windows
windows copied to clipboard
Published
20 hours ago •
chef-boneyard
chef-boneyard
Resource "user_privilege" No Longer Supports Previous Implementation
I never adopted the native Chef user_privilege and continued to use this cookbook because I had a very simple implementation that worked with this cookbook's user_privilege resource but did not work with the Chef resource:
windows_user_privilege 'Administrators' do
privilege %w(SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege)
end
This very simple and straightforward implementation set these two privileges just fine with the user_privilege resource from this cookbook previously, until a recent change. Now this resource behaves the same as the Chef native one and produces an error like this:
================================================================================
Error executing action `add` on resource 'windows_user_privilege[Administrators]'
================================================================================
Chef::Exceptions::ValidationFailed
----------------------------------
Option privilege's value ["SeSecurityPrivilege", "SeBackupPrivilege", "SeRestorePrivilege", "SeSystemtimePrivilege", "SeShutdownPrivilege", "SeRemoteShutdownPrivilege", "SeTakeOwnershipPrivilege", "SeDebugPrivilege", "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeProfileSingleProcessPrivilege", "SeIncreaseBasePriorityPrivilege", "SeLoadDriverPrivilege", "SeCreatePagefilePrivilege", "SeIncreaseQuotaPrivilege", "SeUndockPrivilege", "SeManageVolumePrivilege", "SeImpersonatePrivilege", "SeCreateGlobalPrivilege", "SeTimeZonePrivilege", "SeCreateSymbolicLinkPrivilege", "SeChangeNotifyPrivilege", "SeDelegateSessionUserImpersonatePrivilege", "SeInteractiveLogonRight", "SeNetworkLogonRight", "SeBatchLogonRight", "SeRemoteInteractiveLogonRight"] Option privilege must include any of the: ["SeTrustedCredManAccessPrivilege", "SeNetworkLogonRight", "SeTcbPrivilege", "SeMachineAccountPrivilege", "SeIncreaseQuotaPrivilege", "SeInteractiveLogonRight", "SeRemoteInteractiveLogonRight", "SeBackupPrivilege", "SeChangeNotifyPrivilege", "SeSystemtimePrivilege", "SeTimeZonePrivilege", "SeCreatePagefilePrivilege", "SeCreateTokenPrivilege", "SeCreateGlobalPrivilege", "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeDebugPrivilege", "SeDenyNetworkLogonRight", "SeDenyBatchLogonRight", "SeDenyServiceLogonRight", "SeDenyInteractiveLogonRight", "SeDenyRemoteInteractiveLogonRight", "SeEnableDelegationPrivilege", "SeRemoteShutdownPrivilege", "SeAuditPrivilege", "SeImpersonatePrivilege", "SeIncreaseWorkingSetPrivilege", "SeIncreaseBasePriorityPrivilege", "SeLoadDriverPrivilege", "SeLockMemoryPrivilege", "SeBatchLogonRight", "SeServiceLogonRight", "SeSecurityPrivilege", "SeRelabelPrivilege", "SeSystemEnvironmentPrivilege", "SeManageVolumePrivilege", "SeProfileSingleProcessPrivilege", "SeSystemProfilePrivilege", "SeUndockPrivilege", "SeAssignPrimaryTokenPrivilege", "SeRestorePrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege", "SeTakeOwnershipPrivilege"]!
Resource Declaration:
---------------------
# In C:/Users/ADMINI~1/AppData/Local/Temp/kitchen/cache/cookbooks/enable_elevated_shell/recipes/enable_elevated_shell.rb
1: windows_user_privilege 'Administrators' do
2: privilege %w(SeAssignPrimaryTokenPrivilege SeIncreaseQuotaPrivilege)
3: end
4:
Compiled Resource:
------------------
# Declared in C:/Users/ADMINI~1/AppData/Local/Temp/kitchen/cache/cookbooks/env_common/recipes/enable_elevated_shell.rb:1:in `from_file'
windows_user_privilege("Administrators") do
action [:add]
default_guard_interpreter :default
declared_type :windows_user_privilege
cookbook_name "env_common"
recipe_name "enable_elevated_shell"
privilege ["SeAssignPrimaryTokenPrivilege", "SeIncreaseQuotaPrivilege"]
principal "Administrators"
end
System Info:
------------
chef_version=16.3.45
platform=windows
platform_version=10.0.17763
ruby=ruby 2.7.1p83 (2020-03-31 revision a0c7c23c9c) [x64-mingw32]
program_name=C:/opscode/chef/bin/chef-client
executable=C:/opscode/chef/bin/chef-client
What is the correct syntax to accomplish what I am doing here? I tried previously to get it right on the Chef native version and simply could not get it to work. This feels like a decent sized change to only bump the patch version!
@tas50 It seems you made the commits that have broken this for me. Please help!