diff options
author | Tim Smith <tsmith84@gmail.com> | 2020-09-11 10:15:49 -0700 |
---|---|---|
committer | Tim Smith <tsmith84@gmail.com> | 2020-09-11 10:15:49 -0700 |
commit | 4b1d91928f6fbffea34d7169b5bb75591a6f27b7 (patch) | |
tree | f82b194f790f7fb5719d9f9555acc84194402fc8 | |
parent | 9be53025a80b1fca8365abe612341ae811778155 (diff) | |
download | chef-4b1d91928f6fbffea34d7169b5bb75591a6f27b7.tar.gz |
Use a frozen constant for the privs we accept
Signed-off-by: Tim Smith <tsmith@chef.io>
-rw-r--r-- | lib/chef/resource/windows_user_privilege.rb | 96 |
1 files changed, 48 insertions, 48 deletions
diff --git a/lib/chef/resource/windows_user_privilege.rb b/lib/chef/resource/windows_user_privilege.rb index 142a49639b..bfdab8cdf9 100644 --- a/lib/chef/resource/windows_user_privilege.rb +++ b/lib/chef/resource/windows_user_privilege.rb @@ -23,52 +23,6 @@ class Chef class WindowsUserPrivilege < Chef::Resource unified_mode true - privilege_opts = %w{ SeAssignPrimaryTokenPrivilege - SeAuditPrivilege - SeBackupPrivilege - SeBatchLogonRight - SeChangeNotifyPrivilege - SeCreateGlobalPrivilege - SeCreatePagefilePrivilege - SeCreatePermanentPrivilege - SeCreateSymbolicLinkPrivilege - SeCreateTokenPrivilege - SeDebugPrivilege - SeDenyBatchLogonRight - SeDenyInteractiveLogonRight - SeDenyNetworkLogonRight - SeDenyRemoteInteractiveLogonRight - SeDenyServiceLogonRight - SeEnableDelegationPrivilege - SeImpersonatePrivilege - SeIncreaseBasePriorityPrivilege - SeIncreaseQuotaPrivilege - SeIncreaseWorkingSetPrivilege - SeInteractiveLogonRight - SeLoadDriverPrivilege - SeLockMemoryPrivilege - SeMachineAccountPrivilege - SeManageVolumePrivilege - SeNetworkLogonRight - SeProfileSingleProcessPrivilege - SeRelabelPrivilege - SeRemoteInteractiveLogonRight - SeRemoteShutdownPrivilege - SeRestorePrivilege - SeSecurityPrivilege - SeServiceLogonRight - SeShutdownPrivilege - SeSyncAgentPrivilege - SeSystemEnvironmentPrivilege - SeSystemProfilePrivilege - SeSystemtimePrivilege - SeTakeOwnershipPrivilege - SeTcbPrivilege - SeTimeZonePrivilege - SeTrustedCredManAccessPrivilege - SeUndockPrivilege - } - provides :windows_user_privilege description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment" @@ -125,6 +79,52 @@ class Chef ``` DOC + PRIVILEGE_OPTS = %w{ SeAssignPrimaryTokenPrivilege + SeAuditPrivilege + SeBackupPrivilege + SeBatchLogonRight + SeChangeNotifyPrivilege + SeCreateGlobalPrivilege + SeCreatePagefilePrivilege + SeCreatePermanentPrivilege + SeCreateSymbolicLinkPrivilege + SeCreateTokenPrivilege + SeDebugPrivilege + SeDenyBatchLogonRight + SeDenyInteractiveLogonRight + SeDenyNetworkLogonRight + SeDenyRemoteInteractiveLogonRight + SeDenyServiceLogonRight + SeEnableDelegationPrivilege + SeImpersonatePrivilege + SeIncreaseBasePriorityPrivilege + SeIncreaseQuotaPrivilege + SeIncreaseWorkingSetPrivilege + SeInteractiveLogonRight + SeLoadDriverPrivilege + SeLockMemoryPrivilege + SeMachineAccountPrivilege + SeManageVolumePrivilege + SeNetworkLogonRight + SeProfileSingleProcessPrivilege + SeRelabelPrivilege + SeRemoteInteractiveLogonRight + SeRemoteShutdownPrivilege + SeRestorePrivilege + SeSecurityPrivilege + SeServiceLogonRight + SeShutdownPrivilege + SeSyncAgentPrivilege + SeSystemEnvironmentPrivilege + SeSystemProfilePrivilege + SeSystemtimePrivilege + SeTakeOwnershipPrivilege + SeTcbPrivilege + SeTimeZonePrivilege + SeTrustedCredManAccessPrivilege + SeUndockPrivilege + }.freeze + property :principal, String, description: "An optional property to add the user to the given privilege. Use only with add and remove action.", name_property: true @@ -137,14 +137,14 @@ class Chef required: true, coerce: proc { |v| v.is_a?(String) ? Array[v] : v }, callbacks: { - "Option privilege must include any of the: #{privilege_opts}" => lambda { |n| + "Option privilege must include any of the: #{PRIVILEGE_OPTS}" => lambda { |n| if n.is_a?(String) these_options = Array[n] else these_options = n end - if (these_options - privilege_opts).empty? + if (these_options - PRIVILEGE_OPTS).empty? true else false |