Merge pull request #8120 from chef/tasks

windows_task resource: allow non-system users without password for interactive tasks

2 files changed, 19 insertions, 10 deletions

diff --git a/lib/chef/provider/windows_task.rb b/lib/chef/provider/windows_task.rb
index 0d77d8c939..1d77c6867b 100644
--- a/lib/chef/provider/windows_task.rb
+++ b/lib/chef/provider/windows_task.rb
@@ -145,7 +145,7 @@ class Chef
               task.working_directory = new_resource.cwd if new_resource.cwd
               task.configure_settings(config_settings)
               task.configure_principals(principal_settings)
-              task.set_account_information(new_resource.user, new_resource.password)
+              task.set_account_information(new_resource.user, new_resource.password, new_resource.interactive_enabled)
               task.creator = new_resource.user
               task.description = new_resource.description unless new_resource.description.nil?
               task.activate(new_resource.task_name)
@@ -246,7 +246,7 @@ class Chef
 
         def update_task(task)
           converge_by("#{new_resource} task updated") do
-            task.set_account_information(new_resource.user, new_resource.password)
+            task.set_account_information(new_resource.user, new_resource.password, new_resource.interactive_enabled)
             task.application_name = new_resource.command if new_resource.command
             task.parameters = new_resource.command_arguments if new_resource.command_arguments
             task.working_directory = new_resource.cwd if new_resource.cwd
diff --git a/lib/chef/resource/windows_task.rb b/lib/chef/resource/windows_task.rb
index 5bd6d7e557..f664fc57be 100644
--- a/lib/chef/resource/windows_task.rb
+++ b/lib/chef/resource/windows_task.rb
@@ -143,7 +143,6 @@ class Chef
         validate_start_time(start_time, frequency)
         validate_start_day(start_day, frequency) if start_day
         validate_user_and_password(user, password)
-        validate_interactive_setting(interactive_enabled, password)
         validate_create_frequency_modifier(frequency, frequency_modifier) if frequency_modifier
         validate_create_day(day, frequency, frequency_modifier) if day
         validate_create_months(months, frequency) if months
@@ -226,20 +225,30 @@ class Chef
         end
       end
 
+      # System users will not require a password
+      # Other users will require a password if the task is non-interactive.
+      #
+      # @param [String] user
+      # @param [String] password
+      #
       def validate_user_and_password(user, password)
-        if password_required?(user) && password.nil?
-          raise ArgumentError, "Cannot specify a user other than the system users without specifying a password!. Valid passwordless users: '#{Chef::ReservedNames::Win32::Security::SID::SYSTEM_USER.join("', '")}'"
+        if non_system_user?(user)
+          if password.nil? && !interactive_enabled
+            raise ArgumentError, "Please provide a password or check if this task needs to be interactive! Valid passwordless users are: '#{Chef::ReservedNames::Win32::Security::SID::SYSTEM_USER.join("', '")}'"
+          end
+        else
+          unless password.nil?
+            raise ArgumentError, "Password is not required for system users."
+          end
         end
       end
 
+      # Password is not required for system user and required for non-system user.
       def password_required?(user)
-        return false if user.nil?
-        @password_required ||= !Chef::ReservedNames::Win32::Security::SID.system_user?(user)
+        @password_required ||= (!user.nil? && !Chef::ReservedNames::Win32::Security::SID.system_user?(user))
       end
 
-      def validate_interactive_setting(interactive_enabled, password)
-        raise ArgumentError, "Please provide the password when attempting to set interactive/non-interactive." if interactive_enabled && password.nil?
-      end
+      alias non_system_user? password_required?
 
       def validate_create_frequency_modifier(frequency, frequency_modifier)
         if ([:on_logon, :onstart, :on_idle, :none].include?(frequency)) && ( frequency_modifier != 1)