diff options
author | Adam Edwards <adamed@opscode.com> | 2015-10-11 07:53:02 -0700 |
---|---|---|
committer | Adam Edwards <adamed@opscode.com> | 2015-10-11 07:53:02 -0700 |
commit | 614abb345ab8656e1316b8b4c8dd2e85b480824a (patch) | |
tree | 84f6a931acccda69b153c002b43b951cf972c057 | |
parent | ececa3438f122d25986fa34557694fa1e86527d2 (diff) | |
download | chef-adamedx/windows-execute-user.tar.gz |
Enable user identity for execute resourcesadamedx/windows-execute-user
-rw-r--r-- | lib/chef/mixin/shell_out.rb | 4 | ||||
-rw-r--r-- | lib/chef/provider/execute.rb | 4 | ||||
-rw-r--r-- | lib/chef/provider/powershell_script.rb | 8 | ||||
-rw-r--r-- | lib/chef/provider/script.rb | 19 | ||||
-rw-r--r-- | lib/chef/resource/execute.rb | 26 |
5 files changed, 58 insertions, 3 deletions
diff --git a/lib/chef/mixin/shell_out.rb b/lib/chef/mixin/shell_out.rb index 529023056d..5685bb5b6d 100644 --- a/lib/chef/mixin/shell_out.rb +++ b/lib/chef/mixin/shell_out.rb @@ -90,10 +90,12 @@ class Chef end private - +require 'pry' def shell_out_command(*command_args) cmd = Mixlib::ShellOut.new(*run_command_compatible_options(command_args)) cmd.live_stream ||= io_for_live_stream + puts "COMMAND: #{cmd.command}" + # binding.pry if cmd.command.include?("chef-script") cmd.run_command cmd end diff --git a/lib/chef/provider/execute.rb b/lib/chef/provider/execute.rb index b44112c19e..a703179883 100644 --- a/lib/chef/provider/execute.rb +++ b/lib/chef/provider/execute.rb @@ -27,7 +27,7 @@ class Chef provides :execute - def_delegators :@new_resource, :command, :returns, :environment, :user, :group, :cwd, :umask, :creates + def_delegators :@new_resource, :command, :returns, :environment, :user, :domain, :password, :group, :cwd, :umask, :creates def load_current_resource current_resource = Chef::Resource::Execute.new(new_resource.name) @@ -75,6 +75,7 @@ class Chef opts[:returns] = returns if returns opts[:environment] = environment if environment opts[:user] = user if user + opts[:password] = password if password opts[:group] = group if group opts[:cwd] = cwd if cwd opts[:umask] = umask if umask @@ -99,6 +100,7 @@ class Chef ( cwd && creates_relative? ) ? ::File.join(cwd, creates) : creates )) end + end end end diff --git a/lib/chef/provider/powershell_script.rb b/lib/chef/provider/powershell_script.rb index cea9a45dad..da8a652213 100644 --- a/lib/chef/provider/powershell_script.rb +++ b/lib/chef/provider/powershell_script.rb @@ -149,6 +149,14 @@ EOH <<-EOH # Chef Client wrapper for powershell_script resources +# In rare cases, this module is not present and the +# new-variable cmdlet is not available, so import it +# just in case +if ( get-module -ListAvailable Microsoft.PowerShell.Utility ) +{ + Import-Module Microsoft.PowerShell.Utility +} + # LASTEXITCODE can be uninitialized -- make it explictly 0 # to avoid incorrect detection of failure (non-zero) codes $global:LASTEXITCODE = 0 diff --git a/lib/chef/provider/script.rb b/lib/chef/provider/script.rb index e8b5235b7a..9bc070466e 100644 --- a/lib/chef/provider/script.rb +++ b/lib/chef/provider/script.rb @@ -18,6 +18,7 @@ require 'tempfile' require 'chef/provider/execute' +require 'chef/win32/security' require 'forwardable' class Chef @@ -68,9 +69,25 @@ class Chef # FileUtils itself implements a no-op if +user+ or +group+ are nil # You can prove this by running FileUtils.chown(nil,nil,'/tmp/file') # as an unprivileged user. - FileUtils.chown(new_resource.user, new_resource.group, script_file.path) + if ! Chef::Platform.windows? + FileUtils.chown(new_resource.user, new_resource.group, script_file.path) + else + grant_alternate_user_read_access + end + end + + def grant_alternate_user_read_access + securable_object = Chef::ReservedNames::Win32::Security::SecurableObject.new(script_file.path) + aces = securable_object.security_descriptor.dacl.reduce([]) { | result, current | result.push(current) } +# aces = securable_object.security_descriptor.dacl.flatten + user_sid = Chef::ReservedNames::Win32::Security::SID.from_account(new_resource.user) + read_ace = Chef::ReservedNames::Win32::Security::ACE.access_allowed(user_sid, Chef::ReservedNames::Win32::API::Security::GENERIC_READ | Chef::ReservedNames::Win32::API::Security::GENERIC_EXECUTE, 0) + aces.push(read_ace) + acl = Chef::ReservedNames::Win32::Security::ACL.create(aces) + securable_object.dacl = acl end + def script_file @script_file ||= Tempfile.open("chef-script") end diff --git a/lib/chef/resource/execute.rb b/lib/chef/resource/execute.rb index ec669a75d3..238557c078 100644 --- a/lib/chef/resource/execute.rb +++ b/lib/chef/resource/execute.rb @@ -46,6 +46,8 @@ class Chef @returns = 0 @timeout = nil @user = nil + @domain = nil + @password = nil @umask = nil @default_guard_interpreter = :execute @is_guard_interpreter = false @@ -135,6 +137,30 @@ class Chef ) end + def domain(arg=nil) + set_or_return( + :domain, + arg, + :kind_of => [ String ] + ) + end + + def password(arg=nil) + set_or_return( + :password, + arg, + :kind_of => [ String ] + ) + end + + def sensitive(arg=nil) + if password + true + else + super + end + end + def self.set_guard_inherited_attributes(*inherited_attributes) @class_inherited_attributes = inherited_attributes end |