diff options
| author | Tim Smith <tsmith@chef.io> | 2020-06-25 15:09:03 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-06-25 15:09:03 -0700 |
| commit | cff7ae5b3a6f8db295c09837c6fc19682709a04d (patch) | |
| tree | d3158046f04fd25a34baaa48e66ca67e4064fcda | |
| parent | c88699eded15687e474d6d9d2c67a908c0558578 (diff) | |
| parent | 4884bb4f639cfc02c06904b903852cbe90b59e62 (diff) | |
| download | chef-cff7ae5b3a6f8db295c09837c6fc19682709a04d.tar.gz | |
Merge pull request #10063 from chef-davin/windows_user_privilege
Update the windows_user_privilege resource to have a `:clear` action
| -rw-r--r-- | lib/chef/resource/windows_user_privilege.rb | 27 |
1 files changed, 25 insertions, 2 deletions
diff --git a/lib/chef/resource/windows_user_privilege.rb b/lib/chef/resource/windows_user_privilege.rb index aeff7ad468..c6d7a16346 100644 --- a/lib/chef/resource/windows_user_privilege.rb +++ b/lib/chef/resource/windows_user_privilege.rb @@ -112,6 +112,15 @@ class Chef action :remove end ``` + + **Clear all users from the SeDenyNetworkLogonRight Privilege**: + + ```ruby + windows_user_privilege 'Allow any user the Network Logon right' do + privilege 'SeDenyNetworkLogonRight' + action :clear + end + ``` DOC property :principal, String, @@ -132,8 +141,8 @@ class Chef } load_current_value do |new_resource| - unless new_resource.principal.nil? - privilege Chef::ReservedNames::Win32::Security.get_account_right(new_resource.principal) unless new_resource.action.include?(:set) + if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove)) + privilege Chef::ReservedNames::Win32::Security.get_account_right(new_resource.principal) end end @@ -180,6 +189,20 @@ class Chef end end + action :clear do + new_resource.privilege.each do |privilege| + accounts = Chef::ReservedNames::Win32::Security.get_account_with_user_rights(privilege) + + # comparing the existing accounts for privilege with users + # Removing only accounts which is not matching with users in new_resource + accounts.each do |account| + converge_by("removing user '#{account}' from privilege #{privilege}") do + Chef::ReservedNames::Win32::Security.remove_account_right(account, privilege) + end + end + end + end + action :remove do curr_res_privilege = current_resource.privilege missing_res_privileges = (new_resource.privilege - curr_res_privilege) |