diff options
author | Davin Taddeo <davin@chef.io> | 2020-09-11 11:17:33 -0400 |
---|---|---|
committer | Davin Taddeo <davin@chef.io> | 2020-09-11 11:17:33 -0400 |
commit | 3c0c11fec278a8d3a4458b66ee0dddb5dc3e5786 (patch) | |
tree | beb87364251d3d4767b3f3ba2d6cbdc0520c4879 | |
parent | d547ad292989fce0655fe8be1846d9dd395ce04c (diff) | |
download | chef-3c0c11fec278a8d3a4458b66ee0dddb5dc3e5786.tar.gz |
some modifications to make the allowed privilege list a little easier to sort through. And a chefstyle fix
Signed-off-by: Davin Taddeo <davin@chef.io>
-rw-r--r-- | kitchen-tests/cookbooks/end_to_end/recipes/windows.rb | 2 | ||||
-rw-r--r-- | lib/chef/resource/windows_user_privilege.rb | 92 |
2 files changed, 47 insertions, 47 deletions
diff --git a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb index 6ae873d166..6a60c1f305 100644 --- a/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb +++ b/kitchen-tests/cookbooks/end_to_end/recipes/windows.rb @@ -39,7 +39,7 @@ windows_firewall_profile "Domain" do end windows_user_privilege "BUILTIN\\Administrators" do - privilege %w(SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege) + privilege %w{SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege} action :add end diff --git a/lib/chef/resource/windows_user_privilege.rb b/lib/chef/resource/windows_user_privilege.rb index cfe169b852..5a9dda0a4a 100644 --- a/lib/chef/resource/windows_user_privilege.rb +++ b/lib/chef/resource/windows_user_privilege.rb @@ -23,51 +23,51 @@ class Chef class WindowsUserPrivilege < Chef::Resource unified_mode true - privilege_opts = %w{SeTrustedCredManAccessPrivilege - SeNetworkLogonRight - SeTcbPrivilege - SeMachineAccountPrivilege - SeIncreaseQuotaPrivilege - SeInteractiveLogonRight - SeRemoteInteractiveLogonRight - SeBackupPrivilege - SeChangeNotifyPrivilege - SeSystemtimePrivilege - SeTimeZonePrivilege - SeCreatePagefilePrivilege - SeCreateTokenPrivilege - SeCreateGlobalPrivilege - SeCreatePermanentPrivilege - SeCreateSymbolicLinkPrivilege - SeDebugPrivilege - SeDenyNetworkLogonRight - SeDenyBatchLogonRight - SeDenyServiceLogonRight - SeDenyInteractiveLogonRight - SeDenyRemoteInteractiveLogonRight - SeEnableDelegationPrivilege - SeRemoteShutdownPrivilege - SeAuditPrivilege - SeImpersonatePrivilege - SeIncreaseWorkingSetPrivilege - SeIncreaseBasePriorityPrivilege - SeLoadDriverPrivilege - SeLockMemoryPrivilege - SeBatchLogonRight - SeServiceLogonRight - SeSecurityPrivilege - SeRelabelPrivilege - SeSystemEnvironmentPrivilege - SeManageVolumePrivilege - SeProfileSingleProcessPrivilege - SeSystemProfilePrivilege - SeUndockPrivilege - SeAssignPrimaryTokenPrivilege - SeRestorePrivilege - SeShutdownPrivilege - SeSyncAgentPrivilege - SeTakeOwnershipPrivilege - } + privilege_opts = %w{ SeAssignPrimaryTokenPrivilege + SeAuditPrivilege + SeBackupPrivilege + SeBatchLogonRight + SeChangeNotifyPrivilege + SeCreateGlobalPrivilege + SeCreatePagefilePrivilege + SeCreatePermanentPrivilege + SeCreateSymbolicLinkPrivilege + SeCreateTokenPrivilege + SeDebugPrivilege + SeDenyBatchLogonRight + SeDenyInteractiveLogonRight + SeDenyNetworkLogonRight + SeDenyRemoteInteractiveLogonRight + SeDenyServiceLogonRight + SeEnableDelegationPrivilege + SeImpersonatePrivilege + SeIncreaseBasePriorityPrivilege + SeIncreaseQuotaPrivilege + SeIncreaseWorkingSetPrivilege + SeInteractiveLogonRight + SeLoadDriverPrivilege + SeLockMemoryPrivilege + SeMachineAccountPrivilege + SeManageVolumePrivilege + SeNetworkLogonRight + SeProfileSingleProcessPrivilege + SeRelabelPrivilege + SeRemoteInteractiveLogonRight + SeRemoteShutdownPrivilege + SeRestorePrivilege + SeSecurityPrivilege + SeServiceLogonRight + SeShutdownPrivilege + SeSyncAgentPrivilege + SeSystemEnvironmentPrivilege + SeSystemProfilePrivilege + SeSystemtimePrivilege + SeTakeOwnershipPrivilege + SeTcbPrivilege + SeTimeZonePrivilege + SeTrustedCredManAccessPrivilege + SeUndockPrivilege + } provides :windows_user_privilege description "The windows_user_privilege resource allows to add and set principal (User/Group) to the specified privilege.\n Ref: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-rights-assignment" @@ -136,7 +136,7 @@ class Chef description: "Privilege to set for users.", required: true, coerce: proc { |v| v.is_a?(String) ? Array[v] : v }, - callbacks: { "Option privilege must include any of the: #{privilege_opts}" => proc { |v| (Array(v) - privilege_opts).empty? } } + callbacks: { "Option privilege must include any of the: #{privilege_opts}" => proc { |n| (Array(n) - privilege_opts).empty? } } load_current_value do |new_resource| if new_resource.principal && (new_resource.action.include?(:add) || new_resource.action.include?(:remove)) |