Introducing windows_admin_check and config option to make it fatal.

author: sersut <serdar@opscode.com> 2013-01-14 16:21:17 -0800
committer: sersut <serdar@opscode.com> 2013-01-22 10:53:11 -0800
commit: 712a17926874f023955fae3f99e5b1f588f86614 (patch)
tree: 8bb21360589aff2b1435535d33e2de04806cb6a3
parent: 7c6e10eac92d8e638953a70dd41cfac77cb366cd (diff)
download: chef-712a17926874f023955fae3f99e5b1f588f86614.tar.gz
6 files changed, 46 insertions, 0 deletions
diff --git a/lib/chef/application/client.rb b/lib/chef/application/client.rb
index d4a269530d..ed65e0b8a6 100644
--- a/lib/chef/application/client.rb
+++ b/lib/chef/application/client.rb
@@ -197,6 +197,14 @@ class Chef::Application::Client < Chef::Application
     :description  => "Enable reporting data collection for chef runs",
     :boolean      => true
 
+  if Chef::Platform.windows?
+    option :fatal_windows_admin_check,
+      :short        => "-A",
+      :long         => "--fatal-windows-admin-check",
+      :description  => "Fail the run when chef-client doesn't have administrator privilages on Windows",
+      :boolean      => true
+  end
+
   attr_reader :chef_client_json
 
   def initialize
diff --git a/lib/chef/client.rb b/lib/chef/client.rb
index db7af934c3..fbae0ac3ee 100644
--- a/lib/chef/client.rb
+++ b/lib/chef/client.rb
@@ -443,6 +443,10 @@ class Chef
         Chef::Log.info("Starting Chef Run for #{node.name}")
         run_started
 
+        if Chef::Platform.windows?
+          do_windows_admin_check
+        end
+
         run_context = setup_run_context
 
         converge(run_context)
@@ -518,6 +522,23 @@ class Chef
       end
 
     end
+
+    def do_windows_admin_check
+      unless Chef::Config[:solo]
+        require 'chef/win32/security'
+
+        if !Chef::ReservedNames::Win32::Security.has_admin_rights?
+          message = "chef-client doesn't have administrator privilages on node #{node_name}."
+          if Chef::Config[:fatal_windows_admin_check]
+            Chef::Log.fatal(message)
+            Chef::Log.fatal("fatal_windows_admin_check is set to TRUE.")
+            raise Chef::Exceptions::WindowsNotAdmin, message
+          else
+            Chef::Log.warn("#{message} This might cause unexpected resource failures.")
+          end
+        end
+      end
+    end
   end
 end
 
diff --git a/lib/chef/config.rb b/lib/chef/config.rb
index 83b8a86819..ca912b65ab 100644
--- a/lib/chef/config.rb
+++ b/lib/chef/config.rb
@@ -334,6 +334,8 @@ class Chef
       principal_valid_regex_part = '[^"\/\\\\\[\]\:;|=,+*?<>]+'
       user_valid_regex [ /^(#{principal_valid_regex_part}\\)?#{principal_valid_regex_part}$/ ]
       group_valid_regex [ /^(#{principal_valid_regex_part}\\)?#{principal_valid_regex_part}$/ ]
+
+      fatal_windows_admin_check false
     else
       user_valid_regex [ /^([-a-zA-Z0-9_.]+)$/, /^\d+$/ ]
       group_valid_regex [ /^([-a-zA-Z0-9_.\\ ]+)$/, /^\d+$/ ]
diff --git a/lib/chef/exceptions.rb b/lib/chef/exceptions.rb
index 6644554897..c8654d7801 100644
--- a/lib/chef/exceptions.rb
+++ b/lib/chef/exceptions.rb
@@ -96,6 +96,7 @@ class Chef
     class Win32APIFunctionNotImplemented < NotImplementedError; end
     # Attempting to run windows code on a not-windows node
     class Win32NotWindows < RuntimeError; end
+    class WindowsNotAdmin < RuntimeError; end
     class ObsoleteDependencySyntax < ArgumentError; end
     class InvalidDataBagPath < ArgumentError; end
 
diff --git a/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb b/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb
index 813f755560..c31f51b02c 100644
--- a/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb
+++ b/lib/chef/formatters/error_inspectors/resource_failure_inspector.rb
@@ -50,6 +50,14 @@ class Chef
           if exception.respond_to?(:source_listing)
             error_description.section("Template Context:", "#{exception.source_location}\n#{exception.source_listing}")
           end
+
+          if !Chef::Config[:solo] && Chef::Platform.windows?
+            require 'chef/win32/security'
+
+            if !Chef::ReservedNames::Win32::Security.has_admin_rights?
+              error_description.section("Missing Windows Admin Privilages", "chef-client doesn't have administrator privilages. This can be a possible reason for the resource failure.")
+            end
+          end
         end
 
         def recipe_snippet
diff --git a/lib/chef/win32/security.rb b/lib/chef/win32/security.rb
index b7b14c5652..9d454a31f6 100644
--- a/lib/chef/win32/security.rb
+++ b/lib/chef/win32/security.rb
@@ -478,6 +478,12 @@ class Chef
           token.adjust_privileges(old_privileges)
         end
       end
+
+      # Checks if the caller has the admin privilages in their
+      # security token
+      def self.has_admin_rights?
+        false # DO THE ADMIN CHECK HERE
+      end
     end
   end
 end
author	sersut <serdar@opscode.com>	2013-01-14 16:21:17 -0800
committer	sersut <serdar@opscode.com>	2013-01-22 10:53:11 -0800
commit	712a17926874f023955fae3f99e5b1f588f86614 (patch)
tree	8bb21360589aff2b1435535d33e2de04806cb6a3
parent	7c6e10eac92d8e638953a70dd41cfac77cb366cd (diff)
download	chef-712a17926874f023955fae3f99e5b1f588f86614.tar.gz