summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorCorey Hemminger <hemminger@hotmail.com>2022-07-29 14:14:24 -0500
committerGitHub <noreply@github.com>2022-07-29 14:14:24 -0500
commitd3f61253df9abb181036a9fbb1efad378cdb8761 (patch)
tree34975e679418df54e045ef91ec2a3f31dd7de7da
parent624e75000681fef0e6441a3d922e9a08e918a983 (diff)
downloadchef-d3f61253df9abb181036a9fbb1efad378cdb8761.tar.gz
add list of principal names
-rw-r--r--lib/chef/resource/windows_user_privilege.rb43
1 files changed, 41 insertions, 2 deletions
diff --git a/lib/chef/resource/windows_user_privilege.rb b/lib/chef/resource/windows_user_privilege.rb
index e4679f50b9..2672ad8675 100644
--- a/lib/chef/resource/windows_user_privilege.rb
+++ b/lib/chef/resource/windows_user_privilege.rb
@@ -23,7 +23,7 @@ class Chef
class WindowsUserPrivilege < Chef::Resource
provides :windows_user_privilege
- description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment"
+ description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment\n For litt of principals Ref: https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/special-identities"
introduced "16.0"
@@ -123,10 +123,49 @@ class Chef
SeTrustedCredManAccessPrivilege
SeUndockPrivilege
}.freeze
+
+ PRINCIPAL_OPTS = [ 'Anonymous Logon'
+ 'Attested Key Property'
+ 'Authenticated Users'
+ 'Authentication Authority Asserted Identity'
+ 'Batch'
+ 'Console Logon'
+ 'Creator Group'
+ 'Creator Owner'
+ 'Dialup'
+ 'Digest Authentication'
+ 'Enterprise Domain Controllers'
+ 'Everyone'
+ 'Fresh Public Key Identity'
+ 'Interactive'
+ 'IUSR'
+ 'Key Trust'
+ 'Local Service'
+ 'LocalSystem'
+ 'MFA Key Property'
+ 'Network'
+ 'Network Service'
+ 'NTLM Authentication'
+ 'Other Organization'
+ 'Owner Rights'
+ 'Principal Self'
+ 'Proxy'
+ 'Remote Interactive Logon'
+ 'Restricted'
+ 'SChannel Authentication'
+ 'Service'
+ 'Service Asserted Identity'
+ 'Terminal Server User'
+ 'This Organization'
+ 'Window Manager\Window Manager Group'
+ ].freeze
property :principal, String,
description: "An optional property to add the user to the given privilege. Use only with add and remove action.",
- name_property: true
+ name_property: true,
+ callbacks: {
+ "Principal property restricted to the following values: #{PRINCIPLE_OPTS}" => lambda { |n| (n - PRINCIPAL_OPTS).empty? },
+ }, identity: true
property :users, [Array, String],
description: "An optional property to set the privilege for given users. Use only with set action.",