Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resource "user_privilege" No Longer Supports Previous Implementation #637

Open
jeremyciak opened this issue Sep 11, 2020 · 1 comment
Open

Resource "user_privilege" No Longer Supports Previous Implementation #637

jeremyciak opened this issue Sep 11, 2020 · 1 comment

Comments

@jeremyciak
Copy link

I never adopted the native Chef user_privilege and continued to use this cookbook because I had a very simple implementation that worked with this cookbook's user_privilege resource but did not work with the Chef resource:

windows_user_privilege 'Administrators' do
  privilege %w(SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege)
end

This very simple and straightforward implementation set these two privileges just fine with the user_privilege resource from this cookbook previously, until a recent change. Now this resource behaves the same as the Chef native one and produces an error like this:

================================================================================
Error executing action `add` on resource 'windows_user_privilege[Administrators]'
================================================================================

Chef::Exceptions::ValidationFailed
----------------------------------
Option privilege's value ["SeSecurityPrivilege", "SeBackupPrivilege", "SeRestorePrivilege", "SeSystemtimePrivilege", "SeShutdownPrivilege", "SeRemoteShutdownPrivilege", "SeTakeOwnershipPrivilege", "SeDebugPrivilege", "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeProfileSingleProcessPrivilege", "SeIncreaseBasePriorityPrivilege", "SeLoadDriverPrivilege", "SeCreatePagefilePrivilege", "SeIncreaseQuotaPrivilege", "SeUndockPrivilege", "SeManageVolumePrivilege", "SeImpersonatePrivilege", "SeCreateGlobalPrivilege", "SeTimeZonePrivilege", "SeCreateSymbolicLinkPrivilege", "SeChangeNotifyPrivilege", "SeDelegateSessionUserImpersonatePrivilege", "SeInteractiveLogonRight", "SeNetworkLogonRight", "SeBatchLogonRight", "SeRemoteInteractiveLogonRight"] Option privilege must include any of the: ["SeTrustedCredManAccessPrivilege", "SeNetworkLogonRight", "SeTcbPrivilege", "SeMachineAccountPrivilege", "SeIncreaseQuotaPrivilege", "SeInteractiveLogonRight", "SeRemoteInteractiveLogonRight", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeSystemtimePrivilege", "SeTimeZonePrivilege", "SeCreatePagefilePrivilege", "SeCreateTokenPrivilege", "SeCreateGlobalPrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeDebugPrivilege", "SeDenyNetworkLogonRight", "SeDenyBatchLogonRight", "SeDenyServiceLogonRight", "SeDenyInteractiveLogonRight", "SeDenyRemoteInteractiveLogonRight", "SeEnableDelegationPrivilege", "SeRemoteShutdownPrivilege", "SeAuditPrivilege", "SeImpersonatePrivilege", "SeIncreaseWorkingSetPrivilege", "SeIncreaseBasePriorityPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege", "SeBatchLogonRight", "SeServiceLogonRight", "SeSecurityPrivilege", "SeRelabelPrivilege", "SeSystemEnvironmentPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeSystemProfilePrivilege", "SeUndockPrivilege", "SeAssignPrimaryTokenPrivilege", "SeRestorePrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege", "SeTakeOwnershipPrivilege"]!

Resource Declaration:
---------------------
# In C:/Users/ADMINI~1/AppData/Local/Temp/kitchen/cache/cookbooks/enable_elevated_shell/recipes/enable_elevated_shell.rb

  1: windows_user_privilege 'Administrators' do
  2:   privilege %w(SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege)
  3: end
  4: 

Compiled Resource:
------------------
# Declared in C:/Users/ADMINI~1/AppData/Local/Temp/kitchen/cache/cookbooks/env_common/recipes/enable_elevated_shell.rb:1:in `from_file'

windows_user_privilege("Administrators") do
  action [:add]
  default_guard_interpreter :default
  declared_type :windows_user_privilege
  cookbook_name "env_common"
  recipe_name "enable_elevated_shell"
  privilege ["SeAssignPrimaryTokenPrivilege", "SeIncreaseQuotaPrivilege"]
  principal "Administrators"
end

System Info:
------------
chef_version=16.3.45
platform=windows
platform_version=10.0.17763
ruby=ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x64-mingw32]
program_name=C:/opscode/chef/bin/chef-client
executable=C:/opscode/chef/bin/chef-client

What is the correct syntax to accomplish what I am doing here? I tried previously to get it right on the Chef native version and simply could not get it to work. This feels like a decent sized change to only bump the patch version!
@jeremyciak
Copy link
Author

@tas50 It seems you made the commits that have broken this for me. Please help!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jeremyciak