge" } let(:secvalue) { "30" } @@ -59,9 +56,12 @@ describe Chef::Resource::WindowsSecurityPolicy, :windows_only do end it "should be idempotent" do + subject.secvalue("30") subject.run_action(:set) + guardscript_and_script_time = subject.elapsed_time subject.run_action(:set) - expect(subject).not_to be_updated_by_last_action + only_guardscript_time = subject.elapsed_time + expect(only_guardscript_time).to be < guardscript_and_script_time end end |