Using win32 api to fetch the account with user rights. Used this method in set action to set the users for privileges and removed dsc_resource code

Signed-off-by: Vasu1105 <vasundhara.jagdale@msystechnologies.com>

2 files changed, 62 insertions, 19 deletions

diff --git a/spec/functional/resource/windows_user_privilege_spec.rb b/spec/functional/resource/windows_user_privilege_spec.rb
index cf1320e12a..fa134b4fe7 100644
--- a/spec/functional/resource/windows_user_privilege_spec.rb
+++ b/spec/functional/resource/windows_user_privilege_spec.rb
@@ -64,25 +64,6 @@ describe Chef::Resource::WindowsUserPrivilege, :windows_only do
   end
 
   describe "#set privilege" do
-    before(:all) {
-      powershell_exec("Uninstall-Module -Name cSecurityOptions") unless powershell_exec("(Get-Package -Name cSecurityOptions -WarningAction SilentlyContinue).name").result.empty?
-    }
-
-    let(:principal) { "user_privilege" }
-    let(:users) { %w{Administrators Administrator} }
-    let(:privilege) { %w{SeCreateSymbolicLinkPrivilege} }
-
-    it "raises error if cSecurityOptions is not installed." do
-      subject.action(:set)
-      expect { subject.run_action(:set) }.to raise_error(RuntimeError)
-    end
-  end
-
-  describe "#set privilege" do
-    before(:all) {
-      powershell_exec("Install-Module -Name cSecurityOptions -Force") if powershell_exec("(Get-Package -Name cSecurityOptions -WarningAction SilentlyContinue).name").result.empty?
-    }
-
     after { remove_user_privilege("Administrator", subject.privilege) }
 
     let(:principal) { "user_privilege" }
@@ -120,6 +101,47 @@ describe Chef::Resource::WindowsUserPrivilege, :windows_only do
     end
   end
 
+  describe "running with non admin user" do
+    include Chef::Mixin::UserContext
+
+    let(:user) { "security_user" }
+    let(:password) { "Security@123" }
+    let(:principal) { "user_privilege" }
+    let(:users) { ["Administrators", "#{domain}\\security_user"] }
+    let(:privilege) { %w{SeCreateSymbolicLinkPrivilege} }
+
+    let(:domain) do
+      ENV["COMPUTERNAME"]
+    end
+
+    before do
+      allow_any_instance_of(Chef::Mixin::UserContext).to receive(:node).and_return({ "platform_family" => "windows" })
+      add_user = Mixlib::ShellOut.new("net user #{user} #{password} /ADD")
+      add_user.run_command
+      add_user.error!
+    end
+
+    after do
+      remove_user_privilege("#{domain}\\#{user}", subject.privilege)
+      delete_user = Mixlib::ShellOut.new("net user #{user} /delete")
+      delete_user.run_command
+      delete_user.error!
+    end
+
+    it "sets user to privilege" do
+      subject.action(:set)
+      subject.run_action(:set)
+      expect(subject).to be_updated_by_last_action
+    end
+
+    it "is idempotent" do
+      subject.action(:set)
+      subject.run_action(:set)
+      subject.run_action(:set)
+      expect(subject).not_to be_updated_by_last_action
+    end
+  end
+
   def remove_user_privilege(user, privilege)
     subject.action(:remove)
     subject.principal = user
diff --git a/spec/functional/win32/security_spec.rb b/spec/functional/win32/security_spec.rb
index 3eb7bedd48..8caacffd2c 100644
--- a/spec/functional/win32/security_spec.rb
+++ b/spec/functional/win32/security_spec.rb
@@ -199,6 +199,27 @@ describe "Chef::Win32::Security", :windows_only do
     end
   end
 
+  describe ".get_account_with_user_rights" do
+    let(:username) { ENV["USERNAME"] }
+
+    context "when given a valid user right" do
+      it "gets all accounts associated with given user right" do
+        Chef::ReservedNames::Win32::Security.add_account_right(username, "SeBatchLogonRight")
+        expect(Chef::ReservedNames::Win32::Security.get_account_with_user_rights("SeBatchLogonRight").flatten).to include(username)
+        Chef::ReservedNames::Win32::Security.remove_account_right(username, "SeBatchLogonRight")
+        expect(Chef::ReservedNames::Win32::Security.get_account_with_user_rights("SeBatchLogonRight").flatten).not_to include(username)
+      end
+    end
+
+    context "when given an invalid user right" do
+      let(:user_right) { "SeTest" }
+
+      it "returns empty array" do
+        expect(Chef::ReservedNames::Win32::Security.get_account_with_user_rights(user_right)).to be_empty
+      end
+    end
+  end
+
   describe ".test_and_raise_lsa_nt_status" do
     # NTSTATUS code: 0xC0000001 / STATUS_UNSUCCESSFUL
     # Windows Error: ERROR_GEN_FAILURE / 31 / 0x1F / A device attached to the system is not functioning.