diff options
author | Corey Hemminger <hemminger@hotmail.com> | 2022-07-29 14:14:24 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-07-29 14:14:24 -0500 |
commit | d3f61253df9abb181036a9fbb1efad378cdb8761 (patch) | |
tree | 34975e679418df54e045ef91ec2a3f31dd7de7da | |
parent | 624e75000681fef0e6441a3d922e9a08e918a983 (diff) | |
download | chef-d3f61253df9abb181036a9fbb1efad378cdb8761.tar.gz |
add list of principal names
-rw-r--r-- | lib/chef/resource/windows_user_privilege.rb | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/lib/chef/resource/windows_user_privilege.rb b/lib/chef/resource/windows_user_privilege.rb index e4679f50b9..2672ad8675 100644 --- a/lib/chef/resource/windows_user_privilege.rb +++ b/lib/chef/resource/windows_user_privilege.rb @@ -23,7 +23,7 @@ class Chef class WindowsUserPrivilege < Chef::Resource provides :windows_user_privilege - description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment" + description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment\n For litt of principals Ref: https://docs.microsoft.com/en-us/windows/security/identity-protection/access-control/special-identities" introduced "16.0" @@ -123,10 +123,49 @@ class Chef SeTrustedCredManAccessPrivilege SeUndockPrivilege }.freeze + + PRINCIPAL_OPTS = [ 'Anonymous Logon' + 'Attested Key Property' + 'Authenticated Users' + 'Authentication Authority Asserted Identity' + 'Batch' + 'Console Logon' + 'Creator Group' + 'Creator Owner' + 'Dialup' + 'Digest Authentication' + 'Enterprise Domain Controllers' + 'Everyone' + 'Fresh Public Key Identity' + 'Interactive' + 'IUSR' + 'Key Trust' + 'Local Service' + 'LocalSystem' + 'MFA Key Property' + 'Network' + 'Network Service' + 'NTLM Authentication' + 'Other Organization' + 'Owner Rights' + 'Principal Self' + 'Proxy' + 'Remote Interactive Logon' + 'Restricted' + 'SChannel Authentication' + 'Service' + 'Service Asserted Identity' + 'Terminal Server User' + 'This Organization' + 'Window Manager\Window Manager Group' + ].freeze property :principal, String, description: "An optional property to add the user to the given privilege. Use only with add and remove action.", - name_property: true + name_property: true, + callbacks: { + "Principal property restricted to the following values: #{PRINCIPLE_OPTS}" => lambda { |n| (n - PRINCIPAL_OPTS).empty? }, + }, identity: true property :users, [Array, String], description: "An optional property to set the privilege for given users. Use only with set action.", |