diff options
| author | Davin Taddeo <davin@chef.io> | 2020-09-11 11:17:33 -0400 |
|---|---|---|
| committer | Tim Smith <tsmith84@gmail.com> | 2020-09-11 17:15:46 -0700 |
| commit | 0d75ac5bf0c02ff48f7fe253a3e5a1fc0ca04a0d (patch) | |
| tree | 669724cc105fa365168e8842b232ab6b7a4435cc | |
| parent | 77542e22f4283b5a7c72b7ed17995466ea8e4975 (diff) | |
| download | chef-0d75ac5bf0c02ff48f7fe253a3e5a1fc0ca04a0d.tar.gz | |
some modifications to make the allowed privilege list a little easier to sort through. And a chefstyle fix
Signed-off-by: Davin Taddeo <davin@chef.io>
| -rw-r--r-- | kitchen-tests/cookbooks/end_to_end/recipes/windows.rb | 2 | ||||
| -rw-r--r-- | lib/chef/resource/windows_user_privilege.rb | 92 |
2 files changed, 47 insertions, 47 deletions
diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb index 6ae873d166..6a60c1f305 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb @@ -39,7 +39,7 @@ windows_firewall_profile "Domain" do end windows_user_privilege "BUILTIN\\Administrators" do - privilege %w(SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege) + privilege %w{SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege} action :add end diff --git a/lib/chef/resource/windows_user_privilege.rb b/lib/chef/resource/windows_user_privilege.rb index cfe169b852..5a9dda0a4a 100644 --- a/lib/chef/resource/windows_user_privilege.rb +++ b/lib/chef/resource/windows_user_privilege.rb @@ -23,51 +23,51 @@ class Chef class WindowsUserPrivilege < Chef::Resource unified_mode true - privilege_opts = %w{SeTrustedCredManAccessPrivilege - SeNetworkLogonRight - SeTcbPrivilege - SeMachineAccountPrivilege - SeIncreaseQuotaPrivilege - SeInteractiveLogonRight - SeRemoteInteractiveLogonRight - SeBackupPrivilege - SeChangeNotifyPrivilege - SeSystemtimePrivilege - SeTimeZonePrivilege - SeCreatePagefilePrivilege - SeCreateTokenPrivilege - SeCreateGlobalPrivilege - SeCreatePermanentPrivilege - SeCreateSymbolicLinkPrivilege - SeDebugPrivilege - SeDenyNetworkLogonRight - SeDenyBatchLogonRight - SeDenyServiceLogonRight - SeDenyInteractiveLogonRight - SeDenyRemoteInteractiveLogonRight - SeEnableDelegationPrivilege - SeRemoteShutdownPrivilege - SeAuditPrivilege - SeImpersonatePrivilege - SeIncreaseWorkingSetPrivilege - SeIncreaseBasePriorityPrivilege - SeLoadDriverPrivilege - SeLockMemoryPrivilege - SeBatchLogonRight - SeServiceLogonRight - SeSecurityPrivilege - SeRelabelPrivilege - SeSystemEnvironmentPrivilege - SeManageVolumePrivilege - SeProfileSingleProcessPrivilege - SeSystemProfilePrivilege - SeUndockPrivilege - SeAssignPrimaryTokenPrivilege - SeRestorePrivilege - SeShutdownPrivilege - SeSyncAgentPrivilege - SeTakeOwnershipPrivilege - } + privilege_opts = %w{ SeAssignPrimaryTokenPrivilege + SeAuditPrivilege + SeBackupPrivilege + SeBatchLogonRight + SeChangeNotifyPrivilege + SeCreateGlobalPrivilege + SeCreatePagefilePrivilege + SeCreatePermanentPrivilege + SeCreateSymbolicLinkPrivilege + SeCreateTokenPrivilege + SeDebugPrivilege + SeDenyBatchLogonRight + SeDenyInteractiveLogonRight + SeDenyNetworkLogonRight + SeDenyRemoteInteractiveLogonRight + SeDenyServiceLogonRight + SeEnableDelegationPrivilege + SeImpersonatePrivilege + SeIncreaseBasePriorityPrivilege + SeIncreaseQuotaPrivilege + SeIncreaseWorkingSetPrivilege + SeInteractiveLogonRight + SeLoadDriverPrivilege + SeLockMemoryPrivilege + SeMachineAccountPrivilege + SeManageVolumePrivilege + SeNetworkLogonRight + SeProfileSingleProcessPrivilege + SeRelabelPrivilege + SeRemoteInteractiveLogonRight + SeRemoteShutdownPrivilege + SeRestorePrivilege + SeSecurityPrivilege + SeServiceLogonRight + SeShutdownPrivilege + SeSyncAgentPrivilege + SeSystemEnvironmentPrivilege + SeSystemProfilePrivilege + SeSystemtimePrivilege + SeTakeOwnershipPrivilege + SeTcbPrivilege + SeTimeZonePrivilege + SeTrustedCredManAccessPrivilege + SeUndockPrivilege + } provides :windows_user_privilege description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment" @@ -136,7 +136,7 @@ class Chef description: "Privilege to set for users.", required: true, coerce: proc { |v| v.is_a?(String) ? Array[v] : v }, - callbacks: { "Option privilege must include any of the: #{privilege_opts}" => proc { |v| (Array(v) - privilege_opts).empty? } } + callbacks: { "Option privilege must include any of the: #{privilege_opts}" => proc { |n| (Array(n) - privilege_opts).empty? } } load_current_value do |new_resource| if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove)) |